Yubikey 2.0 Setup Dynamic configuration for Rohos Logon with static AES key

Some time ago we got  YubiKey 2.0. and YubiKey 2.0 RFID devices from Yubico. Both of them are 2.01.1 firmware versions. The newer key (on the picture is above) a bit thicker, has a special circular press area and the body is more steady.

The Yubikey is a One-Time-Password token that works via the USB keyboard interface. New generation of Yubikeys also combines 2 devices in 1 Yubikey: OTP + RFID or OTP + 1 static password generator. OTP + OATH OTP (Firmware 2.1). Also Yubikey has many changes on backed.

What’s new in Yubikey 2.0:

  • Improved security.
  • Yubikey allows to have 2 configurations. Many YubiKey users wanted to have possibility to use YubiKey as static password generator + OTP token. Here it is.
  • Beautiful and easy to use Configuration Utility.
  • Dual-device: Yubikey + RFID (Classic Mifare 1k) or OATH 6 or 8 digit code identity.
  • New Yubico validation server:
    + allows uploading custom AES keys.
    + allows revoking Yubikeys
    + Validation protocol 2.0
  • Yubikey solutions Wiki – the list of the vendors, integrators and software that work with Yubikey.

Configuration Utility

allows reprograming Yubikey Configuration #1 or  Configuration #2.

Second Configuration

YubiKey 2.0 works in the press-and-hold fashion.  First off, the presses are time based. Where in v.1 you held it down until it started printing out the characters, with v.2.0 you make short press for the first config and long press (2.5 – 5 seconds technically) to generate second config OTP. Please note Yubikey configuration #2 has a feature allowing use to update static password if you press and hold the key for 8-15 seconds.

By default, Rohos Logon Key works with v.2 as usual but one customer was sent raw YubiKeys (version 2.1.1 not being configured) . So he asked us to give a step-by-step guide on how to set up YubiKey with Rohos Logon if Yubikey is not configured with OTP.

Here you may download the Guide – Yubikey 2.0 Setup Dynamic configuration for Rohos Logon with static AES

More photos