Note: Register now for Alexa Live, Amazon’s annual Alexa developer conference on July 20, 2022.
The following frequently asked questions (FAQ) answer common questions about YubiKeys, within the context of using them to provision your Alexa Connect Kit (ACK) based devices.
- What are YubiKeys?
- YubiKey is the certifying authority that issues product certificates for your devices on your manufacturing line. Amazon infrastructure trusts these because the certificate chain originates from Amazon. You can view the certificate chain included on your YubiKeys by running the following command:
yubico-piv-tool --action status.
- Why should I test my YubiKeys before manufacturing with them?
- A misconfigured YubiKey can't provision devices, which can cause problems during the manufacturing process. By testing your YubiKeys before you start manufacturing, you can prevent this from occurring.
- Is there a limit to the number of YubiKeys I can program?
- By default, you can program up to 20 device attestation certificates. Reprogramming an existing YubiKey adds one certificate count towards your total.
- Can I increase the number of YubiKeys I can program?
- To increase your YubiKey limit, contact your ACK representative.
- How do I know how many certificates I have created?
- Log-in to the Frustration-Free Setup (FFS) developer console using the developer account that you created your ACK product with.
- What happens if I try to reprogram an existing YubiKey?
- Any devices that you provisioned with a YubiKey still function. However, existing certificates are deleted and you can't create new devices with them.
- What if I use an incorrect PIN file when programming a YubiKey?
- If you enter more than three incorrect PIN attempts, your YubiKey automatically locks. You can unlock your YubiKey using the stored PUK that you generated when you programmed it. You can also use the YubiKey manager to unblock a YubiKey with the unblock pin command.
- My YubiKey is blocked and I lost the associated PUK, how can I unlock it?
- You can reprogram the YubiKey with a new certificate. Reprogramming an existing YubiKey adds one certificate count towards your total.