.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH YKNEOMGR "1" "July 2016" "ykneomgr 0.1.8" "User Commands" .SH NAME ykneomgr \- YubiKey NEO management tool .SH SYNOPSIS .B ykneomgr [\fI\,OPTIONS\/\fR]... .SH DESCRIPTION ykneomgr 0.1.8 .PP YubiKey NEO management tool. .TP \fB\-h\fR, \fB\-\-help\fR Print help and exit .TP \fB\-V\fR, \fB\-\-version\fR Print version and exit .TP \fB\-m\fR, \fB\-\-get\-mode\fR Output mode of YubiKey NEO (default=off) .TP \fB\-w\fR, \fB\-\-get\-version\fR Output firmware version for YubiKey NEO (default=off) .TP \fB\-s\fR, \fB\-\-get\-serialno\fR Output serial number (default=off) .TP \fB\-l\fR, \fB\-\-list\-readers\fR List all connected PCSC devices (default=off) .TP \fB\-a\fR, \fB\-\-applet\-list\fR List applets on device (default=off) .TP \fB\-D\fR, \fB\-\-applet\-delete\fR=\fI\,STRING\/\fR Delete given applet AID from device .TP \fB\-i\fR, \fB\-\-applet\-install\fR=\fI\,FILE\/\fR Install applets on device from CAP file .TP \fB\-M\fR, \fB\-\-set\-mode\fR=\fI\,STRING\/\fR Set the USB operation mode of the YubiKey NEO. The possible MODE arguments are: 0 for HID device only, 1 for CCID device only, 81 for CCID device with touch eject, 2 for HID/CCID composite device, 3 for U2F device only, 4 for OTP/U2F composite device, 5 for U2F/CCID composite device, 6 for OTP/U2F/CCID composite device. .TP \fB\-S\fR, \fB\-\-send\-apdu\fR=\fI\,STRING\/\fR Send an arbitrary APDU to the device .TP \fB\-r\fR, \fB\-\-reader\fR=\fI\,STRING\/\fR Use only a matching card reader .TP \fB\-d\fR, \fB\-\-debug\fR Print debug information to standard error (default=off) .SH TROBLESHOOTING Debug messages are printed if you pass the \-\-debug parameter, which can be useful for debugging or deeper analysis. The error "No device found" can be because a number of reasons. The simplest, of course, is that the device really is not connected to the machine (USB or NFC). Another reason may be that it is in a mode where "ykneomgr" cannot talk to it. This can happen if the device is in OTP\(hyonly mode (mode 0), where you must use the "ykpersonalize" tool to mode switch it from the OTP\(hyonly mode. It can also happen if the device is in a MODE_FLAG_EJECT mode (i.e., 81 or 82). If that is the case, you must touch the button in order to "insert" the virtual smartcard before you can invoke "ykneomgr". .SH EXAMPLES To display the firmware version of a connected YubiKey NEO you use the \-\-get-version or \-w parameter. Typical output would be the string "3.0.4". ykneomgr \-\-get-version To display the serial number you would use the \-\-get\-serialno or \-s parameter. ykneomgr \-\-get\-serialno To display the device mode you use the \-\-get\-mode or \-m parameter. ykneomgr \-\-get\-mode The possible modes are 0 for HID device only, 1 for CCID device only, 2 for HID/CCID composite device. For the CCID modes (i.e., 1 and 2), you can add 80 to enable MODE_FLAG_EJECT which means that touching the YubiKey button will trigger eject/insert of the smartcard. That is, 81 means CCID device only with touch eject/insert, and 82 means HID/CCID composite device with touch eject/insert. To mode switch the NEO into OTP\(hyonly mode, you use the \-\-set\-mode or \-M parameter with mode 0. Note that you have to eject the YubiKey NEO and re\(hyinsert it before it changes mode. ykneomgr \-\-set\-mode 0 To mode switch the NEO into CCID\(hyonly mode, you use the \-\-set\-mode or \-M parameter with mode 1. Note that you have to eject the YubiKey NEO and re\(hyinsert it before it changes mode. ykneomgr \-\-set\-mode 1 To mode switch the NEO into hybrid OTP/CCID composite mode, you use the \-\-set\-mode or \-M parameter with mode 2. Note that you have to eject the YubiKey NEO and re\(hyinsert it before it changes mode. ykneomgr \-\-set\-mode 2 To mode switch the NEO into CCID\(hyonly mode, with the touch button acting as eject/insert of the card, you use the \-\-set\-mode or \-M parameter with mode 81. Note that you have to eject the YubiKey NEO and re\(hyinsert it before it changes mode. ykneomgr \-\-set\-mode 81 To mode switch the NEO into hybrid OTP/CCID composite mode, with the touch button acting as eject/insert of the card, you use the \-\-set\-mode or \-M parameter with mode 82. Note that you have to eject the YubiKey NEO and re\(hyinsert it before it changes mode. ykneomgr \-\-set\-mode 82 To list the connected readers you use the \-\-list\-readers or \-l parameter. ykneomgr \-\-list\-readers To list the available applets on the device you use the \-\-applet\-list or \-a parameter. The output is a list of AIDs identifying applets. For example, d27600012401 means the OpenPGP applet. ykneomgr \-\-applet\-list To delete an applet you use the \-\-applet\-delete or \-D parameter, giving it the applet AID as an parameter. Note that deleting an applet may take a second or two to complete. Warning! Deleting an applet will destroy all storage associated with that applet, including any private keys or other credentials. ykneomgr \-\-applet\-delete d27600012401 To install a CAP file as an applet you use the \-\-applet\-install or \-i parameter, giving it the filename of the CAP file applet as a parameter. Note that loading can take several seconds, for typical CAP file sizes it takes around 5 seconds. ykneomgr \-\-applet\-install path/to/applet.cap To work with multiple card readers use the \-\-reader or \-r parameter, giving it a substring of the card reader name to use. Consider a system which has three card readers, one YubiKey NEO in CCID mode, one YubiKey NEO in OTP+CCID mode, and one Gemalto GemPC Express reader. Running ykneomgr \-l results in the following output: 0: Gemalto GemPC Express 00 00 1: Yubico Yubikey NEO CCID 01 00 2: Yubico Yubikey NEO OTP+CCID 02 00 To use the second NEO, you could use \-r OTP+CCID as follows: ykneomgr \-\-reader OTP+CCID \-\-applet\-list To use the first NEO, you could match on the trailing digits which is the device number. For example: ykneomgr \-\-reader 01 \-\-applet\-list .SH "REPORTING BUGS" Report bugs at .