NFC ID Calculation Technical Description

Background to Door Access

The YubiKey 5 NFC can be used for physical access to doors. Essentially, the physical access system reads out the NFC ID from the YubiKey, truncates and parses the NFC ID in different ways, and checks if there is a match to a registered value in a database. If there is a match, the door is opened.

Calculation of NFC ID

For YubiKey 5.2.x and lower versions, the NFC ID was calculated as follows:

0x88 0x27 0 0 serial_3 serial_2 serial_1 serial_0

where serial_0, serial_1, serial_2 and serial_3 are the four bytes containing information about the YubiKey’s serial number. In other words, serial_x is a byte that contains some of the digits of the serial number, however not a digit in itself.

serial_0 is the most significant digit, ranging to serial_3 which is the least significant digit. The least significant digit (serial_3) changes most frequently, while the most significant digit (serial_0) changes with the lowest frequency.

When a door access system reads out the NFC ID from the YubiKey, the NFC ID may be truncated and reversed in different ways before it is matched to the registered IDs in a database. In some cases, the most significant digits are parsed out and placed first, while the rest of the NFC ID is truncated. Such processing has in some cases resulted in parsed NFC ID values that consist of the most significant digits such as serial_0 and serial_1, which may not be unique for a batch of YubiKeys. In other cases, only 0x27 0 0 are used, resulting in non-unique values.

NFC ID Calculation for YubiKey v5.3.0 and Above

For YubiKeys with firmware of 5.3.0 and above, the NFC ID calculation has been changed such that the NFC ID is now derived as:

0x88 0x27 serial_3 serial_2 serial_1 serial_0 serial_2 serial_3

Note that two of the four bytes in the serial number are repeated both at the beginning and at the end of the sequence.

(For the Security Key by Yubico, which does not have a serial number, the NFC ID is calculated as follows:

0x08 AA BB CC where AA, BB and CC are random bytes.)

This updated calculation of the NFC ID ensures unique values, regardless of the parsing direction of the NFC ID, whether from left to right or right to left.