5.4.X Firmware: Overview of Features & Capabilities

The YubiKey firmware is separate from the YubiKey itself in the sense that it is put onto each YubiKey in a process separate from the manufacture of the physical key. Nonetheless, it can be neither removed nor altered. Yubico periodically updates the YubiKey firmware to take advantage of features and capabilities introduced into operating systems such as Windows, MacOS, and Ubuntu, etc., as well as to enable new YubiKey features.

The firmware version on a YubiKey or an HSM therefore determines whether or not a feature or a capability is available to that device. The quickest and most convenient way to determine your device’s firmware version is to use the YubiKey Manager tool (ykman), a lightweight software package installable on any OS. The YubiKey Manager has both a graphical user interface (GUI) and a command line interface (CLI).

Depending on when they were manufactured, the YubiKey 5 Series keys have the 5.2.3 firmware or the 5.4.X firmware. The capabilities of the firmware versions 5.2.3 and earlier are included in the general descriptions in Protocols and Applications.

The features, capabilities, and enhancements brought to the YubiKey 5 Series by the 5.4.X firmware are summarized below, with the full details given in the technical description sections in this manual.

Secure Channel

Secure channel is used for establishing an authenticated and encrypted communication channel over CCID between a host and the secure element on the YubiKey. The YubiKey security domain can store three concurrent long-lived transport key sets.

SCP03 (Secure Channel Protocol 03), which is part of the GlobalPlatform standard, is a framework for mutual authentication and encrypted transport between hosts and secure elements in smart cards. With the 5.4.X firmware, Yubico has implemented a secure channel based on that specification.

For an overview of this implementation, see Secure Channel, while detailed descriptions of the secure channel feature are to be found in Yubico Secure Channel Technical Description, Secure Channel Key Diversification and Programming, and Yubico SCP03 Developer Guidance.

Note

Applications based on PKCS #11 or Microsoft CNG do not usually use the secure channel.

Security Domains & Key Diversification

The authenticated and encrypted communication channel takes place over the CCID interface between a host and the secure element on the YubiKey. This includes programming or communication from CCID functions. The secure channel feature can therefore be used to load application keys onto the YubiKey to be used with the CCID applications OATH, OpenPGP, or PIV.

_images/writing-CCID-application-keys-over-SCP03.png

Writing CCID Application Keys over SCP03

The YubiKey security domain can store three concurrent transport key sets. A transport key set contains three long-lived AES keys. When a session is established, the session AES keys are derived from the long-lived transport key set.

Key diversification is the process of deriving a secure channel static transport key set from a Batch Master Key (BMK), the YubiKey identifier (part of serial number), and additional metadata. Key diversification therefore facilitates secure distribution of key sets over a secure channel. To derive the YubiKey transport key sets, the Batch Master Key (BMK) is shared with the CMS system. If the CMS vendor gives Yubico access to its BMK, Yubico can preprogram the secure channel transport key sets for the YubiKey 5 batches. The BMK could be protected by the YubiHSM2.

In order to import new transport key sets, a secure channel must be established with the security domain. This has to be done with a previously loaded transport key set or the default transport key set. Each secure channel transport key set is protected by being written to the YubiKey security domain in the secure element and stored in a server, typically a CMS system. The host that is accessing the YubiKey has an agent that connects to the CMS system to retrieve the secure channel key set. Based on the secure channel key set, both at the host and the YubiKey, a secure session is established.

_images/establish-SCP03-secure-channel.png

Establish SCP03 Secure Channel

Benefits and Usage

  • Encryption application keys can be stored on the CMS server as well as on the YubiKey. If the YubiKey is lost or compromised, the encryption key can be recovered and loaded onto a replacement YubiKey.
  • Key diversification enables simplified and secured distribution of secure channel transport key sets as only the BMK must be shared with the CMS system to derive the YubiKey transport key sets.
  • The secure channel transport key sets can be preprogrammed at the YubiKey batches by Yubico, if the Yubico supply chain has access to the BMK of the CMS vendor.
  • The CMS system can generate the secure channel transport key sets based on the YubiKey serial numbers, the BMK, and additional metadata. The CMS can then use the initial secure channel transport key set for writing additional secure channel transport key sets to the YubiKeys.
_images/SCP03-key-diversification.png

SCP03 Key Diversification

For more technical information, see Secure Channel Key Diversification and Programming.

Secure Channel CPLC Data

The Card Production Life Cycle (CPLC) data object is a random dataset that is stored on each YubiKey to assure unique identification of the YubiKeys in CMS. Although it is officially deprecated from the SCP03 standard, it is still widely used to hold card data specific to CMS services or to uniquely identify smart cards. Therefore Yubico has implemented the CPLC data object to provide unique identification of YubiKeys for CMS vendors.

For a more detailed description of CPLC data object, see Secure Channel CPLC Data.

PIV Enhancements

YubiKey PIV Metadata

YubiKey 5 PIV metadata enables services and client software to obtain information about PIV keys from a central location, obviating the need to query PIV attestation. This enables the YubiKey PIV application to report on characteristics of cryptographic keys in the specified PIV slot. YubiKey PIV metadata thereby facilitates integration with CMS vendors.

PIV metadata was introduced with the YubiKey 5.3.0 firmware. For details, see the Get Metadata section of the PIV extensions on developers.yubico.com.

PIV Management Key (AES)

Prior to the release of the 5.4.x firmware, the PIV management key was a 3DES key. This feature expands the management key type held in PIV slot 9b to include AES keys (128, 192 and 256) as defined in SP 800-78-4 Cryptographic Algorithms and Key Sizes for Personal Identity Verification <SP800-78-4, section 5). The PIV management key in AES format enables current and future FIPS-compliant CMS services.

For more technical information, see PIV Enhancements Technical Description.

NFC ID: Calculation Changed

Crucial to vendors of physical access control systems and door protection systems utilizing NFC readers, the modification of the YubiKey NFC ID calculation enables NFC readers and access management systems (door locks) using the NFC ID tag to identify NFC-enabled YubiKeys, including those without serial numbers. It is now calculated so that a unique string is returned in the first part of the NFC ID. Until the release of the 5.4.X firmware, the fact that some access control systems truncate the YubiKey NFC ID meant that YubiKey 5 NFC IDs appeared to be non-unique.

For more technical information on this, see NFC ID Calculation Technical Description.

YubiHSM Auth

YubiHSM Auth is a YubiKey CCID application that stores the long-lived credentials used to establish secure sessions to a YubiHSM 2. The secure session protocol is based on Secure Channel Protocol 3 (SCP03). YubiHSM Auth is supported by YubiKey v5.4.0 and higher.

For more details, see YubiHSM Auth.

YubiHSM Auth is a CCID application that can store long-lived credentials (AES keys) that are used to establish secure sessions to a YubiHSM 2. By providing an external challenge, a derivation scheme that yields three session keys is executed. The session keys are not stored on the YubiKey but simply output as a result. The session keys can be used for authentication to the YubiHSM 2. The authentication scheme is based on SCP03 (see Secure Channel above). Each long-lived YubiHSM Auth credential is protected by a user access code that has to be provided to authenticate each session. Storing and deleting credentials requires a separate admin access code.

Benefits and Usage

YubiHSM Auth enables the secure storage of the long-lived credentials for accessing a YubiHSM 2. The existing authentication solution for the YubiHSM 2 is based on software credentials derived from the Password-Based Key Derivation Function 2 (PBKDF2) algorithm with a password as input.

Generating keys using PBKDF2 is just for convenience. It is preferable - and recommended - to provide AES keys directly to avoid exposing them to attack. Not only is it important to avoid losing the derivation password or the keys themselves (as those are basically the same thing), but those credentials also

  • Exist outside a secure element and
  • Need to be given in clear text to the program that uses them loads them into memory.

With YubiHSM Auth only the ephemeral session keys exist outside a secure environment.

For more details, see YubiHSM Auth.