Where is the secret key?

[djmaze]

In order to have a backup when the Yubikey is lost, I need to know the secret key for the OATH generator. Even in the README it says "Keep a backup of your OATH credentials!". I wonder where the secret key is generated / stored? There must be a way to set up a new Yubikey with the same key?

Furthermore, how does this fit in with the OATH-HOTP settings in the yubikey-personalization-tool? I realized that after installing the OATH applet, I am no longer able to update the Yubikey's slots via the tool. Has the configuration protection been activated? I am a bit puzzled.

It would be particularly interesting to use the same OATH-HOTP credentials via NFC and USB, for desktop vs. mobile usage. Is this possible? Would be great to understand how this smartcard applet approach fits within the rest of the Yubikey security architecture.

[djmaze]

Sorry, just discovered the right place to ask questions like this (-> the forum).