YubiHSM 2 Product Overview

The YubiHSM 2 is a small hardware device that keeps cryptographic keys safe. It is a fully capable Hardware Security Module (HSM) designed to store, manage, and use sensitive key material such as the private keys used for signing software, authenticating servers, or encrypting data.

Beyond protecting keys, the YubiHSM 2 also provides:

  • Fine-grained access control: Different applications and users can be given precisely the permissions they need, and no more.
  • A tamper-evident audit log: Every operation performed on the device is recorded, supporting compliance and forensic investigation.
  • Key backup and transfer: Keys can be securely moved between devices without ever being exposed in plaintext, enabling disaster recovery and redundancy.

The YubiHSM 2 is designed to be integrated directly into server-side applications and infrastructure. It communicates over USB and is supported by an open SDK, a PKCS#11 interface, and command-line tools.

Device Specifications

Supported Operating Systems

The YubiHSM 2 SDK is built and provides for the following operating systems: Windows, Linux distributions, and macOS. See YubiHSM2 Releases for most recent platform YubiHSM2 downloads.

Physical Characteristics

_images/YubiHSM2-Hero-FIPS1403-2k-v5.png

YubiHSM 2 Physical Device

  • Form factor: nano designed for confined spaces such as internal USB ports in servers
  • Dimensions: 12mm x 13mm x 3.1mm
  • Weight: 0.5g

Temperatures

  • Operational range: 0°C - 40°C (32°F - 104°F)
  • Storage range: -20°C - 85°C (-4°F - 185°F)

Host Interface

Universal Serial Bus (USB-A) 1.x Full Speed (12 Mbit/s) Peripheral with bulk interface.

Cryptographic Specifications

Storage Capacity

  • All data stored as objects. 256 object slots, 126KB max total
  • Stores up to 127 rsa2048 or 93 rsa3072 or 68 rsa4096 or 255 of any elliptic curve type, assuming only one authentication key is present
  • Objects: Authentication keys (used to establish sessions); Asymmetric private keys; Opaque binary data objects (e.g. x509 certificates); Wrap keys; HMAC keys; others

Cryptographic Interfaces

  • PKCS#11 API version 2.40 and 3.0
  • Yubico Key Storage Provider (KSP) to access Microsoft CNG. The KSP is provided as 64-bit and 32-bit DLLs
  • Full access to device capabilities through Yubico’s YubiHSM Core Libraries (C, Python)

Advanced Encryption Standard (AES)

  • 128, 192, and 256-bit keys
  • Support for Electronic Code Book (ECB), Cipher Block Chaining (CBC) and Counter (CCM) modes
  • Supported in both FIPS and non-FIPS mode.

RSA

  • 2048-, 3072-, and 4096-bit keys (with e=65537)
  • Signing using PKCS#1v1.5 and PSS
  • Decryption using PKCS#1v1.5 and OAEP
  • RSA decryption using PKCS#1 v1.5 disabled in FIPS mode.

Elliptic Curve Cryptography (ECC)

  • Curves: secp224r1, secp256r1, secp256k1, secp384r1, secp521r, bp256r1, bp384r1, bp512r1, Ed25519
  • secp256k1 disabled in FIPS mode.
  • Signing: ECDSA (all except Ed25519), EdDSA (Ed25519 only)
  • Derivation: ECDH (all except Ed25519)

Hashing Functions

SHA-1, SHA-256, SHA-384, SHA-512

Signature generation using SHA1 disabled in FIPS mode.

Key Wrap

  • Import and export using NIST-approved AES-CCM Wrap with 128-, 196-, and 256-bit keys
  • Import and export using RSA2048, RSA3072 and RSA4096 and RSA-OAEP encryption. Only in firmware version 2.4 or higher

Random Numbers

On-chip True Random Number Generator (TRNG) used to seed NIST SP 800-90A Rev.1 AES-256 CTR_DRBG

Attestation

Asymmetric key pairs generated on-device may be attested using a device-specific Yubico attestation key and certificate, or using your own keys and certificates imported into the HSM. See Attestation.

FIPS Certified

Note

This topic applies to YubiHSM 2 FIPS devices only.

The YubiHSM 2 is available in a FIPS-capable version called YubiHSM 2 FIPS.

YubiHSM 2 FIPS devices include the text “FIPS” inscribed onto the surface of the device and allow YubiHSM 2 FIPS to run in FIPS Approved mode.

_images/YubiHSM2-HeroR-FIPS1403-2k-v5.png

YubiHSM 2 FIPS Marking

FIPS Validation

YubiHSM 2 FIPS firmware version 2.4 is FIPS 140-3 Security Level 3 validated device. These devices can be used in solutions that are meant to comply with FIPS 140-3 requirements. For National Institute of Standards and Technology (NIST) validated, see Cryptographic Module Validation Program CMVP, #5302.

Note

  • Effective May 29 2026, YubiHSM FIPS Series with firmware 2.4 was NIST certified for FIPS 140-3.
  • Effective May 2026, YubiHSM FIPS Series with firmware 2.2 and NIST FIPS 140-2 certification moved to Sunset List.
  • Effective September 22, 2026, All NIST FIPS 140-2 certification will be moved to the Historical List.

FIPS Mode

The YubiHSM 2 FIPS can be configured in an approved mode and a non-approved mode of operation. In the approved mode, only FIPS-approved algorithms are supported. In the non-approved mode, additional non-approved algorithms such as rsa-pkcs1-sha1 are supported.

FIPS-approved mode configuration requires:

  1. Enabling the fips-mode option. This resets the device.
  2. Immediately changing the default Authentication key.

For instructions on configuring the YubiHSM 2 FIPS in FIPS-approved mode, see Set FIPS Mode.

FIPS 140-3 Changes

Blocked operations

The algorithms and services listed in the table below are disallowed by FIPS. When a device is put in FIPS mode, the algorithms are disabled and cannot be enabled as long as the device is in FIPS mode. When selected algorithms are disabled in FIPS mode, it means corresponding services listed are also disallowed.

Disabled algorithms Disabled services
ecdsa-sha1 ECDSA Signature Generation with SHA-1
eck256 Support for EC keys with curve secp256k1
rsa-pkcs1-decrypt Decrypt PKCS#1
rsa-pkcs1-sha1 RSA PKCS#1 Signature Generation with SHA-1
rsa-pss-sha1 RSA PSS Signature Generation with SHA-1

Default authentication key

When in FIPS mode, the default authentication key must be changed. YubiHSM does not accept any other commands until the default authentication key is changed.

Switching from FIPS mode to non-FIPS mode and vice versa cannot be done until all the objects created in one mode, other than the authentication key, are deleted.

FIPS Key Attestation

A key attestation generated on a YubiHSM 2 FIPS device with firmware version 2.4.1 or newer has an X.509 extension present with OID 1.3.9.1.4.1.41482.4.12.

FIPS-approved mode: If the key attestation was generated in FIPS-approved mode, this extension BOOLEAN value is TRUE. Otherwise, the BOOLEAN value is FALSE.

Certificate extension: The pre-loaded certificate of a YubiHSM 2 FIPS device has an X.509 extension present with OID 1.3.9.1.4.1.41482.4.10. This extension has an INTEGER value encoding its FIPS certificate.

  • Value 9 refers to the YubiHSM 2 FIPS certificate 5302 for firmware version 2.4.1.
  • See FIPS Arc Values for additional FIPS Certificate validation information.

Performance

Performance varies depending on usage. We suggest you perform your own benchmarking as figures vary. The accompanying Software Development Kit includes performance tools can be used for additional measurements. Example metrics from an otherwise unoccupied YubiHSM 2:

  • RSA-2048-PKCS1-SHA256: ~139ms
  • RSA-3072-PKCS1-SHA384: ~504ms
  • RSA-4096-PKCS1-SHA512: ~852ms
  • ECDSA-P224-SHA1: ~64ms
  • ECDSA-P256-SHA256: ~73ms
  • ECDSA-P384-SHA384: ~120ms
  • ECDSA-P521-SHA512: ~210ms
  • EdDSA-25519-32Bytes: ~105ms
  • EdDSA-25519-64Bytes: ~121ms
  • EdDSA-25519-128Bytes: ~137ms
  • EdDSA-25519-256Bytes: ~168ms
  • EdDSA-25519-512Bytes: ~229ms
  • EdDSA-25519-1024Bytes: ~353ms
  • AES-(128|192|256)-CCM-Wrap: ~10ms
  • HMAC-SHA-(1|256): ~4ms
  • HMAC-SHA-(384|512): ~243ms