YubiHSM 2 Product Overview

The YubiHSM 2 is a small hardware device that keeps cryptographic keys safe. It is a fully capable Hardware Security Module (HSM) designed to store, manage, and use sensitive key material such as the private keys used for signing software, authenticating servers, or encrypting data.

Beyond protecting keys, the YubiHSM 2 also provides:

  • Fine-grained access control: Different applications and users can be given precisely the permissions they need, and no more.
  • A tamper-evident audit log: Every operation performed on the device is recorded, supporting compliance and forensic investigation.
  • Key backup and transfer: Keys can be securely moved between devices without ever being exposed in plaintext, enabling disaster recovery and redundancy.

The YubiHSM 2 is designed to be integrated directly into server-side applications and infrastructure. It communicates over USB and is supported by an open SDK, a PKCS#11 interface, and command-line tools.

Device Specifications

Supported Operating Systems

The YubiHSM 2 SDK is built and provides for the following operating systems: Windows, Linux distributions, and macOS. See YubiHSM2 Releases for most recent platform YubiHSM2 downloads.

Physical Characteristics

_images/yk5-nano.png

YubiHSM 2 Physical Device

  • Form factor: nano designed for confined spaces such as internal USB ports in servers
  • Dimensions: 12mm x 13mm x 3.1mm
  • Weight: 0.5g

Temperatures

  • Operational range: 0°C - 40°C (32°F - 104°F)
  • Storage range: -20°C - 85°C (-4°F - 185°F)

Host Interface

Universal Serial Bus (USB-A) 1.x Full Speed (12 Mbit/s) Peripheral with bulk interface.

Cryptographic Specifications

Storage Capacity

  • All data stored as objects. 256 object slots, 126KB max total
  • Stores up to 127 rsa2048 or 93 rsa3072 or 68 rsa4096 or 255 of any elliptic curve type, assuming only one authentication key is present
  • Objects: Authentication keys (used to establish sessions); Asymmetric private keys; Opaque binary data objects (e.g. x509 certificates); Wrap keys; HMAC keys; others

Cryptographic Interfaces

  • PKCS#11 API version 2.40 and 3.0
  • Yubico Key Storage Provider (KSP) to access Microsoft CNG. The KSP is provided as 64-bit and 32-bit DLLs
  • Full access to device capabilities through Yubico’s YubiHSM Core Libraries (C, Python)

Advanced Encryption Standard (AES)

  • 128, 192, and 256-bit keys
  • Support for Electronic Code Book (ECB), Cipher Block Chaining (CBC) and Counter (CCM) modes

RSA

  • 2048-, 3072-, and 4096-bit keys (with e=65537)
  • Signing using PKCS#1v1.5 and PSS
  • Decryption using PKCS#1v1.5 and OAEP

Elliptic Curve Cryptography (ECC)

  • Curves: secp224r1, secp256r1, secp256k1, secp384r1, secp521r, bp256r1, bp384r1, bp512r1, Ed25519
  • Signing: ECDSA (all except Ed25519), EdDSA (Ed25519 only)
  • Derivation: ECDH (all except Ed25519)

Hashing Functions

SHA-1, SHA-256, SHA-384, SHA-512

Key Wrap

  • Import and export using NIST-approved AES-CCM Wrap with 128-, 196-, and 256-bit keys
  • Import and export using RSA2048, RSA3072 and RSA4096 and RSA-OAEP encryption. Only in firmware version 2.4 or higher

Random Numbers

On-chip True Random Number Generator (TRNG) used to seed NIST SP 800-90A Rev.1 AES-256 CTR_DRBG

Attestation

Asymmetric key pairs generated on-device may be attested using a device-specific Yubico attestation key and certificate, or using your own keys and certificates imported into the HSM. See Attestation.

FIPS certified

Note

This section applies to YubiHSM 2 FIPS devices only.

YubiHSM 2 FIPS is FIPS 140-2 Level 3 certified device, which means it can be used in solutions that are meant to comply with FIPS 140-2 requirements. Certification by National Institute of Standards and Technology (NIST) can be found at: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3916

YubiHSM 2 FIPS devices include the text “FIPS” inscribed onto the surface of the device and allow YubiHSM 2 FIPS to run in FIPS Approved mode.

The YubiHSM 2 is available in a FIPS-capable version called YubiHSM 2 FIPS.

The YubiHSM 2 FIPS can be configured in an approved mode and a non-approved mode of operation. In the approved mode, only FIPS-approved algorithms are supported. In the non-approved mode, additional non-approved algorithms such as rsa-pkcs1-sha1 are supported.

FIPS-approved mode can be configured only after a device reset by enabling the fips-mode option and immediately changing the default Authentication key.

For instructions on configuring the YubiHSM 2 FIPS in FIPS-approved mode, see Set FIPS Mode.

A key attestation generated on a YubiHSM 2 FIPS device with firmware version 2.4.1 or newer has an X.509 extension present with OID 1.3.6.1.4.1.41482.4.12. If the key attestation was generated in FIPS-approved mode, this extension BOOLEAN value is TRUE. Otherwise, the BOOLEAN value is FALSE.

The pre-loaded certificate of a YubiHSM 2 FIPS device has an X.509 extension present with OID 1.3.6.1.4.1.41482.4.10. This extension has an INTEGER value encoding its FIPS certificate. Currently, the value 6 refers to the YubiHSM 2 FIPS certificate for firmware version 2.2.

Performance

Performance varies depending on usage. The accompanying Software Development Kit includes performance tools that can be used for additional measurements. Example metrics from an otherwise unoccupied YubiHSM 2:

  • RSA-2048-PKCS1-SHA256: ~139ms
  • RSA-3072-PKCS1-SHA384: ~504ms
  • RSA-4096-PKCS1-SHA512: ~852ms
  • ECDSA-P224-SHA1: ~64ms
  • ECDSA-P256-SHA256: ~73ms
  • ECDSA-P384-SHA384: ~120ms
  • ECDSA-P521-SHA512: ~210ms
  • EdDSA-25519-32Bytes: ~105ms
  • EdDSA-25519-64Bytes: ~121ms
  • EdDSA-25519-128Bytes: ~137ms
  • EdDSA-25519-256Bytes: ~168ms
  • EdDSA-25519-512Bytes: ~229ms
  • EdDSA-25519-1024Bytes: ~353ms
  • AES-(128|192|256)-CCM-Wrap: ~10ms
  • HMAC-SHA-(1|256): ~4ms
  • HMAC-SHA-(384|512): ~243ms