[{"data":1,"prerenderedAt":487},["ShallowReactive",2],{"i-heroicons:building-office-2":3,"i-heroicons:computer-desktop":8,"i-heroicons:cloud":10,"i-heroicons:server":12,"i-heroicons:folder":14,"i-heroicons:chart-bar":16,"i-heroicons:lock-closed":18,"i-heroicons:rectangle-stack":20,"i-heroicons:scale":22,"i-heroicons:key":24,"i-heroicons:finger-print":26,"i-heroicons:cpu-chip":28,"i-heroicons:document-text":30,"i-heroicons:shield-exclamation":32,"i-heroicons:shield-check":34,"blog-page-3-en":36},{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":7},0,24,false,"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M2.25 21h19.5m-18-18v18m10.5-18v18m6-13.5V21M6.75 6.75h.75m-.75 3h.75m-.75 3h.75m3-6h.75m-.75 3h.75m-.75 3h.75M6.75 21v-3.375c0-.621.504-1.125 1.125-1.125h2.25c.621 0 1.125.504 1.125 1.125V21M3 3h12m-.75 4.5H21m-3.75 3.75h.008v.008h-.008zm0 3h.008v.008h-.008zm0 3h.008v.008h-.008z\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":9},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M9 17.25v1.007a3 3 0 0 1-.879 2.122L7.5 21h9l-.621-.621A3 3 0 0 1 15 18.257V17.25m6-12V15a2.25 2.25 0 0 1-2.25 2.25H5.25A2.25 2.25 0 0 1 3 15V5.25m18 0A2.25 2.25 0 0 0 18.75 3H5.25A2.25 2.25 0 0 0 3 5.25m18 0V12a2.25 2.25 0 0 1-2.25 2.25H5.25A2.25 2.25 0 0 1 3 12V5.25\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":11},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M2.25 15a4.5 4.5 0 0 0 4.5 4.5H18a3.75 3.75 0 0 0 1.332-7.257a3 3 0 0 0-3.758-3.848a5.25 5.25 0 0 0-10.233 2.33A4.5 4.5 0 0 0 2.25 15\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":13},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M21.75 17.25v-.228a4.5 4.5 0 0 0-.12-1.03l-2.268-9.64a3.375 3.375 0 0 0-3.285-2.602H7.923a3.375 3.375 0 0 0-3.285 2.602l-2.268 9.64a4.5 4.5 0 0 0-.12 1.03v.228m19.5 0a3 3 0 0 1-3 3H5.25a3 3 0 0 1-3-3m19.5 0a3 3 0 0 0-3-3H5.25a3 3 0 0 0-3 3m16.5 0h.008v.008h-.008zm-3 0h.008v.008h-.008z\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":15},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M2.25 12.75V12A2.25 2.25 0 0 1 4.5 9.75h15A2.25 2.25 0 0 1 21.75 12v.75m-8.69-6.44l-2.12-2.12a1.5 1.5 0 0 0-1.061-.44H4.5A2.25 2.25 0 0 0 2.25 6v12a2.25 2.25 0 0 0 2.25 2.25h15A2.25 2.25 0 0 0 21.75 18V9a2.25 2.25 0 0 0-2.25-2.25h-5.379a1.5 1.5 0 0 1-1.06-.44\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":17},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M3 13.125C3 12.504 3.504 12 4.125 12h2.25c.621 0 1.125.504 1.125 1.125v6.75C7.5 20.496 6.996 21 6.375 21h-2.25A1.125 1.125 0 0 1 3 19.875zm6.75-4.5c0-.621.504-1.125 1.125-1.125h2.25c.621 0 1.125.504 1.125 1.125v11.25c0 .621-.504 1.125-1.125 1.125h-2.25a1.125 1.125 0 0 1-1.125-1.125zm6.75-4.5c0-.621.504-1.125 1.125-1.125h2.25C20.496 3 21 3.504 21 4.125v15.75c0 .621-.504 1.125-1.125 1.125h-2.25a1.125 1.125 0 0 1-1.125-1.125z\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":19},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M16.5 10.5V6.75a4.5 4.5 0 1 0-9 0v3.75m-.75 11.25h10.5a2.25 2.25 0 0 0 2.25-2.25v-6.75a2.25 2.25 0 0 0-2.25-2.25H6.75a2.25 2.25 0 0 0-2.25 2.25v6.75a2.25 2.25 0 0 0 2.25 2.25\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":21},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M6 6.878V6a2.25 2.25 0 0 1 2.25-2.25h7.5A2.25 2.25 0 0 1 18 6v.878m-12 0q.354-.126.75-.128h10.5q.396.002.75.128m-12 0A2.25 2.25 0 0 0 4.5 9v.878m13.5-3A2.25 2.25 0 0 1 19.5 9v.878m0 0a2.3 2.3 0 0 0-.75-.128H5.25q-.396.002-.75.128m15 0A2.25 2.25 0 0 1 21 12v6a2.25 2.25 0 0 1-2.25 2.25H5.25A2.25 2.25 0 0 1 3 18v-6c0-.98.626-1.813 1.5-2.122\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":23},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M12 3v17.25m0 0c-1.472 0-2.882.265-4.185.75M12 20.25c1.472 0 2.882.265 4.185.75M18.75 4.97A48 48 0 0 0 12 4.5c-2.291 0-4.545.16-6.75.47m13.5 0q1.515.215 3 .52m-3-.52l2.62 10.726c.122.499-.106 1.028-.589 1.202a6 6 0 0 1-2.031.352a6 6 0 0 1-2.031-.352c-.483-.174-.711-.703-.59-1.202zm-16.5.52q1.485-.305 3-.52m0 0l2.62 10.726c.122.499-.106 1.028-.589 1.202a6 6 0 0 1-2.031.352a6 6 0 0 1-2.031-.352c-.483-.174-.711-.703-.59-1.202z\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":25},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M15.75 5.25a3 3 0 0 1 3 3m3 0a6 6 0 0 1-7.029 5.912c-.563-.097-1.159.026-1.563.43L10.5 17.25H8.25v2.25H6v2.25H2.25v-2.818c0-.597.237-1.17.659-1.591l6.499-6.499c.404-.404.527-1 .43-1.563A6 6 0 1 1 21.75 8.25\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":27},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M7.864 4.243A7.5 7.5 0 0 1 19.5 10.5c0 2.92-.556 5.709-1.568 8.269M5.742 6.364A7.47 7.47 0 0 0 4.5 10.5a7.46 7.46 0 0 1-1.15 3.993m1.989 3.559A11.2 11.2 0 0 0 8.25 10.5a3.75 3.75 0 1 1 7.5 0q0 .79-.064 1.565M12 10.5a14.94 14.94 0 0 1-3.6 9.75m6.633-4.596a18.7 18.7 0 0 1-2.485 5.33\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":29},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M8.25 3v1.5M4.5 8.25H3m18 0h-1.5M4.5 12H3m18 0h-1.5m-15 3.75H3m18 0h-1.5M8.25 19.5V21M12 3v1.5m0 15V21m3.75-18v1.5m0 15V21m-9-1.5h10.5a2.25 2.25 0 0 0 2.25-2.25V6.75a2.25 2.25 0 0 0-2.25-2.25H6.75A2.25 2.25 0 0 0 4.5 6.75v10.5a2.25 2.25 0 0 0 2.25 2.25m.75-12h9v9h-9z\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":31},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M19.5 14.25v-2.625a3.375 3.375 0 0 0-3.375-3.375h-1.5A1.125 1.125 0 0 1 13.5 7.125v-1.5a3.375 3.375 0 0 0-3.375-3.375H8.25m0 12.75h7.5m-7.5 3H12M10.5 2.25H5.625c-.621 0-1.125.504-1.125 1.125v17.25c0 .621.504 1.125 1.125 1.125h12.75c.621 0 1.125-.504 1.125-1.125V11.25a9 9 0 0 0-9-9\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":33},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M12 9v3.75m0-10.036A11.96 11.96 0 0 1 3.598 6A12 12 0 0 0 3 9.75c0 5.592 3.824 10.29 9 11.622c5.176-1.332 9-6.03 9-11.622c0-1.31-.21-2.57-.598-3.75h-.152c-3.196 0-6.1-1.25-8.25-3.286m0 13.036h.008v.008H12z\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":35},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M9 12.75L11.25 15L15 9.75m-3-7.036A11.96 11.96 0 0 1 3.598 6A12 12 0 0 0 3 9.749c0 5.592 3.824 10.29 9 11.623c5.176-1.332 9-6.03 9-11.622c0-1.31-.21-2.571-.598-3.751h-.152c-3.196 0-6.1-1.248-8.25-3.285\"\u002F>",{"data":37,"meta":483},[38,101,138,167,206,258,312,365,408,461],{"id":39,"documentId":40,"title":41,"content":42,"slug":43,"published":44,"createdAt":45,"updatedAt":45,"publishedAt":46,"locale":47,"authorManual":48,"cover":49,"tags":100},63,"papgbdmf1vsz1kr3ramc2203","Managing SSH Private Keys for Windows with YubiKey","\u003Cp>SSH private keys are usually managed by storing them on PCs and using them for server connections. However, suppose one store their SSH private key in YubiKey and inserts this YubiKey into their PC when connecting to the SSH. In that case, the need for storing private keys in various PCs is eliminated, especially since the private key is stored safely on the YubiKey device.\u003C\u002Fp>\n\u003Cp>This article will delve deeper into this process, explaining how to store an existing private key on the YubiKey and make an SSH connection.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Environment\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>・OS： Windows 10 ver1809\u003C\u002Fp>\n\u003Cp>・YubiKey 4 (YubiKey 4 or 5 series is available)\u003C\u002Fp>\n\u003Cp>・Yubico PIV Manager\u003C\u002Fp>\n\u003Cp>・Putty CAC 0.71\u003C\u002Fp>\n\u003Cp>・CentOS 7\n　　The key is generated with RSA 2048bit, and SSH public key authentication is set up.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Disclaimer\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>We are not responsible for any problems that may occur due to the use of the listed information.\u003C\u002Fp>\n\u003Cp>By overwriting the credentials of YubiKey, the credentials currently used may be deleted and may no longer be able to be used.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Key Conversion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>※Please skip this section if the PEM format is already being used.\u003C\u002Fp>\n\u003Cp>First, convert the existing private key to PEM format.\u003C\u002Fp>\n\u003Cp>If a key is generated using OpenSSH 7.8 or later with ssh-keygen, it is likely to be developed in a proprietary format, so convert it to PEM format. \u003Ca href=\"https:\u002F\u002Fwww.openssh.com\u002Freleasenotes.html\">※OpenSSH: Release Notes\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Enter the following command to convert the key to PEM format.\u003C\u002Fp>\n\u003Cp>※This command overwrites the existing private key, so please make a backup before executing it.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>ssh-keygen -p -f id_rsa -m pem\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This generates a public key from the converted private key.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>openssl rsa -in id_rsa -pubout &gt; id_rsa_pub.pem\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Configuration of YubiKey 4\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Now, configure the YubiKey to store the private key. \u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fservices-software\u002Fdownload\u002Fsmart-card-drivers-tools\u002F\">Download\u003C\u002Fa> YubiKey PIV Manager and Yubico PIV Tool used for configuration.\u003C\u002Fp>\n\u003Cp>※The complete set of tools can be installed in the Windows environment using Scoop.\u003C\u002Fp>\n\u003Cp>Please refer to the summary of Tools for Developers - What is YubiKey (Part 3).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Unzip yubico-piv-tool-1.6.2-win64.zip and deploy it directly under the C drive.\u003C\u002Fp>\n\u003Cp>Then, pass the path to C:¥yubico-piv-tool-1.6.2-win64¥bin.\u003C\u002Fp>\n\u003Cp>Next, run yubikey-piv-manager-1.4.2g-win.exe and install.\u003C\u002Fp>\n\u003Cp>The application will start automatically after installation—plug in the YubiKey.\u003C\u002Fp>\n\u003Cp>Set the PIN code.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_2_3713db4ece.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Use PIN Code to Access YubiKey&#39;s Credential Information\u003C\u002Fp>\n\u003Cp>Next, select &quot;Use a separate key.&quot;\u003C\u002Fp>\n\u003Cp>※If nothing is displayed, press the &quot;Randomize&quot; button to generate it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_3_abed7bc0f2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>All PIV management operations in YubiKey require a 24-byte 3DES key called a Management Key.\u003C\u002Fp>\n\u003Cp>**※**The Management Key is for later use, so please copy and paste it into an editor.\u003C\u002Fp>\n\u003Cp>Finally, set up the PUK.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_4_e192b79487.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>PUK is a code used to reset the PIN when the PIN has been locked.\u003C\u002Fp>\n\u003Cp>This concludes the YubiKey PIV Manager operation.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Storing a Private Key in YubiKey\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>YubiKey has four certificate storage areas.\u003C\u002Fp>\n\u003Cp>・9a — PIV Authentication\u003C\u002Fp>\n\u003Cp>・9c — Digital Signature\u003C\u002Fp>\n\u003Cp>・9d — Key Management\u003C\u002Fp>\n\u003Cp>・9e — Card Authentication\u003C\u002Fp>\n\u003Cp>This example will use the &quot;9a&quot; slot.\u003C\u002Fp>\n\u003Cp>From here, the CUI tool will be used.\u003C\u002Fp>\n\u003Cp>Execute the following command at the command prompt to store the private key in the 9a slot.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>yubico-piv-tool -a import-key -s 9a -i id_rsa -K PEM -k(management key)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>※Please enter the management key without a space after &quot;-k.&quot;\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Storing a Self-Signed Certificate for the Public Key\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Self-sign the public key that is the counterpart of the SSH private key to create a self-signed certificate and store it inside YubiKey.\u003C\u002Fp>\n\u003Cp>First, create a self-signed certificate.\u003C\u002Fp>\n\u003Cp>※Please execute the following command with the private key stored in slot 9a.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>yubico-piv-tool -a verify-pin -a selfsign-certificate -s 9a -S &quot;\u002FCN=host.example.com\u002FOU=test\u002FO=example.com\u002F&quot; -i id_rsa_pub.pem -o 9a-cert.pem --valid-days=(number of days)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This operation requires the entry of a PIN code.\u003C\u002Fp>\n\u003Cp>-S: x.509 is the certificate description. The name written on the CN will be displayed on the OS certificate selection screen.\u003C\u002Fp>\n\u003Cp>–Valid-days: Represents the expiration date of the certificate, which is set to 365 days by default if not specified.\u003C\u002Fp>\n\u003Cp>Next, this certificate is stored in YubiKey.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>yubico-piv-tool -a import-certificate -s 9a -i 9a-cert.pem -K PEM -k(Management Key)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Check the settings.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>yubico-piv-tool -a status\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_5_cbd4a95304.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Make sure it is stored in the 9a slot.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>SSH Connection Using YubiKey\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The SSH connection is set using Putty-CAC, which can be downloaded \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FNoMoreFood\u002Fputty-cac\u002Freleases\">here.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>※In this article, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FNoMoreFood\u002Fputty-cac\u002Fraw\u002F0.71\u002Fbinaries\u002Fputtycac-64bit-0.71-installer.msi\">puttycac-64bit-0.71-installer.msi\u003C\u002Fa> is installed.\u003C\u002Fp>\n\u003Cp>Now, set up an SSH connection using YubiKey.\u003C\u002Fp>\n\u003Cp>Insert the YubiKey into the USB port and start Putty.\u003C\u002Fp>\n\u003Cp>Go to Category &gt; Connection &gt; SSH &gt; Certificate to configure the certificate settings.\u003C\u002Fp>\n\u003Cp>Check &quot;Attempt certificate authentication&quot; and press &quot;Set CAPI Cert...&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_6_de54619773.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the certificate selection screen appears, select the certificate which was just created.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_7_b4d8062042.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The connection setup is now complete.\u003C\u002Fp>\n\u003Cp>Now, try SSH connection using YubiKey right away.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_8_c8f1fc0649.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After entering the user name, one will be asked for a PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_9_46930e1dcb.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter the PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_10_3491b002a1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>While logging in is possible through this method, it can be optimized to bypass the certificate selection every time a connection is made by setting up Putty Pageant.\u003C\u002Fp>\n\u003Cp>Putty Pageant is included in the Putty installer. If installed with default settings, it can be found in pageant.exe in &quot;C:＼Program Files\\PuTTY.&quot;\u003C\u002Fp>\n\u003Cp>Run pageant.exe.\u003C\u002Fp>\n\u003Cp>After execution, the Pageant will appear in the taskbar.\u003C\u002Fp>\n\u003Cp>Right-click pageant and select &quot;Add CAPI Cert.&quot;\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_11_d9f82cd1f8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Add a certificate.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_7_b4d8062042.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once configured, one can connect without selecting a certificate the next time they access the site.\u003C\u002Fp>\n\u003Cp>If a connection point is registered with Putty, one can log in by going to Saved Sessions &gt; Select a connection point &gt; Enter account &gt; Enter PIN.\u003C\u002Fp>\n\u003Cp>Tera Term can also be used by setting up pageant.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This article introduced setting SSH connections using YubiKey to allow users to perform operations without storing their private keys in multiple terminals. The following article will cover a similar process for the macOS.\u003C\u002Fp>\n","manage-ssh-private-keys-windows-yubikey","2019-03-06","2026-04-28T06:44:46.605Z","2026-04-28T06:44:49.150Z","en","YubiOn",{"id":50,"documentId":51,"name":52,"alternativeText":53,"caption":53,"focalPoint":53,"width":54,"height":55,"formats":56,"hash":95,"ext":58,"mime":62,"size":96,"url":97,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":99,"updatedAt":99,"publishedAt":99},607,"trit34rqa0c3ngt8s3zwhmru","blog-manage-ssh-private-keys-windows-yubikey-1.png",null,1478,618,{"large":57,"small":68,"medium":77,"thumbnail":86},{"ext":58,"url":59,"etag":60,"hash":61,"mime":62,"name":63,"path":53,"size":64,"width":65,"height":66,"sizeInBytes":67},".png","https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f.png","ed8955ccf9dc43f0cecb6439a5ba10ee","large_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f","image\u002Fpng","large_blog-manage-ssh-private-keys-windows-yubikey-1.png",123.81,1000,418,123805,{"ext":58,"url":69,"etag":70,"hash":71,"mime":62,"name":72,"path":53,"size":73,"width":74,"height":75,"sizeInBytes":76},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f.png","2c15f24ad7bf72bc23da0907ecdb48fa","small_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f","small_blog-manage-ssh-private-keys-windows-yubikey-1.png",45.33,500,209,45328,{"ext":58,"url":78,"etag":79,"hash":80,"mime":62,"name":81,"path":53,"size":82,"width":83,"height":84,"sizeInBytes":85},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f.png","23c6da4b1d68d6263c7df50f57d7a7f1","medium_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f","medium_blog-manage-ssh-private-keys-windows-yubikey-1.png",81.79,750,314,81786,{"ext":58,"url":87,"etag":88,"hash":89,"mime":62,"name":90,"path":53,"size":91,"width":92,"height":93,"sizeInBytes":94},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f.png","95aafff850dce44279a7fcc1a18a6a18","thumbnail_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f","thumbnail_blog-manage-ssh-private-keys-windows-yubikey-1.png",14.36,245,102,14356,"blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f",31.53,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f.png","aws-s3","2026-04-28T06:44:03.930Z",[],{"id":102,"documentId":103,"title":104,"content":105,"slug":106,"published":107,"createdAt":108,"updatedAt":108,"publishedAt":109,"locale":47,"authorManual":48,"cover":110,"tags":137},123,"noqsfeko8amlpe8dmduxm67k","YubiKey Tools for Developers - What is YubiKey? (Part 3)","\u003Cp>As mentioned in \u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-5-%E3%81%AE%E6%A9%9F%E8%83%BD%E3%80%90yubikey%E3%81%A8%E3%81%AF-part2%E3%80%91\">previous articles,\u003C\u002Fa> Yubico has developed various tools to customize the vast range of functions YubiKey offers. This article will introduce these tools from a developer&#39;s standpoint.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Table of Contents for this Series\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-%E3%81%AE%E7%A8%AE%E9%A1%9E%E3%80%90yubikey%E3%81%A8%E3%81%AF-part1%E3%80%91\">Types of YubiKeys\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-5-%E3%81%AE%E6%A9%9F%E8%83%BD%E3%80%90yubikey%E3%81%A8%E3%81%AF-part2%E3%80%91\">YubiKey 5 Features\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>・Tools for Developers (this article)\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Contents of this Article\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cul>\n\u003Cli>YubiKey Manager\u003C\u002Fli>\n\u003Cli>YubiKey Personalization Tool\u003C\u002Fli>\n\u003Cli>YubiKey PIV Manager\u003C\u002Fli>\n\u003Cli>Yubico Authenticator\u003C\u002Fli>\n\u003Cli>CLI Tool Writers\u003C\u002Fli>\n\u003Cli>Additional Information\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Review\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The previous articles introduced the two major types of YubiKeys - Security Key by Yubico and the YubiKey 5 series.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_1_e52299c7a2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Security Key by Yubico supports only the FIDO protocol; therefore, only the YubiKey Manager tool is available.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>YubiKey Manager\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_2_981fe8f4ca.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>YubiKey Manager&#39;s Startup Screen\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fservices-software\u002Fdownload\u002Fyubikey-manager\u002F\">YubiKey Manager\u003C\u002Fa> is a Python tool to configure various settings for YubiKey.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Configure Security Key by Yubico\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>By inserting the Security Key by Yubico (the one with the &quot;2&quot; stamped), one can set the PIN and reset the key from the Applications tab.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_3_48724c282a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Set up Security Key by Yubico in YubiKey Manager\u003C\u002Fp>\n\u003Cp>However, if the key is reset, all credentials registered thus far will be deleted.\u003C\u002Fp>\n\u003Cp>※ If an older product that can only be used with U2F is inserted, no settings will be able to be made.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_4_6150186720.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Cannot be Used with Older Products that Only Support U2F\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Configure YubiKey 5 settings\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>When YubiKey 5 is inserted, in addition to the above settings related to the FIDO protocol, Interface settings and settings for each slot can also be configured.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_5_1d0fcd88a2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Inserting YubiKey 5C Nano\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Interface Settings\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>The Interface setting determines which functions of YubiKey are enabled. For example, one may want to use YubiKey 5&#39;s FIDO and PIV functions, but not OTP, so they may want to temporarily disable it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_6_7cd1f7e545.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Interface Settings\u003C\u002Fp>\n\u003Cp>Also, these settings can be easily enabled or disabled so users can change them as needed.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Slot Settings\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Slot setting switches the OTP function of YubiKey. This setting can be used while registering OTPs with unique secrets to a service such as okta, such as while setting up an OTP authentication server or an OATH-HOTP other than Yubico OTP.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_7_fd0cc85404.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>OTP Slot 1, 2 Settings\u003C\u002Fp>\n\u003Cp>This article will not thoroughly explain this tool as it is not used in everyday practice.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>YubiKey Personalization Tool\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fservices-software\u002Fdownload\u002Fyubikey-personalization-tools\u002F\">YubiKey Personalization Tool\u003C\u002Fa> is a tool that allows one to configure the YubiKey Manager&#39;s slot settings more precisely.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_8_9607a904b3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>YubiKey Personalization Tool&#39;s Startup Screen\u003C\u002Fp>\n\u003Cp>This tool allows the configuration of detailed settings related to YubiKey&#39;s OTP output.\u003C\u002Fp>\n\u003Cp>Specifically, as with YubiKey Manager, one can configure Yubico OTP\u002FOATH-HOTP\u002FStatic Password\u002FChallenge-Response, etc., for two slots (Slot1 and 2) of YubiKey. In addition, there are also options to\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set YubiKey Neo&#39;s NDEF function.\u003C\u002Fli>\n\u003Cli>Configure tap behavior on metal parts.\u003C\u002Fli>\n\u003Cli>Insert tab and Enter key before and after OTP input.\u003C\u002Fli>\n\u003Cli>Configure YubiKey&#39;s LEDs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>and so on.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_9_847eef2a11.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>YubiKey Personalization Tool Option Settings Screen\u003C\u002Fp>\n\u003Cp>Another significant difference in the YubiKey Manager is the ability to configure multiple YubiKeys in sequence, which is useful for integrations where OTP must be configured for many YubiKeys.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>YubiKey PIV Manager\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fservices-software\u002Fdownload\u002Fsmart-card-drivers-tools\u002F\">PIV Manager\u003C\u002Fa> is used for setting up the PIN, PUK, and Management Key, importing certificates, creating self-issued certificates, and requesting certificates to be issued to CSRs for the YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_10_ff68909d95.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>PIV Manager Startup Screen\u003C\u002Fp>\n\u003Cp>This tool is safe to use in Linux and Mac environments. Still, please be careful while using it via Windows CNG in a Windows environment, as by changing the Management Key in this tool, one will not be able to write certificates via CNG.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Yubico Authenticator\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_11_d789efa757.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Yubico Authenticator (Android Version)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fservices-software\u002Fdownload\u002Fyubico-authenticator\u002F\">Yubico Authenticator\u003C\u002Fa> is an application that can register and display TOTP, similar to Google Authenticator. The TOTP seed (secret information that generates the OTP) is usually stored in the device that displays the TOTP, but with the Yubico Authenticator application, the seed is stored in the YubiKey, allowing the TOTP to be displayed on multiple devices.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_12_8855f92481.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Yubico Authenticator(Windows Version)\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>CLI Tools\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Previously GUI tools were introduced, but now, this article will introduce CLI tools instead.\u003C\u002Fp>\n\u003Cp>These CLI tools were previously required to be introduced one by one. However, they can now be integrated directly into the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FYubico\u002Fyubikey-manager\">YubiKey Manager\u003C\u002Fa>, and more developments are actively being made.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>How to Install\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>On Windows, pass through the bundled \u003Ca href=\"https:\u002F\u002Fdevelopers.yubico.com\u002Fyubikey-manager-qt\u002F\">YubiKey Manager GUI\u003C\u002Fa>; on Mac, use &quot;brew install ykman&quot; or &quot;pip install ykman&quot; via pip to install.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>How to use\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>The ykman command can be used to automate integration and change parameters that the GUI tools cannot change.\u003C\u002Fp>\n\u003Cp>For example, one can efficiently change the mode and\u003C\u002Fp>\n\u003Cpre>\u003Ccode># FIDO + CCID Mode Change\n$ ykman mode -f f+c\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Parameters that cannot be changed in the GUI, such as changing the number of PIN and PUK attempts in PIV mode, can also be changed.\u003C\u002Fp>\n\u003Cpre>\u003Ccode># PIN (Change Number of Trials)\n$ ykman ykman piv set-pin-retries -P 123456 10 5\nWARNING: This will reset the PIN and PUK to the factory defaults!\nSet PIN and PUK retry counters to: 10 5? [y\u002FN]: y\nDefault PINs are set.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>For more information, please read the 、\u003Ca href=\"https:\u002F\u002Fsupport.yubico.com\u002Fsupport\u002Fsolutions\u002Farticles\u002F15000012643-yubikey-manager-cli-ykman-user-manual\">YubiKey Manager CLI (ykman) User Manual : Yubico Support\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Additional Information\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Here, \u003Ca href=\"https:\u002F\u002Fscoop.sh\u002F\">scoop\u003C\u002Fa> is used to install YubiKey tools in the Windows environment. However, users can also download the basic set of tools from here in one shot.\u003C\u002Fp>\n\u003Cpre>\u003Ccode># adding extra buckets\n$ scoop bucket add extras\n\n# YubiKey search for related tools\n$ scoop search yubi\n\n&#39;main&#39; bucket:\n    yubico-piv-tool (1.6.2)\n    yubikey-personalization (1.19.0)\n\n&#39;extras&#39; bucket:\n    yubikey-manager-qt (0.5.2)\n    yubikey-personalization-gui (3.1.25)\n    yubikey-piv-manager (1.4.2)\n\n# yubikey manager qt installation\n$ scoop install yubikey-manager-qt\n\n# ykman.exe passing the path\n$ ykman --help\nUsage: ykman.exe [OPTIONS] COMMAND [ARGS]...\n\n  Configure your YubiKey via the command line.\n\nOptions:\n  -v, --version\n  -d, --device SERIAL\n  -l, --log-level [DEBUG|INFO|WARNING|ERROR|CRITICAL]\n                                  Enable logging at given verbosity level\n  --log-file FILE                 Write logs to the given FILE instead of standard error; ignored unless\n                                  --log-level is also set\n  -h, --help                      Show this message and exit.\n\nCommands:\n  config   Enable\u002FDisable applications.\n  fido     Manage FIDO applications.\n  info     Show general information.\n  list     List connected YubiKeys.\n  mode     Manage connection modes (USB Interfaces).\n  oath     Manage OATH application.\n  openpgp  Manage OpenPGP application.\n  otp      Manage OTP Application.\n  piv      Manage PIV application.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This article introduced various tools to write or change YubiKey credentials. However, as overwriting YubiKey credentials may erase the current ones and make them impossible to restore, please do so cautiously.\u003C\u002Fp>\n\u003Cp>Please contact us through the \u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fforms\u002Fd\u002Fe\u002F1FAIpQLSf3tHHWZS0ju2iTq5_lDMD7qb9XQ-uiUJyLkP660lcAwjvuDw\u002Fviewform\">Contact page\u003C\u002Fa> for more information or support regarding YubiKey.\u003C\u002Fp>\n","yubikey-tools-for-developers","2018-12-18","2026-04-28T07:31:03.389Z","2026-04-28T07:31:05.921Z",{"id":111,"documentId":112,"name":113,"alternativeText":53,"caption":53,"focalPoint":53,"width":114,"height":115,"formats":116,"hash":133,"ext":58,"mime":62,"size":134,"url":135,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":136,"updatedAt":136,"publishedAt":136},1033,"hexuw2h9a7x0l1xk3zz0szfv","blog-yubikey-tools-for-developers-1.png",677,244,{"small":117,"thumbnail":125},{"ext":58,"url":118,"etag":119,"hash":120,"mime":62,"name":121,"path":53,"size":122,"width":74,"height":123,"sizeInBytes":124},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_yubikey_tools_for_developers_1_e52299c7a2.png","62acc2e96d8e09bcc063c3f0e03424ea","small_blog_yubikey_tools_for_developers_1_e52299c7a2","small_blog-yubikey-tools-for-developers-1.png",73.75,180,73749,{"ext":58,"url":126,"etag":127,"hash":128,"mime":62,"name":129,"path":53,"size":130,"width":92,"height":131,"sizeInBytes":132},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubikey_tools_for_developers_1_e52299c7a2.png","1d1c9965aca0fe30af9c971466bb1dca","thumbnail_blog_yubikey_tools_for_developers_1_e52299c7a2","thumbnail_blog-yubikey-tools-for-developers-1.png",21.61,88,21612,"blog_yubikey_tools_for_developers_1_e52299c7a2",37.23,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_1_e52299c7a2.png","2026-04-28T07:30:16.468Z",[],{"id":139,"documentId":140,"title":141,"content":142,"slug":143,"published":144,"createdAt":145,"updatedAt":145,"publishedAt":146,"locale":47,"authorManual":48,"cover":147,"tags":166},119,"cvewgfzofhoklvxm62s5xwd4","YubiKey 5 Features - What is YubiKey? (Part 2)","\u003Cp>This article will cover the basic features of YubiKey 5 and how it differs from Security Key by Yubico.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Table of Contents for this Series\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-%E3%81%AE%E7%A8%AE%E9%A1%9E%E3%80%90yubikey%E3%81%A8%E3%81%AF-part1%E3%80%91\">Types of YubiKeys\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>・YubiKey 5 Features (this article)\u003Cstrong>）\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-%E3%81%AE%E9%96%8B%E7%99%BA%E8%80%85%E5%90%91%E3%81%91%E3%83%84%E3%83%BC%E3%83%AB%E3%80%90yubikey%E3%81%A8%E3%81%AF-part3%E3%80%91\">Tools for Developers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Features of YubiKey 5\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The previous article mentioned two significant types of YubiKeys: the Security Key and YubiKey 5.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_features_vs_security_key_1_cd6fd2ea16.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_features_vs_security_key_2_a0ba7a2b6c.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Also, we have received numerous inquiries regarding whether to purchase a Security Key or a YubiKey 5.\u003C\u002Fp>\n\u003Cp>The answer to the question depends on what features one is looking for in a security device. For example, for FIDO authentication, the Security Key is recommended, whereas, for other functions, the YubiKey 5 series is better.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Services available with Security Key\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Services that can be authenticated with the FIDO protocol include.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>FIDO U2F\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Faccounts\u002Fanswer\u002F6103523?co=GENIE.Platform%3DAndroid&hl=ja\">Google 2\u003C\u002Fa>-factor Authentication\u003C\u002Fp>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fhelp\u002F401566786855239\">Facebook 2\u003C\u002Fa>-factor Authentication\u003C\u002Fp>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fwww.dropbox.com\u002Fja\u002Fhelp\u002Fsecurity\u002Fenable-two-step-verification#securitykey\">Dropbox\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fhelp.twitter.com\u002Fja\u002Fmanaging-your-account\u002Ftwo-factor-authentication\">Twitter 2\u003C\u002Fa>-factor Authentication\u003C\u002Fp>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Faws.amazon.com\u002Fjp\u002Fabout-aws\u002Fwhats-new\u002F2018\u002F09\u002Faws_sign_in_support_for_yubikey_security_key_as_mfa\u002F\">AWS IAM 2\u003C\u002Fa>-factor Authentication\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>FIDO2 or WebAuthn\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fwww.dropbox.com\u002Fja\u002Fhelp\u002Fsecurity\u002Fenable-two-step-verification#securitykey\">Dropbox\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fmicrosoft-365\u002Fblog\u002F2018\u002F11\u002F20\u002Fsign-in-to-your-microsoft-account-without-a-password-using-windows-hello-or-a-security-key\u002F\">Microsoft Account\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>FIDO U2F\u002FWebAuthn is essentially a web browser-based authentication. Therefore, when contacting the service one wishes to use, it is recommended to confirm whether the authentication is FIDO authentication (U2F\u002FFIDO2) or something else (explained below).\u003C\u002Fp>\n\u003Cp>However, even if one uses only the FIDO protocol, if NFC functionality is needed, they will need YubiKey 5 NFC, described below.\u003C\u002Fp>\n\u003Cp>(Currently, Android devices and some Windows 10 devices support NFC.)\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>YubiKey 5 Series Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>While Security Key by Yubico supports the latest FIDO protocol and FIDO U2F, the YubiKey 5 series offers all the features of Security Key by Yubico, plus several Yubico proprietary and standard authentication protocols.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_features_vs_security_key_3_55898c2e4c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Multiple protocols on one key. Completely configurable.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fyubikey-5-overview\u002F\">https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fyubikey-5-overview\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Yubico OTP\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>The YubiKey 5 supports multiple protocols, but the most common is to use Yubico OTP, while the FIDO and WebAuthn are new protocols and are not fully supported on all platforms.\u003C\u002Fp>\n\u003Cp>The Yubico OTP ties OTP to the &quot;just touch&quot; user action of YubiKey, providing a user experience where authentication is completed through a simple touch. In addition, the OTP is sent as simple text, making it independent of the authentication device. Input can also be used flexibly, such as reading it with a cell phone via NFC or inserting it directly into a PC and touching it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_features_vs_security_key_4_73505ee6d0.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.lastpass.com\u002Fja\u002Fyubico\">Lastpass\u003C\u002Fa>, for example, takes advantage of YubiKey&#39;s multi-device capability and can work on Windows, Mac, Android, and iOS.\u003C\u002Fp>\n\u003Cp>It is still an active authentication method, especially for use on iOS and when WebAuthn is unavailable.\u003C\u002Fp>\n\u003Cp>Softgiken’s \u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fyubion-windows-logon\">Windows Logon Service\u003C\u002Fa> also uses it for web screen logon and online authentication.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_features_vs_security_key_5_c643da3d7c.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>TOTP\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_features_vs_security_key_6_df741fa8da.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>YubiKey 5 series can store a 6-digit TOTP (time-based OTP), which Google Authenticator and other applications use.\u003C\u002Fp>\n\u003Cp>Using the Authenticator app, 2-step authentication is implemented efficiently. However, the problem of where to store the seed of the OTP remains.\u003C\u002Fp>\n\u003Cp>Moreover, if the seed is stored on the smartphone, any smartphone malfunctioning will result in the seed being lost. Further, company employees may be against storing confidential company information on their smartphones, especially as there have been various instances wherein TOTP seeds are accounts owned by multiple people.\u003C\u002Fp>\n\u003Cp>In such a case, you may be able to solve the problem by storing the authentication information in a hardware device, YubiKey.\u003C\u002Fp>\n\u003Cp>In such cases, storing this authentication information on hardware devices like YubiKeys proves extremely useful. By keeping the seed on this device, it is possible to create a situation where the user cannot use the device without the key, and the OTP can be confirmed on a Windows PC or Mac without storing the secret information on the personal phone.\u003C\u002Fp>\n\u003Cp>Also, since the OTP seed is stored on an external device, it is possible to create a workflow in which the key is shared by multiple people or lent out only when used.\u003C\u002Fp>\n\u003Cp>This solution can satisfy the requirements of employees who &quot;do not want to keep confidential information&quot; and managers who &quot;want to manage confidential information.”\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Certificates\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cp>YubiKey has a smart card function that complies with the PIV (Personal Identity Verification) standard, allowing client certificates and other proofs to be stored inside YubiKey.\u003C\u002Fp>\n\u003Cp>Specifically, it is possible to use Microsoft Active Directory certificates for login or to store client certificates for VPN connections.\u003C\u002Fp>\n\u003Cp>In either case, YubiKey is protected by a PIN code, making it a strong certificate-based two-factor authentication.\u003C\u002Fp>\n\u003Cp>In the same way, private keys used for OpenPGP can also be stored.\u003C\u002Fp>\n\u003Cp>Softgiken has also prepared and published a \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fdocuments\u002Fpiv\u002F\">manual for deploying YubiKey\u003C\u002Fa> in a Windows Active Directory environment.\u003C\u002Fp>\n\u003Ch3>\u003C\u002Fh3>\n\u003Ch3>\u003Cstrong>Other Authentication\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cp>Other authentication protocols such as OATH-HOTP and static passwords are available, along with the option to store complex passwords in hardware.\u003C\u002Fp>\n\u003Cp>Since there are two slots for OTP and static passwords, it is possible to use multiple functions simultaneously, such as using Yubico OTP while using a static password in the second slot.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>As described above, YubiKey 5 supports multiple protocols and can be used for a wide range of applications, from two-step and two-factor authentication in older systems to passwordless authentication using the latest protocols.\u003C\u002Fp>\n\u003Cp>In other words, YubiKey 5 is a product that can be used for a wide range of applications, from additional authentication for current systems to passwordless authentication in the future.\u003C\u002Fp>\n\u003Cp>For more information about YubiKey and authentication, please contact us through the \u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fforms\u002Fd\u002Fe\u002F1FAIpQLSf3tHHWZS0ju2iTq5_lDMD7qb9XQ-uiUJyLkP660lcAwjvuDw\u002Fviewform\">Contact Us page.\u003C\u002Fa>\u003C\u002Fp>\n","yubikey-5-features-vs-security-key","2018-12-11","2026-04-28T07:29:24.865Z","2026-04-28T07:29:27.711Z",{"id":148,"documentId":149,"name":150,"alternativeText":53,"caption":53,"focalPoint":53,"width":151,"height":151,"formats":152,"hash":161,"ext":58,"mime":62,"size":162,"url":163,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":164,"updatedAt":164,"publishedAt":165},1023,"t6r6b0s18ceqp8wm804inoqo","blog-yubikey-5-features-vs-security-key-1.png",360,{"thumbnail":153},{"ext":58,"url":154,"etag":155,"hash":156,"mime":62,"name":157,"path":53,"size":158,"width":159,"height":159,"sizeInBytes":160},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubikey_5_features_vs_security_key_1_cd6fd2ea16.png","f815074c86148554e94a7b3a5579da7e","thumbnail_blog_yubikey_5_features_vs_security_key_1_cd6fd2ea16","thumbnail_blog-yubikey-5-features-vs-security-key-1.png",23.21,156,23208,"blog_yubikey_5_features_vs_security_key_1_cd6fd2ea16",35.78,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_features_vs_security_key_1_cd6fd2ea16.png","2026-04-28T07:29:00.104Z","2026-04-28T07:29:00.105Z",[],{"id":168,"documentId":169,"title":170,"content":171,"slug":172,"published":173,"createdAt":174,"updatedAt":174,"publishedAt":175,"locale":47,"authorManual":48,"cover":176,"tags":205},95,"b2eds89ktnwrpyw8ttpbro7l","Types of YubiKeys - What is YubiKey? (Part 1)","\u003Cp>Developed by the Swedish company Yubico, YubiKey is a security device that supports authentication methods such as FIDO2, FIDO U2F, PIV(smart card), OpenPGP, Yubico OTP, OATH-TOTP, OATH-HOTP, and Challenge-Response. However, it may be difficult for new users to visualize specific usage scenarios of the device, especially regarding FIDO2 or PIV.\u003C\u002Fp>\n\u003Cp>So, as part of the SoftGiken \u003Ca href=\"https:\u002F\u002Fqiita.com\u002Fadvent-calendar\u002F2018\u002Fsoftgiken\">AdventCalendar 2018\u003C\u002Fa>, this article will introduce the various types of YubiKeys available and their functions and services.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Table of Contents for this Series\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>**・**Types of YubiKeys (this article)\n　・\u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-5-%E3%81%AE%E6%A9%9F%E8%83%BD%E3%80%90yubikey%E3%81%A8%E3%81%AF-part2%E3%80%91\">YubiKey 5 Features\u003C\u002Fa>\n　・\u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-%E3%81%AE%E9%96%8B%E7%99%BA%E8%80%85%E5%90%91%E3%81%91%E3%83%84%E3%83%BC%E3%83%AB%E3%80%90yubikey%E3%81%A8%E3%81%AF-part3%E3%80%91\">Tools for Developers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Types of YubiKey\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>As of December 1, 2018, the following three types of keys are available in Japan.\u003C\u002Fp>\n\u003Cp>・YubiKey 4 Series\u003C\u002Fp>\n\u003Cp>・YubiKey Neo\u003C\u002Fp>\n\u003Cp>・Security Key by Yubico\u003C\u002Fp>\n\u003Cp>Soon, the \u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-5-%E3%81%8C%E3%83%AD%E3%83%BC%E3%83%B3%E3%83%81%E3%81%95%E3%82%8C%E3%81%BE%E3%81%97%E3%81%9F\">YubiKey 5 series will be made available\u003C\u002Fa>, while the YubiKey 4 series will be discontinued. However, the FIPS version based on the YubiKey 4 will continue to be sold.\u003C\u002Fp>\n\u003Cp>The YubiKey 5 series is fully compatible with the YubiKey 4 series and will support all protocols available in YubiKey 4 and FIDO2 features equivalent to Security Key by Yubico.\u003C\u002Fp>\n\u003Cp>Therefore, YubiKey 5 series and Security Key by Yubico will be the basic lineup.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKey 5 Series\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_types_of_yubikeys_what_is_yubikey_1_d06851f486.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Key by Yubico\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_types_of_yubikeys_what_is_yubikey_2_9026e7f05d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>※Please inquire separately for FIPS-compliant keys.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Differences between Security Key by Yubico and YubiKey 5 Series\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The Security Key by Yubico only supports FIDO protocol, limiting its use to FIDO U2F and FIDO2(Web Authn). Thus, it can only be used as a second step authentication for services such as Google, Facebook, Dropbox, GitHub, Gitlab, etc. In contrast, SSO services such as \u003Ca href=\"https:\u002F\u002Fwww.cloudgate.jp\u002Flineup\u002Funo.html\">CloudGate UNO\u003C\u002Fa> are also supported for enterprise users.\u003C\u002Fp>\n\u003Cp>On the other hand, YubiKey 5 series supports PIV(smart card), OpenPGP, Yubico OTP, OATH-TOTP, OATH-HOTP, Challenge-Response, etc. in addition to Security Key by Yubico, allowing it to be easily integrated into local Active Directory authentication, VPN, or existing OTP authentication.\u003C\u002Fp>\n\u003Cp>Softgiken’s YubiOn for Windows also authenticates using the YubiKey 5 series features, which will be explained in detail in part 3.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>USB Shape\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The YubiKey 5 series models differ from each other in terms of the USB shape as well as the availability of NFC.\u003C\u002Fp>\n\u003Cp>The YubiKey 5 with NFC and USB Type-A can use both USB and NFC for authentication.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_types_of_yubikeys_what_is_yubikey_3_a0a2100ffe.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the other models, most of the features are common; the only changes are the differences in the form factor or shape and the exception of the NFC function.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKey 5 Nano Fits Perfectly in the USB Port\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_types_of_yubikeys_what_is_yubikey_4_4f66a976ee.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Type-C YubiKey 5C\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_types_of_yubikeys_what_is_yubikey_5_35fb76c491.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smallest YubiKey - 5C Nano\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_types_of_yubikeys_what_is_yubikey_6_b5b46af41d.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Thus, users can choose the device they require based on their needs.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This was a brief introduction to the YubiKey series 5. For more information, please \u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fforms\u002Fd\u002Fe\u002F1FAIpQLSf3tHHWZS0ju2iTq5_lDMD7qb9XQ-uiUJyLkP660lcAwjvuDw\u002Fviewform\">contact us\u003C\u002Fa>.\u003C\u002Fp>\n","types-of-yubikeys-what-is-yubikey","2018-12-01","2026-04-28T07:14:18.831Z","2026-04-28T07:14:21.672Z",{"id":177,"documentId":178,"name":179,"alternativeText":53,"caption":53,"focalPoint":53,"width":180,"height":181,"formats":182,"hash":201,"ext":184,"mime":188,"size":202,"url":203,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":204,"updatedAt":204,"publishedAt":204},886,"iikccljfwl2l4bupc2t8ticw","blog-types-of-yubikeys-what-is-yubikey-1.jpeg",712,381,{"small":183,"thumbnail":193},{"ext":184,"url":185,"etag":186,"hash":187,"mime":188,"name":189,"path":53,"size":190,"width":74,"height":191,"sizeInBytes":192},".jpeg","https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_types_of_yubikeys_what_is_yubikey_1_d06851f486.jpeg","b2aefef55d01776ec2afe3ac1d3adb51","small_blog_types_of_yubikeys_what_is_yubikey_1_d06851f486","image\u002Fjpeg","small_blog-types-of-yubikeys-what-is-yubikey-1.jpeg",10.15,268,10152,{"ext":184,"url":194,"etag":195,"hash":196,"mime":188,"name":197,"path":53,"size":198,"width":92,"height":199,"sizeInBytes":200},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_types_of_yubikeys_what_is_yubikey_1_d06851f486.jpeg","12e2e3897e301ed1406ee3a054ba1adc","thumbnail_blog_types_of_yubikeys_what_is_yubikey_1_d06851f486","thumbnail_blog-types-of-yubikeys-what-is-yubikey-1.jpeg",3.76,131,3762,"blog_types_of_yubikeys_what_is_yubikey_1_d06851f486",19.68,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_types_of_yubikeys_what_is_yubikey_1_d06851f486.jpeg","2026-04-28T07:13:54.988Z",[],{"id":207,"documentId":208,"title":209,"content":210,"slug":211,"published":212,"createdAt":213,"updatedAt":213,"publishedAt":214,"locale":47,"authorManual":48,"cover":215,"tags":257},121,"jiixwzns4hmfdtvd22c7z6o7","YubiKey 5 Launched","\u003Cp>Yubico recently announced the launch of the YubiKey 5 series.\u003C\u002Fp>\n\u003Cp>The new YubiKey 5 is a FIDO2-enabled version of the YubiKey 4 series, and the USB Type-A YubiKey 5 also has NFC functionality.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>YubiKey 5 Series\u003C\u002Fp>\n\u003Cp>In addition to FIDO2 functionality, YubiKey 5 supports FIDO U2F, PIV (smart card), OpenPGP, Yubico OTP, OATH-TOTP, OATH-HOTP, and Challenge-Response, all of which were available in the YubiKey 4 series. Therefore, the solution can be used in modern or future authentication and legacy environments and their transition scenarios.\u003C\u002Fp>\n\u003Cp>In other words, the key matches environments considering switching from current password authentication to \u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubico%E7%A4%BE%E3%81%A8microsoft%E7%A4%BE%E3%81%8C%E3%80%81%E3%83%91%E3%82%B9%E3%83%AF%E3%83%BC%E3%83%89%E3%83%AC%E3%82%B9%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%E3%82%92%E7%99%BA%E8%A1%A8\">password-less authentication.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>FIDO2 Authentication with YubiKey\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>There are roughly three FIDO2 authentication scenarios that will be added in YubiKey 5\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_series_launched_with_fido2_and_nfc_2_0ceb6d046f.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Single-factor authentication\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Users can log in by simply touching the YubiKey, which enables a login experience that does not require a username or password.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_series_launched_with_fido2_and_nfc_3_4226132b8f.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>2-Step Authentication\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>In addition to ID + password, as used by Google and Facebook, it can also be used as a 2-step authentication factor.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_series_launched_with_fido2_and_nfc_4_58fe8d9bbd.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Multi-factor authentication\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>With a single YubiKey, multi-factor authentication is possible by touching the key and confirming the user&#39;s identity with a PIN.\u003C\u002Fp>\n\u003Cp>Users can choose the authentication style that best suits their needs and environment from these three use cases.\u003C\u002Fp>\n\u003Cp>For more details, please refer to the following blog:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002F2018\u002F09\u002Fintroducing-the-yubikey-5-series-with-new-nfc-and-fido2-passwordless-features\u002F\">Introducing the YubiKey 5 Series with New NFC and FIDO2 Passwordless Features\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Availability\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>While Softgiken does not currently plan to sell the YubiKey 5 Series, please check again for any updates and changes to this decision.\u003C\u002Fp>\n\u003Cp>For more information, please contact us through the \u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fforms\u002Fd\u002Fe\u002F1FAIpQLSf3tHHWZS0ju2iTq5_lDMD7qb9XQ-uiUJyLkP660lcAwjvuDw\u002Fviewform\">Contact Form\u003C\u002Fa>.\u003C\u002Fp>\n","yubikey-5-series-launched-with-fido2-and-nfc","2018-09-27","2026-04-28T07:29:58.361Z","2026-04-28T07:30:01.020Z",{"id":216,"documentId":217,"name":218,"alternativeText":53,"caption":53,"focalPoint":53,"width":219,"height":220,"formats":221,"hash":253,"ext":184,"mime":188,"size":254,"url":255,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":256,"updatedAt":256,"publishedAt":256},1029,"lrzeo6igg3775w72v2054r9c","blog-yubikey-5-series-launched-with-fido2-and-nfc-1.jpeg",1280,853,{"large":222,"small":230,"medium":238,"thumbnail":245},{"ext":184,"url":223,"etag":224,"hash":225,"mime":188,"name":226,"path":53,"size":227,"width":65,"height":228,"sizeInBytes":229},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03.jpeg","e0b2c93c3a982637d926408fbc7f0f67","large_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03","large_blog-yubikey-5-series-launched-with-fido2-and-nfc-1.jpeg",17.49,666,17490,{"ext":184,"url":231,"etag":232,"hash":233,"mime":188,"name":234,"path":53,"size":235,"width":74,"height":236,"sizeInBytes":237},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03.jpeg","3056fe198c9691818423f1d328ba16ab","small_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03","small_blog-yubikey-5-series-launched-with-fido2-and-nfc-1.jpeg",5.8,333,5803,{"ext":184,"url":239,"etag":240,"hash":241,"mime":188,"name":242,"path":53,"size":243,"width":83,"height":74,"sizeInBytes":244},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03.jpeg","bf75d2c7d680f982e4e9806780645e7c","medium_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03","medium_blog-yubikey-5-series-launched-with-fido2-and-nfc-1.jpeg",10.8,10802,{"ext":184,"url":246,"etag":247,"hash":248,"mime":188,"name":249,"path":53,"size":250,"width":251,"height":159,"sizeInBytes":252},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03.jpeg","ab0a7ef898c77f27f577ea78f009ecd4","thumbnail_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03","thumbnail_blog-yubikey-5-series-launched-with-fido2-and-nfc-1.jpeg",2.04,234,2043,"blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03",27.57,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03.jpeg","2026-04-28T07:29:44.965Z",[],{"id":259,"documentId":260,"title":261,"content":262,"slug":263,"published":264,"createdAt":265,"updatedAt":265,"publishedAt":266,"locale":47,"authorManual":48,"cover":267,"tags":311},27,"q2a26ds0hgn4dar59nytk7z7","Enabling Mandatory 2-step verification Using YubiKey for Login to G Suite","\u003Cp>This article will attempt to answer the various queries from G Suite customers regarding the 2-step authentication using U2F following Google’s self-developed security key announcement.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>2-step Authentication in G Suite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>G Suite allows users to set up 2-step authentication to increase security when logging in; after entering the ID\u002Fpassword, they can set up 2-step authentication via SMS, Google Authenticator, push notification to Android, etc.\u003C\u002Fp>\n\u003Cp>U2F keys, i.e., YubiKey, etc., have been available for a while. However, the option to make YubiKey mandatory was a paid G Suite Enterprise-only feature (\u003Ca href=\"https:\u002F\u002Fproductforums.google.com\u002Fforum\u002F#!topic\u002Fapps\u002FYjAr9lv1Ass\">despite various requests\u003C\u002Fa>).\u003C\u002Fp>\n\u003Cp>However, in March of this year, the option to make a U2F key for 2-step verification mandatory was finally extended to all G Suite plans※ .\u003C\u002Fp>\n\u003Cp>Thus, G Suite Basic and Business users can enforce 2-step authentication using YubiKey in environments requiring advanced access control for corporate use.\u003C\u002Fp>\n\u003Cp>※ G Suite Japanese Blog: \u003Ca href=\"https:\u002F\u002Fgsuiteupdates-ja.googleblog.com\u002F2018\u002F04\u002F3-g-suite-2.html\">https:\u002F\u002Fgsuiteupdates-ja.googleblog.com\u002F2018\u002F04\u002F3-g-suite-2.html\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In line with this, the remainder of this article will guide how to set up 2-step authentication for G Suite using YubiKey.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Settings on the administrator&#39;s side\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Permission for G Suite Admin will be needed to enforce the U2F device for 2-step authentication.\u003C\u002Fp>\n\u003Cp>First, access the \u003Ca href=\"https:\u002F\u002Fadmin.google.com\u002F\">G Suite administration console\u003C\u002Fa> and select Security.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Open Basic Settings.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_2_c0701b01e6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>One must turn it on if the 2-step verification process is not enabled. Check the box and click Save.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_3_753be3d472.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After enabling 2-step verification, click &quot;To apply the 2-step verification process, please go to Advanced Settings&quot; and the 2-step verification details.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_4_75e42a4a8a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If users apply these changes to an organization that includes the administrator themself, the administrator must have a security key registered. If so, please register a new key from the \u003Ca href=\"https:\u002F\u002Fmyaccount.google.com\u002F\">Google Account Management page\u003C\u002Fa> (see below for instructions).\u003C\u002Fp>\n\u003Cp>The security key is applied to the entire organization, including the administrator, by default.\u003C\u002Fp>\n\u003Cp>To apply it to only a part of the organization, create a group in advance, and then select the group to use from the group filter on the left side of the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_5_5cc5452d8a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once one has decided what to apply, setting up the 2-step authentication can begin.\u003C\u002Fp>\n\u003Cp>First, use the &quot;Implementation&quot; option to determine the application date.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_6_144809eb8d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This is an option for each user themselves to set the transition period during which they will register their 2-step verification factor.\u003C\u002Fp>\n\u003Cp>In this case, select &quot;Enable the application from the specified date.”\u003C\u002Fp>\n\u003Cp>Also, set the registration period for new users to one month.\u003C\u002Fp>\n\u003Cp>Next, limit the available 2-step verification process to security keys only to force them to log in with a device such as a YubiKey that uses U2F authentication, which has a higher security strength.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_7_0b154439e0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Finally, set the option for how often the 2-step verification process should be performed as it is an option to record the PC\u002Fbrowser where one logged in and not to complete the 2-step verification process next time.\u003C\u002Fp>\n\u003Cp>In this case, select the option to ask for a security key each time one log in.\u003C\u002Fp>\n\u003Cp>When all settings are done, click Save to reflect the settings.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>User Settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The next step is for each user to enable 2-step verification on their own.\u003C\u002Fp>\n\u003Cp>After logging in with the user account, go to the \u003Ca href=\"https:\u002F\u002Fmyaccount.google.com\u002F\">Google Account Management\u003C\u002Fa> page.\u003C\u002Fp>\n\u003Cp>Login and Security\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_8_1bee530864.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click on the 2-step verification process.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_9_de897898fe.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This will start the 2-step verification process.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_10_585aea6a19.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click Next as the security key registration process begins.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_11_a3ad8240a0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The phone number verification screen will appear if non-administrator security keys are allowed in the 2-step verification process settings. In this case, one can register the security key by selecting the security key from the options listed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_12_a7d65394fa.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, one will be prompted to insert a key. Once the YubiKey is plugged into the PC, the touch part of the YubiKey will blink.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_13_8629d0275b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Touch the YubiKey to complete registration. If necessary, set the name of the security key. Then, click &quot;Allow&quot; when the following confirmation appears.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_14_f2aa1a9c91.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When registration is complete, one will be asked to enter a name for the key. When registering multiple keys, it is best to use a different name.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_15_cf3de1fb45.png\" alt=\"\">\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Operation at login\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This completes the setup. Log out of G Suite and log in again.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_16_a708bd4628.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The 2-step authentication process, as shown below, can be seen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_17_8ee204c5e3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Insert the YubiKey into the PC, and the touch part will blink. Touch it to complete the login.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Managing Security Keys\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Users can manage their security key from the \u003Ca href=\"https:\u002F\u002Fmyaccount.google.com\u002Fsigninoptions\u002Ftwo-step-verification\">Google Account Management\u003C\u002Fa> page &gt; Login &amp; Security &gt; 2-step verification.\u003C\u002Fp>\n\u003Cp>To add or remove a lost key, click here.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_18_266f43a142.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Of course, if a user has only one security key and loses it, the administrator will need to recover it.\u003C\u002Fp>\n\u003Cp>In such cases, the G Suite administrator can add or remove the security key from the user details page.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_19_89a9b35dae.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Retrieving a backup code in case one needs to log in urgently is possible as well.※\u003C\u002Fp>\n\u003Cp>※To use a backup key, the 2-step verification method needs to be set to &quot;Unlimited.&quot;\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_20_c0b993ca77.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This code can enable a single user to log in only once.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_21_61f1c4a82b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Using YubiKey to log in to G Suite allows users to enforce a robust 2-step authentication for others. Through 2-step authentication with YubiKey, there have been \u003Ca href=\"https:\u002F\u002Fjapanese.engadget.com\u002F2018\u002F07\u002F24\u002Fgoogle-0\u002F\">zero phishing attacks\u003C\u002Fa> since the security key was introduced, and the \u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002F2016\u002F02\u002Fuse-of-fido-u2f-security-keys-focus-of-2-year-google-study\u002F\">Yubico Blog\u003C\u002Fa> also talks of the improvements in terms of cost management and convenience.\u003C\u002Fp>\n\u003Cp>For queries regarding the 2-step authentication, please contact us through the \u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fforms\u002Fd\u002Fe\u002F1FAIpQLSf3tHHWZS0ju2iTq5_lDMD7qb9XQ-uiUJyLkP660lcAwjvuDw\u002Fviewform\">Contact page\u003C\u002Fa>.\u003C\u002Fp>\n","mandatory-yubikey-2-step-verification-g-suite","2018-08-29","2026-04-28T06:22:30.217Z","2026-04-28T06:22:33.191Z",{"id":268,"documentId":269,"name":270,"alternativeText":53,"caption":53,"focalPoint":53,"width":271,"height":272,"formats":273,"hash":306,"ext":58,"mime":62,"size":307,"url":308,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":309,"updatedAt":309,"publishedAt":310},396,"v9yb7vxqktb7p4qqdiu028xc","blog-mandatory-yubikey-2-step-verification-g-suite-1.png",1111,700,{"large":274,"small":282,"medium":290,"thumbnail":298},{"ext":58,"url":275,"etag":276,"hash":277,"mime":62,"name":278,"path":53,"size":279,"width":65,"height":280,"sizeInBytes":281},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21.png","0183bff90ac6cf5052dc403cdcdbf337","large_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21","large_blog-mandatory-yubikey-2-step-verification-g-suite-1.png",125.03,630,125026,{"ext":58,"url":283,"etag":284,"hash":285,"mime":62,"name":286,"path":53,"size":287,"width":74,"height":288,"sizeInBytes":289},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21.png","33949f5f1b36028d2b179bcbb499a2b0","small_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21","small_blog-mandatory-yubikey-2-step-verification-g-suite-1.png",47.55,315,47551,{"ext":58,"url":291,"etag":292,"hash":293,"mime":62,"name":294,"path":53,"size":295,"width":83,"height":296,"sizeInBytes":297},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21.png","df3ada3ce3e350501370900434f9d246","medium_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21","medium_blog-mandatory-yubikey-2-step-verification-g-suite-1.png",83.77,473,83772,{"ext":58,"url":299,"etag":300,"hash":301,"mime":62,"name":302,"path":53,"size":303,"width":92,"height":304,"sizeInBytes":305},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21.png","2bdc933445e72191b160615918b027f2","thumbnail_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21","thumbnail_blog-mandatory-yubikey-2-step-verification-g-suite-1.png",17.25,154,17247,"blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21",20.07,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21.png","2026-04-28T06:21:05.142Z","2026-04-28T06:21:05.143Z",[],{"id":313,"documentId":314,"title":315,"content":316,"slug":317,"published":318,"createdAt":319,"updatedAt":319,"publishedAt":320,"locale":47,"authorManual":48,"cover":321,"tags":364},99,"sa14ug96es97edys21rbcwiv","Using WebAuthn with the Touch ID on Mac","\u003Cblockquote>\n\u003Cp>\u003Cstrong>Testing an early development preview of the Touch ID WebAuthn Platform Authenticator in Chrome Canary\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Recently, there has been a lot of buzz surrounding Chrome, Firefox, and Edge’s decision to implement WebAuthn and standardize W3C. Further, WebAuthn can be used through TouchID in Chrome Canary.\u003C\u002Fp>\n\u003Cp>This article will cover the installation of Chrome Canary and a sample run of using WebAuthn through Mac’s Touch ID.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Environment Information\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>・Mac Book Pro with Touch Bar for document creation\u003C\u002Fp>\n\u003Cp>・Chrome \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fchrome\u002Fbrowser\u002Fcanary.html\">Canary\u003C\u002Fa> version 69.0.3468.0 or later\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwebauthndemo.appspot.com\u002F\">・webauthndemo.appspot.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Installing Chrome Canary\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Download Chrome Canary from \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fchrome\u002Fbrowser\u002Fcanary.html\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Run the downloaded &quot;googlechrome.dmg.&quot;\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_2_7b36e87bd1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Drag and drop &quot;Google Chrome Canary.app&quot; into the application\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Optionally Launch Chrome Canary\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Start a terminal and execute the following commands.\u003C\u002Fp>\n\u003Cp>By adding &quot;-enable-fetures=WebAuthenticationTouchId&quot; to the options, Touch ID will be enabled in WebAuthn.\u003C\u002Fp>\n\u003Cp>WebAuthn is now ready to be tested through Touch ID at the WebAuthn demo site.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Testing Touch ID through the WebAuthn demo site\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Access this \u003Ca href=\"http:\u002F\u002Fwebauthndemo.appspot.com\u002F\">demo site\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Select &quot;REGISTER NEW CREDENTIAL&quot; and register credentials.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_3_67fbd706e2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After making the selection, the user will be asked for Touch ID.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_4_e9fd22fae9.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Touch Bar side\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_5_890ab0c91f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Touch it, and credential information will be registered.\u003C\u002Fp>\n\u003Cp>※The details of the registration information are omitted here.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_6_3ccc299b9c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_7_58dabcad8d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, perform authentication using the credential information.\u003C\u002Fp>\n\u003Cp>Select &quot;AUTHENTICATE.&quot;\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_8_8ff8212959.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After selecting, the user will be prompted for Touch ID.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_4_e9fd22fae9.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Touch Bar side\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_9_3ef7ec146e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Touch to successfully authenticate.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_10_1cbd722082.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This feature is currently limited to Chrome Canary, but it will hopefully be implemented in other browsers in the future.\u003C\u002Fp>\n\u003Cp>The next section of this article will focus on a few use cases for these web services.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_11_9d1d8bee8a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>For this use case, consider the accessing of a web service.\u003C\u002Fp>\n\u003Cp>In most cases, users may utilize the Touch ID on their Mac to access these services.\u003C\u002Fp>\n\u003Cp>However, they may not always use the same device to access web services.\u003C\u002Fp>\n\u003Cp>To combat this, users can register an external device in advance, which can be used to guarantee secure access even in the absence of the original device.\u003C\u002Fp>\n\u003Cp>While this concludes this article, please check back here for more of the latest updates.\u003C\u002Fp>\n","using-webauthn-with-touch-id-on-mac","2018-07-11","2026-04-28T07:16:08.900Z","2026-04-28T07:16:11.456Z",{"id":322,"documentId":323,"name":324,"alternativeText":53,"caption":53,"focalPoint":53,"width":325,"height":326,"formats":327,"hash":360,"ext":58,"mime":62,"size":361,"url":362,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":363,"updatedAt":363,"publishedAt":363},899,"d0hbrrtrsuemzmxfyv0agu9k","blog-using-webauthn-with-touch-id-on-mac-1.png",2333,742,{"large":328,"small":336,"medium":344,"thumbnail":352},{"ext":58,"url":329,"etag":330,"hash":331,"mime":62,"name":332,"path":53,"size":333,"width":65,"height":334,"sizeInBytes":335},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5.png","048a2400fa3bbe86ce3cbeb681867408","large_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5","large_blog-using-webauthn-with-touch-id-on-mac-1.png",85.49,318,85493,{"ext":58,"url":337,"etag":338,"hash":339,"mime":62,"name":340,"path":53,"size":341,"width":74,"height":342,"sizeInBytes":343},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5.png","e421eac6843688d4c7e3a32ee3089093","small_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5","small_blog-using-webauthn-with-touch-id-on-mac-1.png",30.2,159,30197,{"ext":58,"url":345,"etag":346,"hash":347,"mime":62,"name":348,"path":53,"size":349,"width":83,"height":350,"sizeInBytes":351},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5.png","1689c740c958dad781c6143c10fecbfa","medium_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5","medium_blog-using-webauthn-with-touch-id-on-mac-1.png",55.92,239,55921,{"ext":58,"url":353,"etag":354,"hash":355,"mime":62,"name":356,"path":53,"size":357,"width":92,"height":358,"sizeInBytes":359},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5.png","1e6b0bf4fb3c92a2e24b73d784e22ced","thumbnail_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5","thumbnail_blog-using-webauthn-with-touch-id-on-mac-1.png",10.05,78,10046,"blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5",52.7,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5.png","2026-04-28T07:15:21.455Z",[],{"id":366,"documentId":367,"title":368,"content":369,"slug":370,"published":371,"createdAt":372,"updatedAt":372,"publishedAt":373,"locale":47,"authorManual":48,"cover":374,"tags":407},97,"myxnlsp1etq2s3ig03gxnqey","Using FIDO2 on Microsoft Edge for Windows 10 Insider Preview","\u003Cp>Recently, Microsoft Edge began supporting WebAuthn on the Insider Preview Version.\u003C\u002Fp>\n\u003Cp>Following this, the author of \u003Ca href=\"https:\u002F\u002Fwebauthn.org\u002F\">https:\u002F\u002Fwebauthn.org\u003C\u002Fa>, Twitter user \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fapowers313\">@apowers313\u003C\u002Fa>, tweeted:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>&gt; WebAuthn will work on Edge from Windows 10 Insider Preview Build 17682.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>According to Windows Blogs Insider Preview, WebAuthentication API is supported in Windows 10 Insider Preview Build 17682.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>The implementation in Microsoft Edge allows users to use \u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fwindows\u002Fwindows-hello\">Windows Hello\u003C\u002Fa> (via PIN or biometrics) and \u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Ffido2\u002F\">external authenticators\u003C\u002Fa> like FIDO2 Security Keys or FIDO U2F Security Keys to securely authenticate to websites. We’ll have more to share about Web Authentication in Microsoft Edge soon!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Thus, it appears that Single Factor login using PIN or Biometrics is possible with the new CTAP2 protocol.\u003C\u002Fp>\n\u003Cp>The environments used to run the tests in this article are as follows.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Windows 10 Insider Preview 17692\u003C\u002Fli>\n\u003Cli>Microsoft Edge 42.17692\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Famzn.to\u002F2MtOdHR\">Yubico security key (now available on Amazon)\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwebauthn.org\u002F\">https:\u002F\u002Fwebauthn.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Video\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>As seen in the video, the CTAP2 is implemented in Windows Hello.\u003C\u002Fp>\n\u003Cp>In addition to &quot;internal authenticators&quot; such as fingerprints and facial recognition, which have been available in Hello, external authenticators such as security keys have also been added.\u003C\u002Fp>\n\u003Cp>Also, since internal authenticators should be able to be called from WebAuthn, perhaps someone may write a code that enables RS256 with publicKey Param.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Explanation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The procedure is as follows.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Go to \u003Ca href=\"https:\u002F\u002Fwebauthn.org\u002F\">https:\u002F\u002Fwebauthn.org\u003C\u002Fa>, enter the user name, and press the Register button.\u003C\u002Fp>\n\u003Cp>The Web Authentication API of Edge will then call Windows Hello, and as a result, the user will be asked to insert an external Authenticator key.\u003C\u002Fp>\n\u003Cp>If this is the first time using the key, one will be asked to set a new PIN. In other words, it seems that User Verification (PIN or Biometrics authentication) is currently required.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_2_d599b43cac.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After entering the new PIN, one will be asked to touch the key (User Presence). A dialog box will appear briefly when the touch is completed, indicating that the PIN setting is complete.\u003C\u002Fp>\n\u003Cp>Next, the user will be asked to touch the key for Registration. (From now on, this key will use the user’s set PIN for registration and authentication.)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_3_a429078b5d.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the touch is completed, Registration is complete.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_4_1ac26254de.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The user will be asked to enter the PIN whenever they log in next time.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_5_ac932dda2e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If one tries this process with YubiKey 4, which supports only U2F, they will not be asked for a PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_6_0bd9936806.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The user name is required when logging in for compatibility with the U2F key.\u003C\u002Fp>\n\u003Cp>Also, if it is a Resident Key (a key that can store user information), a user selection dialog should appear after the PIN is entered.\u003C\u002Fp>\n\u003Cp>Although this Microsoft Edge update is still in beta, our team is wondering how Chrome will follow suit by supporting FIDO2-compatible security keys.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002FYubico-%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%AD%E3%83%BC-FIDO2-USB-2%E6%AE%B5%E9%9A%8E%E8%AA%8D%E8%A8%BC\u002Fdp\u002FB07BYSB7FK\u002Fref=as_li_ss_tl?ie=UTF8&qid=1529045507&sr=8-21&keywords=%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%AD%E3%83%BC&linkCode=sl1&tag=82p-22&linkId=da70939ba6459de00d11ca50821656c3\">\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_7_6653fd2866.png\" alt=\"\">\u003C\u002Fa>\u003C\u002Fp>\n","fido2-microsoft-edge-windows-10-insider-preview","2018-06-15","2026-04-28T07:15:03.250Z","2026-04-28T07:15:05.773Z",{"id":375,"documentId":376,"name":377,"alternativeText":53,"caption":53,"focalPoint":53,"width":378,"height":379,"formats":380,"hash":403,"ext":184,"mime":188,"size":404,"url":405,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":406,"updatedAt":406,"publishedAt":406},892,"lenhqshsvc7xs9xc6xvr79sx","blog-fido2-microsoft-edge-windows-10-insider-preview-1.jpeg",800,533,{"small":381,"medium":388,"thumbnail":395},{"ext":184,"url":382,"etag":383,"hash":384,"mime":188,"name":385,"path":53,"size":386,"width":74,"height":236,"sizeInBytes":387},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4.jpeg","e8814d4abb2dcf9732a5cdb676f6b931","small_blog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4","small_blog-fido2-microsoft-edge-windows-10-insider-preview-1.jpeg",24.83,24827,{"ext":184,"url":389,"etag":390,"hash":391,"mime":188,"name":392,"path":53,"size":393,"width":83,"height":74,"sizeInBytes":394},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4.jpeg","c99c402a831a7ffb4972911c033e2368","medium_blog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4","medium_blog-fido2-microsoft-edge-windows-10-insider-preview-1.jpeg",50.42,50416,{"ext":184,"url":396,"etag":397,"hash":398,"mime":188,"name":399,"path":53,"size":400,"width":401,"height":159,"sizeInBytes":402},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4.jpeg","cea71df371fd048aa7d5ba199283979b","thumbnail_blog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4","thumbnail_blog-fido2-microsoft-edge-windows-10-insider-preview-1.jpeg",7.21,235,7214,"blog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4",55.06,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4.jpeg","2026-04-28T07:14:37.524Z",[],{"id":409,"documentId":410,"title":411,"content":412,"slug":413,"published":414,"createdAt":415,"updatedAt":415,"publishedAt":416,"locale":47,"authorManual":48,"cover":417,"tags":460},51,"y8ofuu6crv59349si4v6ioqm","Implementing FIDO U2F CTAP","\u003Cp>\u003Cstrong>Introduction\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This article will summarize various aspects of creating a U2F Host Library regarding the U2F specifications.\u003C\u002Fp>\n\u003Cp>The Host library is the part that communicates between the so-called FIDO Client (web browser) and Authenticator (YubiKey, etc.). However, if a web browser is not available, U2F communication is not necessary.\u003C\u002Fp>\n\u003Cp>However, if one wants to use FIDO authentication in a native application where a web browser is unavailable, they will need to create a Host library, as shown here. (This will no longer be necessary if the platform API supports it, such as Windows Hello.)\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Table of Contents\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cul>\n\u003Cli>\u003Cp>Sequence\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>What the host library does\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Communication with U2F devices\u003C\u002Fp>\n\u003Cul>\n\u003Cli>JavaScript API\u003C\u002Fli>\n\u003Cli>Raw Message Format\u003C\u002Fli>\n\u003Cli>APDU Format\u003C\u002Fli>\n\u003Cli>HID Protocol\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>About FIDO2\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Sequence\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>First, begin by checking the entire sequence of U2F.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>At the time of registration\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_implementing_fido_u2f_ctap_1_b1ce1a97e0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>At the time of authentication\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_implementing_fido_u2f_ctap_2_6167c66e2c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This is the U2F Challenge &amp; Response diagram often seen, and this communication part between the Client and YubiKey is called CTAP.\u003C\u002Fp>\n\u003Cp>Compared to the CTAP2 specification in FIDO2, it is also called CTAP1.\u003C\u002Fp>\n\u003Cp>The client is usually a browser, but only Chrome implements it as U2F. (Firefox60 and later are also supported as WebAuthN)\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>What the host library does\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The host library works behind the scenes with APIs such as the U2F JavaScript API. For example, at the time of registration.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enumerate USB devices\u003C\u002Fli>\n\u003Cli>Search for U2F devices\u003C\u002Fli>\n\u003Cli>Write the registration request to the device\u003C\u002Fli>\n\u003Cli>Read the response from the device\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_implementing_fido_u2f_ctap_3_55a8e082b6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, an explanation of the operation after “3) Registration Request” during the implementation of FIDO U2F will be discussed.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Communication with U2F Device\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The U2F specifications include\u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecs\u002Ffido-u2f-v1.2-ps-20170411\u002Ffido-u2f-javascript-api-v1.2-ps-20170411.html\">U2F JavascriptAPI U2F\u003C\u002Fa>,  \u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecs\u002Ffido-u2f-v1.2-ps-20170411\u002Ffido-u2f-raw-message-formats-v1.2-ps-20170411.html\">U2F Raw Message Formats\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecs\u002Ffido-u2f-v1.2-ps-20170411\u002Ffido-u2f-hid-protocol-v1.2-ps-20170411.html\">U2F HID Protocol\u003C\u002Fa> which are the low-level protocols of the device from the Client-side in order from Javascript API.\u003C\u002Fp>\n\u003Cp>In regards to the specifications, there are three main points.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Point 1.  U2F devices operate as HID devices\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>As stated in the specifications, the communication between the U2F device and the Client uses the HID (Human Interface Device) protocol, a common standard used in devices such as keyboards and mouses and can be used without a driver.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Point 2. The format for sending and receiving data is APDU Format\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Although the HID protocol is used for communication, actual messages are sent in a format called \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FSmart_card_application_protocol_data_unit\">APDU Format\u003C\u002Fa>, a method of exchanging data for reading smart cards, etc. This APDU Format, which is the format in which the data is sent, consists of a header indicating the command, data length, and the data attached to it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Point 3. Data is in the U2F Raw Message Formats\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Also, the data to be sent in APDU is sent in a format known as \u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecs\u002Ffido-u2f-v1.2-ps-20170411\u002Ffido-u2f-raw-message-formats-v1.2-ps-20170411.html\">U2F Raw Message Format\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Since the U2F Raw Message Format is a byte array data, if it is converted to a data format that JavaScript can handle, it can be handled in a data format such as JSON, like the API in Chrome.\u003C\u002Fp>\n\u003Cp>In summary, it looks like this.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_implementing_fido_u2f_ctap_4_b3e0542a8a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Upon understanding these three points, it will be significantly easier to follow along with reading the specs and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FYubico\u002Fpython-u2flib-host\">Yubico’s reference code\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The following section will trace the registration phase and checking of the data.\u003C\u002Fp>\n\u003Cp>For example, the following Registration Request from \u003Ca href=\"https:\u002F\u002Fexample.com\">https:\u002F\u002Fexample.com\u003C\u002Fa> via the JavaScript API was received.\u003C\u002Fp>\n\u003Cp>First, to convert this data to Raw Message Formats, create a JSON String called ClientData.\u003C\u002Fp>\n\u003Cp>The members of ClientData are &quot;type,&quot; &quot;challenge,&quot; &quot;origin,&quot; and &quot;cid,&quot; but when registering a U2F device, use\u003C\u002Fp>\n\u003Cul>\n\u003Cli>type: &quot;navigator.id.finishEnrollment&quot; fixed\u003C\u002Fli>\n\u003Cli>challenge: Challenge string from the server.\u003C\u002Fli>\n\u003Cli>origin: If it is HTTP communication, the domain must be authenticated.\u003C\u002Fli>\n\u003Cli>cid: option. a JwkKey-style public key is used to sign a Token Binding called \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fid\u002Fdraft-balfanz-tls-channelid-01.html\">channel ID\u003C\u002Fa>. This time, it is omitted.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>On the Raw Message Formats side, a SHA256 hashed value of JSON is used, which is the Challenge Parameter. (Hexadecimal notation).\u003C\u002Fp>\n\u003Cp>Web Safe Base64 Encoded JSON is sent to the server as ClientData.\u003C\u002Fp>\n\u003Cp>The changing of &quot;\u002F&quot; to &quot;_&quot; and &quot;+&quot; to &quot;-&quot; are known as Web Safe Base64 or URL Safe Base64. However, the padding is removed (i.e., the trailing === is cleared).\u003C\u002Fp>\n\u003Cp>This parameter is only Base64 encoded for sending to the server and does not use this data for communication with the Authenticator.\u003C\u002Fp>\n\u003Cp>Another parameter is the Application Parameter, which is the sha256 hash of appId(&quot;\u003Ca href=\"https:\u002F\u002Fexample.com\">https:\u002F\u002Fexample.com\u003C\u002Fa>&quot;).\u003C\u002Fp>\n\u003Cp>The Registration Request Message is a combination of the two.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_implementing_fido_u2f_ctap_5_4523fc4476.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>※FIDO U2F Raw Message 4.1 Fig. 2 Registration Request Message\u003C\u002Fp>\n\u003Cp>\u003Cstrong>APDU Format\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Next, the U2F Raw Message format is sent to the HID device in APDU Format.\u003C\u002Fp>\n\u003Cp>In APDU Format, the data length and command parameters must be specified in the header section, and the command parameters at registration are as follows.\u003C\u002Fp>\n\u003Cp>There are two types of APDU data, Short Encoding, and Extended Length Encoding, and U2F uses Short Encoding.\u003C\u002Fp>\n\u003Cp>※Le defines the maximum size of the response data but is ignored if the maximum length is set to 256 bytes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>HID Protocol\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All that remains is sending the data to the HID device, but only 64 bytes can be written to the HID device simultaneously.\u003C\u002Fp>\n\u003Cp>As with the APDU format, a header is attached, as shown below, so the actual data to be sent looks like this.\u003C\u002Fp>\n\u003Cp>・※The channel ID is obtained when the device is initialized.\u003C\u002Fp>\n\u003Cp>・※The seventh bit of the command is always 1\u003C\u002Fp>\n\u003Cp>DATA is the APDU data mentioned earlier. While the total data size is 71 bytes (0x47), the HID packet is 64 bytes, so only 57 bytes can be sent, as 7 bytes are required for the header for HID Transport. The rest of the data is sent as sequence data in the following form.\u003C\u002Fp>\n\u003Cp>Now read the response from the device.\u003C\u002Fp>\n\u003Cp>In other words, this time, the process is reversed from HID protocol → APDU format → U2F Raw Message Format to get the response from the device.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>About FIDO2\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The U2F host-side communication is the same protocol used in CTAP2 for FIDO2.\u003C\u002Fp>\n\u003Cp>CTAP2 has more PIN-related commands, more data to send, and a standardized format called CBOR.\u003C\u002Fp>\n","implementing-fido-u2f-ctap","2018-06-05","2026-04-28T06:39:17.519Z","2026-04-28T06:39:20.071Z",{"id":418,"documentId":419,"name":420,"alternativeText":53,"caption":53,"focalPoint":53,"width":421,"height":422,"formats":423,"hash":456,"ext":58,"mime":62,"size":457,"url":458,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":459,"updatedAt":459,"publishedAt":459},573,"r4y6txei68gdyc4hnx2ilcek","blog-implementing-fido-u2f-ctap-1.png",1052,551,{"large":424,"small":432,"medium":440,"thumbnail":448},{"ext":58,"url":425,"etag":426,"hash":427,"mime":62,"name":428,"path":53,"size":429,"width":65,"height":430,"sizeInBytes":431},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0.png","268b7b9af21435858e6a6e79ef5730f7","large_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0","large_blog-implementing-fido-u2f-ctap-1.png",98.28,524,98282,{"ext":58,"url":433,"etag":434,"hash":435,"mime":62,"name":436,"path":53,"size":437,"width":74,"height":438,"sizeInBytes":439},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0.png","8842554524825a5262b2dd91b1d83106","small_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0","small_blog-implementing-fido-u2f-ctap-1.png",39.12,262,39121,{"ext":58,"url":441,"etag":442,"hash":443,"mime":62,"name":444,"path":53,"size":445,"width":83,"height":446,"sizeInBytes":447},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0.png","e838bb14a28f63e4c032e01815767095","medium_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0","medium_blog-implementing-fido-u2f-ctap-1.png",66.91,393,66913,{"ext":58,"url":449,"etag":450,"hash":451,"mime":62,"name":452,"path":53,"size":453,"width":92,"height":454,"sizeInBytes":455},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0.png","8a7fe4f9d17adb17167d81418536460d","thumbnail_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0","thumbnail_blog-implementing-fido-u2f-ctap-1.png",15.28,128,15283,"blog_implementing_fido_u2f_ctap_1_b1ce1a97e0",15.24,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_implementing_fido_u2f_ctap_1_b1ce1a97e0.png","2026-04-28T06:38:58.140Z",[],{"id":462,"documentId":463,"title":464,"content":465,"slug":466,"published":467,"createdAt":468,"updatedAt":468,"publishedAt":469,"locale":47,"authorManual":48,"cover":470,"tags":482},71,"pog3lgxkor9n0a8fu2eqi00s","Programs for Testing Security Key by Yubico (as of 2018-05-16)","\u003Cblockquote>\n\u003Cp>\u003Cstrong>Introduction\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Following the \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=M30aZ2cxElo\">RSA conference\u003C\u002Fa> at the end of April, the WebAuthn and FIDO2 community has been abuzz with excitement.\u003C\u002Fp>\n\u003Cp>There have been \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fja\u002FFirefox\u002FReleases\u002F60\">announcements of Firefox\u003C\u002Fa> supporting WebAuthn, as well as the article related to \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fweb\u002Fupdates\u002F2018\u002F05\u002Fwebauthn\">Google #IO 2018\u003C\u002Fa> which introduced WebAuthn for Chrome. Also, as mentioned in a \u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubico%E7%A4%BE%E3%81%8C%E3%80%81fido2%E5%AF%BE%E5%BF%9C%E3%81%AE%E3%83%91%E3%82%B9%E3%83%AF%E3%83%BC%E3%83%89%E3%83%AC%E3%82%B9%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%E3%82%92%E5%AE%9F%E7%8F%BE%E3%81%99%E3%82%8B%E6%96%B0%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%AD%E3%83%BC%E3%82%92%E7%99%BA%E8%A1%A8\">recent article\u003C\u002Fa>, Microsoft Windows 10 announced Azure AD login using FIDO2-enabled Security Key.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Security Key by Yubico\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_1_ecb0e89d94.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The Security Key by Yubico (Security Key) supports not only FIDO U2F but also FIDO 2.0 (CTAP2).\u003C\u002Fp>\n\u003Cp>CTAP2 is a communication protocol specification between Client (e.g., browser) and Authenticator (e.g., Security Key) established by the FIDO Alliance, and has been extended from CTAP1 of FIDO U2F to communicate in binary CBOR format, which allows PIN and Biometrics options to be inserted.\u003C\u002Fp>\n\u003Cp>In the past few days, there have been numerous releases of WebAuthn related news and sample programs, few of which will be discussed in this article.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Google Chrome Beta\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The biggest update is that Google Chrome now supports CTAP2 (development version).\u003C\u002Fp>\n\u003Cp>Chrome Beta version 67 or higher (or Dev, Canary also worked)\u003C\u002Fp>\n\u003Cp>Chrome Beta version can be downloaded from\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.google.co.jp\u002Fchrome\u002Fbrowser\u002Fbeta.html\">https:\u002F\u002Fwww.google.co.jp\u002Fchrome\u002Fbrowser\u002Fbeta.html\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_2_71d3a1b318.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>CTAP2 can be enabled by starting Chrome with the option \n\u003Cstrong>--enable-features=WebAuthenticationCtap2\u003C\u002Fstrong> to enable CTAP2.\u003C\u002Fp>\n\u003Cp>Once the Chrome Beta is successfully launched, return to this page and \u003Cstrong>press F12 to type the following into the console\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Create credentials for the RP (app) at \u003Ca href=\"http:\u002F\u002Fwww.yubion.com\">www.yubion.com\u003C\u002Fa> and the user with id &quot;abcdefghijklmnopqrstuvwxyz123456&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_3_6d5d501d55.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the Security Key by Yubico (hereafter referred to as &quot;Security Key&quot;) is inserted into the PC, the user will be asked for permission to access it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_4_f3b3f21ed7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The response from the Security Key is displayed in the console.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>WebAuthn.org\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>A trial server is available at \u003Ca href=\"https:\u002F\u002Fwebauthn.org\u002F\">webauthn.org\u003C\u002Fa>, which requires a username and registration upon accessing. In this example, it was accessed through Chrome Beta with the Security Key plugged in.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_5_0b5ed1e8bc.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_6_85a5a054a3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_7_9de565d04e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The user will be asked to access the Security Key, press Allow, and touch the Security Key for UserPresense.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_8_1d301cf249.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The key registration is complete.\u003C\u002Fp>\n\u003Cp>Follow the same procedure to verify the login process.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_9_bfac6583bc.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In webauthn.org, detailed communication data can be displayed by opening ADVANCED.\u003C\u002Fp>\n\u003Cp>A closer look reveals that the AAGUID, which was empty at the time of U2F, has a value.\u003C\u002Fp>\n\u003Cp>Here, while CTAP2 is working as the AAGUID is present, the PIN option has not yet appeared to have been implemented.\u003C\u002Fp>\n\u003Cp>This raises the question of whether, if clientPin: &quot;true&quot; in getInfo, the request sent to the device must also have a pin.\u003C\u002Fp>\n\u003Cp>CTAP2 uses Diffie-Hellman Key Exchange using SHA256 and ECDH for encryption and transmission, as explained in the section on \u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecs\u002Ffido-v2.0-ps-20170927\u002Ffido-client-to-authenticator-protocol-v2.0-ps-20170927.html#usingPinToken\">pinToken\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Yubico python-fido2\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FYubico\u002Fpython-fido2\u002F\">https:\u002F\u002Fgithub.com\u002FYubico\u002Fpython-fido2\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>CTAP2 library in python from Yubico, the distributor of Security Key.\u003C\u002Fp>\n\u003Cp>On running example\u002Fget_info.py, the following will be seen:\u003C\u002Fp>\n\u003Cp>The AAGUID matches the example in Chrome.\u003C\u002Fp>\n\u003Cp>It is recommended to take a closer look at this library to understand CTAP2, PIN settings, and Authentication using PINs.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Although CTAP2 implementations are still emerging, it is expected to be available on many platforms and browsers in the future.\u003C\u002Fp>\n\u003Cp>Please check back here for more information and updates on the latest authentication technologies, such as FIDO.\u003C\u002Fp>\n","programs-for-testing-yubico-security-key","2018-05-16","2026-04-28T06:51:19.674Z","2026-04-28T06:51:22.198Z",{"id":471,"documentId":472,"name":473,"alternativeText":53,"caption":53,"focalPoint":53,"width":151,"height":151,"formats":474,"hash":479,"ext":58,"mime":62,"size":162,"url":480,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":481,"updatedAt":481,"publishedAt":481},667,"lg1j90euybpte91xf1d04e7u","blog-programs-for-testing-yubico-security-key-1.png",{"thumbnail":475},{"ext":58,"url":476,"etag":155,"hash":477,"mime":62,"name":478,"path":53,"size":158,"width":159,"height":159,"sizeInBytes":160},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_programs_for_testing_yubico_security_key_1_ecb0e89d94.png","thumbnail_blog_programs_for_testing_yubico_security_key_1_ecb0e89d94","thumbnail_blog-programs-for-testing-yubico-security-key-1.png","blog_programs_for_testing_yubico_security_key_1_ecb0e89d94","https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_1_ecb0e89d94.png","2026-04-28T06:50:38.507Z",[],{"pagination":484},{"page":485,"pageSize":5,"pageCount":485,"total":486},3,58,1783406330400]