YubiKey-Guide - Guide to using YubiKey as a SmartCard for GPG and SSH

This is a guide to using YubiKey as a SmartCard for storing GPG encryption and signing keys. An authentication key can also be created for SSH and used with gpg-agent.

keepassxc - KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”

•    C++

KeePassXC is a cross-platform community fork of KeePassX. Our goal is to extend and improve it with new features and bugfixes to provide a feature-rich, fully cross-platform and modern open-source password manager. The KeePassXC QuickStart gets you started using KeePassXC on your Windows, Mac, or Linux computer using pre-compiled binaries from the downloads page.

teleport - Privileged access management for elastic infrastructure.

•    Go

Teleport is built on top of the high-quality Golang SSH implementation and it is fully compatible with OpenSSH and can be used with sshd servers and ssh clients. Download the latest binary release, unpack the .tar.gz and run sudo ./install. This will copy Teleport binaries into /usr/local/bin.

yubiswitch - OSX status bar application to enable/disable Yubikey Nano

•    Objective-C

yubiswitch is an OSX status bar application to enable/disable a Yubikey Nano or Neo from Yubico. Yubico is the producer of the Yubikeys: an hardware authentication device, designed to provide an easy to use and secure compliment to the traditional username and password.

pam-u2f - Pluggable Authentication Module (PAM) for U2F

•    C

This module implements PAM over U2F, providing an easy way to integrate the YubiKey (or other U2F compliant authenticators) into your existing infrastructure.This project uses autoconf, automake, pkg-config and libtool to achieve portability and ease of use. If you downloaded a tarball, build it as follows.

yubico-piv-tool - Command line tool for the YubiKey PIV application

•    C

The Yubico PIV tool is used for interacting with the Privilege and Identification Card (PIV) application on a YubiKey.With it you may generate keys on the device, importing keys and certificates, and create certificate requests, and other operations. A shared library and a command-line tool is included.

yubikey-manager - Python library and command line tool for configuring any YubiKey over all USB transports

•    Python

Python library and command line tool for configuring a YubiKey. If you’re looking for the full graphical application, which also includes the command line tool, it’s here.In order for the pip package to work libu2f-host, ykpers and libusb need to be installed on your system as well.

yubikey-manager-qt - Cross-platform application for configuring any YubiKey over all USB transports.

•    QML

Cross-platform application for configuring any YubiKey over all USB transports.This application provides an easy way to perform the most common configuration tasks on a YubiKey.

yubikey-piv-manager - Tool for configuring your PIV-enabled YubiKey

•    Python

Graphical application for configuring a PIV-enabled YubiKey.The recommended way to install this software including dependencies is by using the provided precompiled binaries for your platform. For Windows and OS X (10.7 and above), there are installers available for download here. For Ubuntu we have a custom PPA with a package for it here.

yubioath-android - Yubico Authenticator for Android

•    Kotlin

This app is hosted on Google Play as Yubico Authenticator.It is also available from F-Droid.

yubioath-desktop - Yubico Authenticator for Desktop (Windows, macOS and Linux)

•    QML

Cross-platform application for generating Open Authentication (OATH) time-based TOTP and event-based HOTP one-time password codes, with the help of a YubiKey that protects the shared secrets.Keep your OATH secrets safe by storing them on a YubiKey and generate the codes with this application.

yubikeylockd - Simple daemon for locking and unlocking macOS with Yubikey

•    C

Simple daemon for locking and unlocking macOS with Yubikey. When you attach Yubikey for the first time launchctl will run yubikeylockd daemon that will simply monitor the state of the Yubikey USB devices. Daemon based on the sample provided by Apple for IOKit development.

go-ykpiv - Golang interface to manage Yubikeys, including a crypto

•    Go

go-ykpiv is a high level cgo wrapper around libykpiv.so.1 that implements an idiomatic go API fit for use when applications need to communicate with a Yubikey in PIV mode. PIV Cards are cards defined by FIPS 201, a Federal US Government standard defining the ID cards employees use. At its core, it's a set of x509 Certificates and corresponding private keys in a configuration that is standardized across implementations.

yub - Yubico/Yubikey Client API Library for Node.js

•    Javascript

A Yubikey is a USB device manufactured by Yubico that appears to your computer as a USB keyboard. This sequence of characters can be sent to Yubico's web service which will verify whether the string is valid or not. Your Yubikey can be used for a variety of authentication tasks. This library is designed to allow simple integration with the Yubico web service so that you can interpret your Yubikey's one-time-password in your own Node.js scripts. e.g.

nginx-sso - SSO authentication provider for the auth_request nginx module

•    Go

This program is intended to be used within the ngx_http_auth_request_module of nginx to provide a single-sign-on for a domain using one central authentication directory. The configuration is mainly done using a YAML configuration file. Some options are configurable through command line flags and can be looked up using --help flag.

clarion - Web-based FIDO U2F helper for CLI operations (e.g. SSH Log in)

•    Ruby

Clarion is a web-based frontend to allow remote,non-browser operations (CLI) to perform 2FA on their users. Any software/scripts want to perform 2FA (app) creates a request on Clarion. Then app requests user to visit a request specific path on Clarion. Clarion then performs 2FA on behalf of app, and finally returns an authentication result to app.

roundcube-yubikey-plugin - A plugin to use Yubico's Yubikey 2nd factor with Roundcube webmail

•    PHP

Use Yubico's YubiKey to authentication to Roundcube webmail. The Yubikey is a USB key emulating a generic keyboard and make use of One-time Passwords to provide two factor authentication.

yubikey - PHP library to interface with the Yubikey REST API

•    PHP

This library lets you easily interface with the Yubico REST API for validating the codes created by the Yubikey. Remember, this will overwrite the current hosts in the class, so be sure you don't still need those. If you just want to add another host, look at the addHost method.

node-yubico - Node library for validating Yubikey One Time Passwords (OTPs) based on the validation protocol version 2

•    Javascript

Node library for validating Yubico One Time Passwords (OTPs) based on the validation protocol version 2.0. Create a new instance of the Yubico object and call verify() or verify_multi() method.

yubikey - How to use Yubikey for gpg, git, ssh, Docker Content Trust, VMware Fusion, and more

•    Shell

GPG is useful for authenticating yourself over SSH and / or GPG-signing your git commits / tags. However, without hardware like the Yubikey, you would typically keep your GPG private subkeys in "plain view" on your machine, even if encrypted. That is, attackers who personally target [1, 2, 3, 4] you can compromise your machine can exfiltrate your (encrypted) private key, and your passphrase, in order to pretend to be you. About 2-3 hours. Automated GPG setup with Yubikey should now take a few minutes.