search

Yubico / yubikey-personalization-gui

YubiKey Personalization GUI
https://developers.yubico.com/yubikey-personalization-gui
BSD 2-Clause "Simplified" License
198 stars 38 forks source link

Cannot disable configuration protection #55

Open minisu opened 9 years ago

minisu commented 9 years ago

Steps to reproduce: Configure a YubiKey NEO to set a static password (or challenge-response) and disable protection.

Expected result: The static password would be set and the YubiKey would become unprotected.

Actual result: The static password is set but the device remains protected.

Access code: 00 00 00 00 00 00 Firmware version: 3.1.2 YubiKey Personalization GUI version: 3.1.16

Apparently, @jeanpaulgalea had similar issues.

afwlehmann commented 9 years ago

Same issue for me with the NEO, application version 3.1.23 and library 1.17.2. The firmware version of the device is 3.4.3.

I'd really like to see this solved since the only way to send the configuration for Yubico OTP to Yubico seems to be via the Quick configuration dialog which assumes an unprotected device.

EDIT: I just realized that the upload can be performed directly via the web interface as long as this issue won't be fixed.

phoerious commented 9 years ago

I can confirm this, but I think it is a GUI-issue on Linux. As far as I can tell disabling the access code means setting it to 0x000000000000. The GUI does that and when you use the CLI (ykpersonalize) you can actually program the key without specifying an explicit access key. However, when overwriting an existing configuration, the GUI somehow thinks that 0x0 is a valid access code and fails. A workaround is to use the advanced mode and select "Yubikey(s) protected - Keep it that way" or "Yubikey(s) protected - Disable protection" (both do exactly the same in that case) and leave the current access code at 0.

Unfortunately, the "Quick" tool is not that smart which makes it impossible to program a YubiKey that way.

This seems to be a Linux-only issue. On Windows the GUI works as expected and treats 0x0 as "no access key".

ElijahLynn commented 6 years ago

On Ubuntu 14.04 with Yubikey Nano, firmware 3.3.7. Was attempting to program slot 2 HOTP and received the error, "YubiKey could not be configured. Perhaps protected with configuration protection access code?". Tried suggestion above by @phoerious, "protected, keep it that way" with current access code of all zeros and it worked and successfully configured slot 2.

lord-aerion commented 5 years ago

I just encountered this issue on Arch Linux with two YubiKey NEO, firmware 3.3.6 and 3.4.6, using YubiKey Personalization v1.19.0 and GUI v3.1.25.

The workaround suggested by @phoerious allowed me to program my keys.

Are there any plans to fix this issue, first reported 3 1/2 years ago?