This guide describes how to configure your YubiKeys to protect your Password Safe database with Challenge-Response based on HMAC-SHA1.
Configuring Your YubiKey For Password Safe
- Install the YubiKey Personalization Tool if you have not already done so.
- Start the YubiKey Personalization Tool.
- Click Settings.
- Ensure that Button at startup and API call are checked. All remaining default settings are acceptable. Click Save to save the settings.
- Click Challenge-Response then click HMAC-SHA1.
- Select the configuration slot that you want to program. This guide assumes that you want to use the second configuration slot, which is empty by default.
- Check Require user input and Variable input. NOTE: If you are using the same YubiKey for Windows login, do not select Require user input.
- Click Generate to generate your secret key. Copy this key and keep it in a secure location.
- Click Write Configuration. A screenshot of the expected result is shown below.
- If you want to make a backup YubiKey (we recommend that you always make a backup of your YubiKey whenever you can), insert another YubiKey and repeat steps 5 to 8 with the same Secret Key (instead of generating a new one, copy and paste it from your backup).
Installing & Configuring Password Safe for YubiKey
- Install Password Safe if you have not already done so. Run Password Safe.
- If you do not have an existing database, click New Database and follow the instructions on the screen.
- In the setup window, enter your combination (passcode) in the Safe Combination and Verify fields, click YubiKey, and then touch the button on your YubiKey.
- If you already have an existing database and want to enable YubiKey protection for it, open your database in Password Safe and click Manage then Change Safe Combination.
- Input your existing passcode in the Old Safe Combination and your desired passcode in the New Safe Combination and Confirmation fields.
- Click the lower Yubikey button next to New Safe Combination and touch the button on your YubiKey. Click OK.
- Congratulations, you’ve successfully configured your YubiKeys to protect your Password Safe database with HMAC-SHA1! To test your YubiKey, lock your database and attempt to regain access to it. At the log in screen, enter in your passcode and then click YubiKey and touch the button on your YubiKey.
- If you are able to gain access to your database, then everything has been configured correctly. There is no way to regain access to your data if you lose your YubiKey, so a backup is highly recommended.