Signata 0.9.8 Released, and learning about how we add YubiKeys

The latest version of the Signata Beta is now available, with the download links updated on the website. Check it out!

We've made a stack of improvements to the desktop application to address some bugs that appeared, as well as to simplify how we add your YubiKeys to our service.

The main update though is how we add your devices. We've simplified the old 6(!) step workflow now into just two steps - select which device you want, and provide your Recovery Passphrase and PIN to add it:

The latest and greatest Add Device page

What happens when you click Add Device though? A whole bunch of stuff:

  1. We check if your Recovery Passphrase is correct (we don't want to get that wrong!).
  2. We check if you have an Encryption Certificate already on your account, and create a new one if you don't.
  3. We generate a new random Management Key and a new random PIN Unlock Code (PUK) for the YubiKey.
  4. We reset the YubiKey smart card applet back to factory settings, and then set the Management Key, PUK, your own PIN, and then finally inject the Encryption Key into it.

That's a whole bunch of stuff that goes on behind the scenes, so it can take about 30 seconds to a minute to run. Please be patient and don't remove your device while it's loading!

All of these encryption keys, management keys, PUKs, and User PIN are never actually known to us - your Recovery Passphrase encrypts the backups of those that we store, and we never know your Recovery Passphrase either.

And finally, if anything goes wrong you can click the Reset Device button on the right, and your YubiKey will be reverted to factory settings so you can try adding it again. If you're using your YubiKey for FIDO U2F authentication, or the OTP part of it, don't worry: we don't actually touch those parts of your YubiKey, we just modify the smart card (CCID) part of it.

If you have a YubiKey, get Signata - while we're still in Beta you can try the service for free for a whole 6 months (coupon BETA100). If you use the Beta don't worry - the full release won't be drastically different and make your addresses or YubiKeys useless, it'll just have less bugs.

Timothy Quinn

Timothy Quinn

Managing Director of Congruent Labs