klali
commented
4 years ago The reason for this is that the default flags set by the ykpersonalize utility is very small. If you add -oserial-api-visible to your commandline reading the serial should work.
When using ykpersonalize on OS X 10.15.1 the YubiKey appears to become corrected after programming. The OTP generation on key touch continues to work and reflects the new programmed values. However, a subsequent ykinfo or read using the Yubikey Manager application results in the serial number not being able to be read.
Performing an operation such as the following:
ykpersonalize -1 -ofixed=ccccccgfnfhr -ouid=000000002731 -a7a318bcbe21750fae89019690e2f0626The above command will correctly update the p[ublic and private ID values and the OTP will be correctly generated upon touch of the key. However, a subsequent call to "ykinfo -a" will result in the error "Yubikey core error: timeout". Reading the key using the GUI YubiKey manager will also result in the serial number no longer being displayed on the home tab.
If one then re-programs the key with the same values above, but using the YubiKey Manager GUI (rather than ykpersonalize)... the serial number will then be displayed by YubiKey GUI and "ykinfo -a" begins to work again.
It should be noted that while using ykpersonalize causes "ykinfo -a" to error out, other usage of "ykinfo" continues to work. Calling "ykinfo" with any parameter (other than -s or -m) will output correct values. Calling "ykinfo" with -s or -m (after using ykpersonalize) will result in the timeout error until the key is reprogrammed using the YubiKey Manager GUI.
It would appear that something is corrupting the serial number access during the programming operation...however, serial number access is restored with the Slot 1 key configuration is cleared or replaced using the GUI.