Skip to main content

Fireblocks Yubikey authentication

  • Updated

Important

If you use or change to Yubikey authentication for the workspace Owner, all users added to the workspace afterward will be required to use Yubikey authentication as well.

Overview

Fireblocks requires a strong method of authentication for transaction signing and authorization. The Fireblocks mobile app uses a device’s biometric sensor for authentication by default.

For customers seeking an alternative authentication method, Fireblocks allows customers the ability to authenticate using Yubikey.

This article describes the steps to setting up a Yubikey 5 NFC device for authentication on the Fireblocks mobile app. The procedure involves initializing the Yubikey device and sending a list of parameters to Fireblocks to associate the initialized device with a workspace user.

Yubikey Setup Guide

  1. Download and install the Yubikey personalization tool from the Yubikey Website.unnamed__1_.png
  2. Open the Yubikey personalization tool app, then select the Yubico OTP tab.
    unnamed__2_.png
  3. Select Advanced.
    unnamed__3_.png
  4. Select Configuration Slot 1.
    unnamed__4_.png
  5. Select Generate next to Public Identity, Private Identity, and Secret Key.unnamed__5_.png
  6. Verify your Yubikey is inserted into the computer USB slot, then select Write Configuration.
    unnamed__6_.png
  7. Save as a CSV file.
    unnamed__7_.png
  8. Encrypt the CSV file using this PGP public key and attach it to your request form.

Encrypting the CSV file with a PGP key

Warning

It is important that you DO NOT send an unencrypted file. If you need help with encryption, please let us know, or get help from your internal IT security team.

  1. Download gnupg.
    Mac/Linux:
    brew install gnupg
    OR
    sudo apt-get install gnupg
  2. Import the downloaded PGP key using the following commands:
    gpg --import armored-keys.asc
    gpg --list-keys

  3. Edit the trust value to ultimate:
    gpg --edit-key "Fireblocks Support"
    gpg> trust


    Enter 5 and y to confirm.

    (Exit the gpg editing window by typing quit and selecting Enter on your keyboard)

  4. You can verify the trust by running gpg --list-keys again.

  5. Encrypt the .csv file that you received from the Yubico Personalization Tool by running the following command:
    gpg -e -r "Fireblocks Support" [filename].csv
  6. Run the ls command to confirm a .gpg file is created.

Supported YubiKeys

We support the following YubiKeys, which you can purchase:

For iOS and Android

  • YubiKey 5C NFC
  • YubiKey 5 NFC
  • YubiKey 5C NFC FIPS
  • YubiKey 5 NFC FIPS.

For Android only

  • YubiKey 5Ci
  • YubiKey 5Ci FIPS
Was this article helpful?
4 out of 4 found this helpful

Related Articles