Resetting the Smart Card (PIV) Application on Your YubiKey


This article describes the two options for resetting the smart card (PIV) application on your YubiKey. Warning: This will clear all of the smart card data and reset the application to the factory defaults, including any certificates you have loaded. This does not impact any of the other applications on the YubiKey.

Option 1 - Using Yubico Authenticator

  1. Download and install Yubico Authenticator.
  2. Open Yubico Authenticator
  3. Open the kebab menu (triple dot) at the top right of the application.
  4. Select: Factory reset
  5. Click: PIV
  6. Click: Reset

 

Option 2 - Using YubiKey Manager CLI

  1. Download and install YubiKey Manager.
  2. Open Command Prompt as Administrator (Windows) or Terminal (Mac / Linux).
  3. Run: ykman piv reset
  4. When prompted, press Y and then Enter to confirm the reset.

Note: If you receive an error about not being able to find the program ykman, you will need to use cd to navigate to the folder it is in before running the ykman command. For example, on Windows you would run:

 cd "C:\Program Files\Yubico\YubiKey Manager"

 

Option 3 - Using YubiKey Manager GUI

  1. Download and install YubiKey Manager.
  2. Open YubiKey Manager
  3. Click: Applications
  4. Choose: PIV
  5. Select: Reset PIV
  6. When prompted, Click Yes to confirm the reset.

 

Option 4 - Using Yubico PIV Tool

  1. Download Yubico PIV Tool.
  2. Extract the Yubico PIV Tool
  3. Open Command Prompt as Administrator (Windows) or Terminal (Mac / Linux).
  4. Change directory to the Yubico PIV Tool bin directory
  5. Run the following series of commands:

yubico-piv-tool -averify-pin -P471112
yubico-piv-tool -averify-pin -P471112
yubico-piv-tool -averify-pin -P471112
yubico-piv-tool -averify-pin -P471112
yubico-piv-tool -achange-puk -P471112 -N6756789
yubico-piv-tool -achange-puk -P471112 -N6756789
yubico-piv-tool -achange-puk -P471112 -N6756789
yubico-piv-tool -achange-puk -P471112 -N6756789
yubico-piv-tool -areset
yubico-piv-tool -aset-chuid
yubico-piv-tool -aset-ccc

Notes:

  • Default PIN code: 123456
  • Default PUK code: 12345678
  • Default AES management key (slot 9B) in YubiKey 5 Series firmware 5.7+: 10203040506070801020304050607080102030405060708
  • Default 3DES management key (slot 9B) in YubiKey 5 Series firmware prior to 5.7: 10203040506070801020304050607080102030405060708
  • If you receive an error about not being able to find the program yubico-piv-tool, you will need to use cd to navigate to the folder it is in before running the yubico-piv-tool command. For example, on Windows you would run:
    cd "C:\Program Files\Yubico\YubiKey PIV Tool"