ykman.fido

Attributes

`U2F_VENDOR_FIRST`
`INS_FIPS_VERIFY_PIN`
`INS_FIPS_SET_PIN`
`INS_FIPS_RESET`
`INS_FIPS_VERIFY_FIPS_MODE`

Functions

`is_in_fips_mode`(fido_connection)	Check if a YubiKey 4 FIPS is in FIPS approved mode.
`fips_change_pin`(fido_connection, old_pin, new_pin)	Change the PIN on a YubiKey 4 FIPS.
`fips_verify_pin`(fido_connection, pin)	Unlock the YubiKey 4 FIPS U2F module for credential creation.
`fips_reset`(fido_connection)	Reset the FIDO module of a YubiKey 4 FIPS.

Module Contents

ykman.fido.U2F_VENDOR_FIRST = 64

ykman.fido.INS_FIPS_VERIFY_PIN = 67

ykman.fido.INS_FIPS_SET_PIN = 68

ykman.fido.INS_FIPS_RESET = 69

ykman.fido.INS_FIPS_VERIFY_FIPS_MODE = 70

ykman.fido.is_in_fips_mode(fido_connection)[source]

Check if a YubiKey 4 FIPS is in FIPS approved mode.

Parameters:: fido_connection (yubikit.core.fido.FidoConnection) – A FIDO connection.
Return type:: bool

ykman.fido.fips_change_pin(fido_connection, old_pin, new_pin)[source]

Change the PIN on a YubiKey 4 FIPS.

If no PIN is set, pass None or an empty string as old_pin.

Parameters:

fido_connection (yubikit.core.fido.FidoConnection) – A FIDO connection.
old_pin (Optional[str]) – The old PIN.
new_pin (str) – The new PIN.

ykman.fido.fips_verify_pin(fido_connection, pin)[source]

Unlock the YubiKey 4 FIPS U2F module for credential creation.

Parameters:

fido_connection (yubikit.core.fido.FidoConnection) – A FIDO connection.
pin (str) – The FIDO PIN.

ykman.fido.fips_reset(fido_connection)[source]

Reset the FIDO module of a YubiKey 4 FIPS.

Note: This action is only permitted immediately after YubiKey power-up. It also requires the user to touch the flashing button on the YubiKey, and will halt until that happens, or the command times out.

Parameters:: fido_connection (yubikit.core.fido.FidoConnection) – A FIDO connection.