Yubikey Manager script to disable Yubico OTP on multiple YubiKeys

disable_otp.py

# Yubikey Manager script to disable Yubico OTP on multiple YubiKeys
#
# To run:
# ykman.exe script --force disable_otp.py
#
# Once running, insert and remove YubiKeys as needed to disable Yubico OTP
# When done, type Control-C to exit

from ykman import scripting
from yubikit.management import (CAPABILITY, ManagementSession)
from yubikit.core import TRANSPORT

for device in scripting.multi(allow_initial=True,ignore_duplicates=False):
    print("Configuring: ", device)
    
    config = device.info.config
    changed = False

    if config.enabled_capabilities[TRANSPORT.USB] & CAPABILITY.OTP:
        print ("\tDisabling Yubico OTP on USB")
        config.enabled_capabilities[TRANSPORT.USB] ^= CAPABILITY.OTP
        changed = True        
    else:
        print ("\tYubico OTP is already disabled on USB")

    if config.enabled_capabilities[TRANSPORT.NFC] & CAPABILITY.OTP:
        print ("\tDisabling Yubico OTP on NFC")
        config.enabled_capabilities[TRANSPORT.NFC] ^= CAPABILITY.OTP
        changed = True        
    else:
        print ("\tYubico OTP is already disabled on NFC")

    if changed:
        with device.otp() as connection:
            session = ManagementSession(connection)
            session.write_device_config(device.info.config)
            print ("\tConfiguration updated")

    else:
        print ("\tNo changes required")