Change Yubikey PIN/PUK

setpin.sh

#!/bin/bash

set -e # bail on errors

# Make sure your shell history isn't saved
hsback=$HISTFILE
unset HISTFILE

echo "Enter you current PIN - leave blank if default:"
read oldpin
oldpin=${oldpin:-123456}
echo "Old PIN is: $oldpin"

echo "Enter you current PUK - leave blank if default:"
read oldpuk
oldpuk=${oldpuk:-12345678}
echo "Old PUK is: $oldpuk"

echo "Set your new Password (PIN)- It can be any alphanumeric up to 8 chars - leave blank for a random PIN:"
read newpin
newpin=${newpin:-`< /dev/urandom LC_CTYPE=C tr -dc _A-Z-a-z-0-9 | head -c8`}
echo "New PIN is: $newpin"

echo "Set your new Recovery Password (PUK)- It can be any alphanumeric up to 8 chars - leave blank for a random PUK:"
read newpuk
newpuk=${newpuk:-`< /dev/urandom LC_CTYPE=C tr -dc _A-Z-a-z-0-9 | head -c8`}
echo "New PUK is: $newpuk"

# Generate a random Administrative key
key=`< /dev/urandom LC_CTYPE=C tr -dc a-f0-9 | head -c48`
echo $key  # IMPORTANT You should SAVE this value someplace safe/secret.

# Set the key
yubico-piv-tool -a set-mgm-key -n $key

# Change the default PIN/PUK
yubico-piv-tool -k $key -a change-pin -P $oldpin -N $newpin
yubico-piv-tool -k $key -a change-puk -P $oldpuk -N $newpuk

printf "IMPORTANT You should SAVE this data someplace safe/secret\n KEY: $key\n PIN: $newpin\n puk: $newpuk\n"

# Reset shell history
HISTFILE=$hsback

Please change:

key=`< /dev/urandom LC_CTYPE=C tr -dc _A-Z-a-z-0-9 | head -c48`

to:

key=`< /dev/urandom LC_CTYPE=C tr -dc a-f0-9 | head -c48`

The management key is hex.

@davidstrauss Thanks. I've updated it.