yubikey-personalization-gui icon indicating copy to clipboard operation
yubikey-personalization-gui copied to clipboard

Published 20 hours ago verified publisher icon Yubico

Cannot disable configuration protection

Open minisu opened this issue 9 years ago • 4 comments

Steps to reproduce: Configure a YubiKey NEO to set a static password (or challenge-response) and disable protection.

Expected result: The static password would be set and the YubiKey would become unprotected.

Actual result: The static password is set but the device remains protected.

Access code: 00 00 00 00 00 00 Firmware version: 3.1.2 YubiKey Personalization GUI version: 3.1.16

Apparently, @jeanpaulgalea had similar issues.

minisu avatar Aug 24 '15 09:08 minisu

Same issue for me with the NEO, application version 3.1.23 and library 1.17.2. The firmware version of the device is 3.4.3.

I'd really like to see this solved since the only way to send the configuration for Yubico OTP to Yubico seems to be via the Quick configuration dialog which assumes an unprotected device.

EDIT: I just realized that the upload can be performed directly via the web interface as long as this issue won't be fixed.

afwlehmann avatar Oct 17 '15 06:10 afwlehmann

I can confirm this, but I think it is a GUI-issue on Linux. As far as I can tell disabling the access code means setting it to 0x000000000000. The GUI does that and when you use the CLI (ykpersonalize) you can actually program the key without specifying an explicit access key. However, when overwriting an existing configuration, the GUI somehow thinks that 0x0 is a valid access code and fails. A workaround is to use the advanced mode and select "Yubikey(s) protected - Keep it that way" or "Yubikey(s) protected - Disable protection" (both do exactly the same in that case) and leave the current access code at 0.

Unfortunately, the "Quick" tool is not that smart which makes it impossible to program a YubiKey that way.

This seems to be a Linux-only issue. On Windows the GUI works as expected and treats 0x0 as "no access key".

phoerious avatar Oct 23 '15 19:10 phoerious

On Ubuntu 14.04 with Yubikey Nano, firmware 3.3.7. Was attempting to program slot 2 HOTP and received the error, "YubiKey could not be configured. Perhaps protected with configuration protection access code?". Tried suggestion above by @phoerious, "protected, keep it that way" with current access code of all zeros and it worked and successfully configured slot 2.

ElijahLynn avatar Dec 28 '17 23:12 ElijahLynn

I just encountered this issue on Arch Linux with two YubiKey NEO, firmware 3.3.6 and 3.4.6, using YubiKey Personalization v1.19.0 and GUI v3.1.25.

The workaround suggested by @phoerious allowed me to program my keys.

Are there any plans to fix this issue, first reported 3 1/2 years ago?

lord-aerion avatar Feb 17 '19 18:02 lord-aerion