Introduction

The pbyk utility is a provides a command line interface and/or GUI interface to enroll YubiKeys with a Purebred instance. On Windows systems, support for enrolling trusted platform module (TPM)-based virtual smart cards (VSCs) is also available. Purebred is a derived credential issuance system used by the U.S. Department of Defense.

As with all Purebred apps, enrollment requires the participation of a Purebred Agent. Specifically, when enrolling the device, you will need a Purebred Agent's EDIPI and a pair of one-time password values generated by that agent and provided in a timely manner. When provisioning user certificates to the device, user key management (UKM) one-time passwords (OTPs) are required. These can be obtained by authenticating to the target Purebred instance using the (simulated) CAC credentials from which derived credentials will be created.

This documentation focuses on the use of the pbyk utility and does not cover obtaining OTP values from the Purebred portal.