I came across some YubiKeys the other day and wanted to restore them to (nearly) factory default settings and erase any data that might have been added over the years. Newer YubiKeys support a ykman command that will reset all the applets at once, but older YubiKeys need to be reset one applet at a time. So let's get started. The first thing we need to do is reset the OATH settings:
Reset OATH Settings:
ykman oath reset -f
The next thing we need to do is reset OpenPGP:
Reset OpenPGP settings:
ykman openpgp reset -f
Then let's reset the two OTP slots:
Reset OTP Slot 1 and 2:
ykman otp delete 1 -f
ykman otp delete 2 -f
Now we can reset the PIV/Smartcard applet:
Reset PIV settings:
ykman piv reset -f
We can't forget about FIDO/WebAuthn/Resident Passkeys:
Reset FIDO settings:
ykman fido reset
Let's make sure that all the applets are enabled on the YubiKey's USB interface:
Enable all applets on USB:
ykman config usb -fa
Last step: clear the configuration lock code:
Clear the YubiKey's config lock code:
ykman config set-lock-code -c -f
After running these commands, you should have a YubiKey that is minty fresh and ready to be re-used.