Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Yubikey Neo
key=`dd if=/dev/random bs=1 count=24 2>/dev/null | hexdump -v -e '/1 "%02X"'`
echo $key
yubico-piv-tool -a set-mgm-key -n $key
$i=0
Do
{
$rnd=get-random -Minimum 0 -Maximum 255
$result=$result+"{0:X2}" -f $rnd
$i=$i+1
}
Until($i -eq 24)
Write-Host "Management Key:" $result
yubico-piv-tool -a verify-pin -P 4711
yubico-piv-tool -a verify-pin -P 4711
yubico-piv-tool -a verify-pin -P 4711
yubico-piv-tool -a verify-pin -P 4711
yubico-piv-tool -a change-puk -P 4711 -N 67567
yubico-piv-tool -a change-puk -P 4711 -N 67567
yubico-piv-tool -a change-puk -P 4711 -N 67567
yubico-piv-tool -a change-puk -P 4711 -N 67567
yubico-piv-tool -a reset
#===================================================================================================
# Generate the Management Key:
$i=0
Do
{
$rnd=get-random -Minimum 0 -Maximum 255
$MgmtKey=$MgmtKey+"{0:X2}" -f $rnd
$i=$i+1
}
Until($i -eq 24)
Write-Host "Management Key:" $MgmtKey
#===================================================================================================
# Setup some Variables:
$PIN=98765432
$PUK=23894832
$Template="CertificateTemplate:My_Smartcard_Logon" # SmartCard Logon Template name from your CA
$DN="/CN=MyAccount/OU=myOU/DC=blah/DC=ac/DC=uk/" # ADDN of the user requesting the certificate
$Path="C:\<SomePath>\yubico-piv-tool-1.2.2-win64\bin"
#===================================================================================================
# Initialise the Yubikey:
Invoke-Expression -Command "$path\yubico-piv-tool.exe -a set-mgm-key -n $MgmtKey"
Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -a change-pin -P 123456 -N $PIN"
Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -a change-puk -P 12345678 -N $PUK"
Invoke-Expression -Command "$path\yubico-piv-tool.exe -a verify-pin -P $PIN"
#===================================================================================================
# Generate, request and install the SmartCard Certificate:
Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -s 9a -a generate -o $Path\public.pem"
Invoke-Expression -Command "$path\yubico-piv-tool.exe -a verify-pin -P $PIN -s 9a -a request-certificate -S $DN -i $Path\public.pem -o $Path\request.csr"
Invoke-Expression -Command "certreq -config '<FQDN of CA Server>\<Name Of Certification Authority>' -submit -attrib $Template $Path\request.csr $Path\cert.crt"
Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -s 9a -a import-certificate -i $Path\cert.crt"
Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -a set-chuid"
#===================================================================================================
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.