Important
If you use or change to Yubikey authentication for the workspace Owner, all users added to the workspace afterward will be required to use Yubikey authentication as well.
Overview
Fireblocks requires a strong method of authentication for transaction signing and authorization. The Fireblocks mobile app uses a device’s biometric sensor for authentication by default.
For customers seeking an alternative authentication method, Fireblocks allows customers the ability to authenticate using Yubikey.
This article describes the steps to setting up a Yubikey 5 NFC device for authentication on the Fireblocks mobile app. The procedure involves initializing the Yubikey device and sending a list of parameters to Fireblocks to associate the initialized device with a workspace user.
Yubikey Setup Guide
- Download and install the Yubikey personalization tool from the Yubikey Website.
- Open the Yubikey personalization tool app, then select the Yubico OTP tab.
- Select Advanced.
- Select Configuration Slot 1.
- Select Generate next to Public Identity, Private Identity, and Secret Key.
- Verify your Yubikey is inserted into the computer USB slot, then select Write Configuration.
- Save as a CSV file.
- Encrypt the CSV file using this PGP public key and attach it to your request form.
Encrypting the CSV file with a PGP key
Warning
It is important that you DO NOT send an unencrypted file. If you need help with encryption, please let us know, or get help from your internal IT security team.
- Download
gnupg
.
Mac/Linux:brew install gnupg
ORsudo apt-get install gnupg
- Import the downloaded PGP key using the following commands:
gpg --import armored-keys.asc
gpg --list-keys
- Edit the trust value to ultimate:
gpg --edit-key "Fireblocks Support"
gpg> trust
Enter 5 and y to confirm.
(Exit the gpg editing window by typing quit and selecting Enter on your keyboard) - You can verify the trust by running
gpg --list-keys
again. - Encrypt the .csv file that you received from the Yubico Personalization Tool by running the following command:
gpg -e -r "Fireblocks Support" [filename].csv
- Run the
ls
command to confirm a .gpg file is created.
Supported YubiKeys
We support the following YubiKeys, which you can purchase:
For iOS and Android
- YubiKey 5C NFC
- YubiKey 5 NFC
- YubiKey 5C NFC FIPS
- YubiKey 5 NFC FIPS.
For Android only
- YubiKey 5Ci
- YubiKey 5Ci FIPS