BXG Blog

Improving Private Key Security with a Yubikey: Setting CCID Mode

The first thing we need to do is make sure each Yubkikey has CCID mode enabled. This can be quickly checked with lsusb:

$ lsusb -d 1050:
Bus 003 Device 010: ID 1050:0116 Yubico.com Yubikey NEO(-N) OTP+U2F+CCID

This key already has CCID enabled. In fact, most (all) new Yubikeys already ship this way. If you have one that isn’t, you can set it correctly with ykpersonalize -m86. See this page for more information from Yubico.

And that’s it! There are a bunch of other settings we will want to change on the tokens, but they can all be set after generating keys. Next time, I’ll talk about generating the master key.