From a8fa21279dfc8dc5d2d75a051f5514c5a8187b2c Mon Sep 17 00:00:00 2001 From: w4tsn Date: Mar 11 2023 09:03:12 +0000 Subject: pages/yubikey: add a warning about resetting slot1 --- diff --git a/modules/ROOT/pages/using-yubikeys.adoc b/modules/ROOT/pages/using-yubikeys.adoc index 066c339..322f9e4 100644 --- a/modules/ROOT/pages/using-yubikeys.adoc +++ b/modules/ROOT/pages/using-yubikeys.adoc @@ -214,6 +214,11 @@ This writes a static key to the YubiKey based on the 32-byte AES key specified w === Writing a new AES key to the first slot of the key +[CAUTION] +==== +Slot 1 is special as it contains a factory credential already uploaded to YubiCloud. Deleting and recreating a Yubico OTP secret and uploading it to YubiCloud yourself will put a special mark on it which has consequences: service providers might not trust such a key and Yubico might delete those secrets at anytime for practically any reason. +==== + If we want to write a new configuration to the first slot of the key, we need to specify some more options. If you want to be able to upload you key to Yubico, in order to authenticate against their servers, remember what the values are that you use below. You will need them later on. [source, bash]