Don’t type WiFi passwords again: use a yubikey

(2014-07-28)

In my flat, I have a printed QR code which contains the WiFi credentials. You can scan it with your Smartphone (provided you have a barcode scanner installed) and then connect to the WiFi network.

For notebook computers, this doesn’t work so well. Sometimes they don’t have a usable camera, and even if they have one, people don’t typically have a barcode scanner installed.

Therefore, you typically end up typing in the (long) password, which is annoying. I thought there should be a better way, perhaps by faking a USB Human Interface Device (like a keyboard). Then I saw a YubiKey lying around and a couple minutes later I had my solution working :-).

YubiKey

YubiKey

The YubiKey is a small USB device (about as big as a USB memory stick) that is typically used for two-factor authentication. You may be familiar with this concept from Gmail, where you log in with a password and then provide a number generated by the Google Authenticator on your phone as a second factor. The YubiKey does this by simulating you typing in the number after you touch it.

Luckily, the device’s firmware also supports a mode where it essentially just types a static password when being touched. Unfortunately, this feature is a bit hard to use, so I wrote pw-to-yubi, a little script which translates a (WiFi) password into a command line to program your YubiKey.

$ sudo apt-get install yubikey-personalization
$ git clone https://github.com/stapelberg/pw-to-yubi.git
$ cd pw-to-yubi
$ ./pw-to-yubi.pl mywifipassword
ykpersonalize -1 -o-append-cr -o-static-ticket -oshort-ticket \
  -o-strong-pw1 -o-strong-pw2 -oman-update \
  -ofixed=h:101c1a0c090c130416161a1215070000 -ouid=000000000000 \
  -a00000000000000000000000000000000

Run the command and any further touches of the YubiKey that is currently plugged into your computer will result in the key typing your WiFi password.

pw-to-yubi in a terminal emulator