Yubico
Store
YubicoIndividualsHow To Guides
Resetting the OpenPGP Applet on the YubiKey
Michael
Reading time 3 min(s)
Created May 11, 2020 - Updated 3 months ago
Compatible devices
YubiKey 5 FIPS Series
YubiKey Bio Series
Security Key Series
YubiKey 5 Series
YubiKey FIPS (4 Series)
YubiHSM Series
Legacy Devices
YubiKey 4 Series

This article covers the two options for resetting the OpenPGP applet on your YubiKey. 

Warning: This will permanently delete any PGP keys you have on the YubiKey.

Option 1 - Reset Using YubiKey Manager
  1. Download and install YubiKey Manager.
  2. Insert the YubiKey into a USB port.
  3. Open Command Prompt (Windows) or Terminal (Mac / Linux).
  4. Type ykman openpgp reset and press Enter.
  5. When prompted, press Y and then Enter to confirm the reset.
Note: If you receive an error about not being able to find the program ykman, you will need to use cd to navigate to the folder it is in before running the ykman command.
Option 2 - Manual Reset Using GPG 
Insert the YubiKey into a USB port.
Open Command Prompt (Windows Users) or Terminal (Mac / Linux).
To check the PIN/Admin PIN reset status, enter the GPG command: gpg --card-status. If you receive the response "gpg --card-status" fails, terminate gpg-agent and gpg-connect-agent processes, then try again, or you can reboot.
Run gpg-connect-agent --hex
If PIN retry counter from step 2 is greater than 0, enter the command: scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
Repeat the above command until one of the following occurs:
If Admin PIN retry counter is greater than 0, enter the GPG command: scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
Repeat the above command until one of the following occurs:
To terminate card, run the GPG command: scd apdu 00 e6 00 00 You should see "D[0000]  90 00" (if already terminated, you should receive "D[0000]  69 85").
To reactive card, run the GPG command: scd apdu 00 44 00 00 You should see "D[0000]  90 00" (if card hasn't been terminated, you should receive "D[0000]  69 85").
Close or exit the command prompt or terminal window, and then remove and re-inser the YubiKey device.
Terminate gpg-agent and gpg-connect-agent processes (or restart), then run the GPG command: gpg --card-status 
Confirm the PIN Retry counter is as follows:
Was this article helpful?
6 out of 17 found this helpful

Send us feedback on this article
Prev
Next
Can't find what you are looking for?
Contact Customer Support
Find
Product finder quiz
Set up
Find set-up guides
Buy
Buy online
Why Yubico
Products
Solutions
Resources
Company
Support
Yubico © 2021. All Rights Reserved.
Sitemap
Cookies
Legal
Privacy
Terms of use
Trust