Enabling or disabling multiple NFC or USB interfaces at once using ykman config

[sunknudsen]

Is it possible to enable or disable multiple NFC or USB interfaces at once using ykman config nfc or ykman config usb?

When running ykman config usb --enable multiple times in a row, Error: No YubiKey detected! is thrown.

ykman config usb --enable OTP --force
ykman config usb --enable U2F --force
ykman config usb --enable FIDO2 --force
ykman config usb --enable OATH --force
ykman config usb --enable PIV --force
ykman config usb --enable OPENPGP --force
ykman config usb --enable HSMAUTH --force
Error: No YubiKey detected!
Error: No YubiKey detected!

I tried following and neither worked.

$ ykman config usb --enable "OTP,U2F" --force
Usage: ykman config usb [OPTIONS]
Try 'ykman config usb -h' for help.

Error: Invalid value for '-e' / '--enable': invalid choice: OTP,U2F. (choose from OTP, U2F, FIDO2, OATH, PIV, OPENPGP, HSMAUTH)
$ ykman config usb --enable "OTP U2F" --force
Usage: ykman config usb [OPTIONS]
Try 'ykman config usb -h' for help.

Error: Invalid value for '-e' / '--enable': invalid choice: OTP U2F. (choose from OTP, U2F, FIDO2, OATH, PIV, OPENPGP, HSMAUTH)

“Feature” would be amazing to increase speed of scripted YubiKey provisioning given sleep has to be used otherwise (unless I am missing something).

$ for interface in OTP U2F; do ykman config usb --enable $interface --force; sleep 1; done

[dainnilsson]

The reason repeated invocations to config may fail is that it requires the YubiKey to reboot, which in turn causes the OS to have to re-enumerate the device, and sometimes takes a while.

You can repeat the -e/--enable option, as well as combine it with -d/--disable (which can also be repeated), so you can do things like ykman config usb --enable otp --enable u2f or ykman config usb -d otp -e u2f -e fido2 -d piv.

[sunknudsen]

@dainnilsson I didn’t know we could repeat --enable and --disable arguments and mix them. Thanks for sharing! Amazing!

[sunknudsen]

Curious, would it be possible to have ykman optionally wait for YubiKey reboot before terminating (perhaps using --wait argument).

This would be helpful when using both ykman config nfc and ykman config usb commands one after the other.

[dainnilsson]

We've just released ykman CLI 4.0.7 which should handle this better. I don't think you should have any problems invoking those commands back to back in this version.

[sunknudsen]

Thanks for heads-up @dainnilsson!

[sunknudsen]

@dainnilsson Release has not been published to https://developers.yubico.com/yubikey-manager-qt/Releases/ right?

[dainnilsson]

That's correct. The update is to the yubikey-manager project (CLI), not this one (GUI). Unfortunately I don't think we'll have a new release of the GUI until late October.