YubiKey FIPS 4 Series Overview
The YubiKey FIPS (4 Series) are hardware authentication devices manufactured by Yubico which support one-time passwords, public-key encryption and authentication, and the Universal 2nd Factor (U2F) protocols developed by the FIDO Alliance, with Yubico as a primary contributor and thought leader.
The cryptographic functionality of the YubiKey FIPS (4 Series) devices are powered by the FIPS 140-2 certified YubiKey 4 cryptographic module, a single-chip cryptographic processor with a non-extractable key store that handles all of the cryptographic operations. The YubiKey 4 cryptographic module is FIPS 140-2 certified (Overall Level 2, Physical Security Level 3).
YubiKey FIPS (4 Series) Devices
The YubiKey 4 cryptographic module is a secure element that supports multiple protocols designed to be embedded in USB security tokens. The module can generate, store, and perform cryptographic operations for sensitive data and can be utilized via an external touch-button for Test of User Presence in addition to PIN for smart card authentication. The module implements five major functions - Yubico One Time Password (OTP), FIDO Universal 2nd Factor (U2F), PIV-compatible smart card, OpenPGP smart card and OATH OTP authentication.
YubiKey 4 Cryptographic Module, FIPS 140-2 Certificate #: 3517
https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/3517
Product Name | Description |
---|---|
YubiKey FIPS (4 Series) | Keychain form factor with USB-A connector |
YubiKey Nano FIPS (4 Series) | Nano form factor with USB-A connector |
YubiKey C FIPS (4 Series) | Keychain form factor with USB-C connector |
YubiKey C Nano FIPS (4 Series) | Nano form factor with USB-C connector |
All of the models in the YubiKey FIPS (4 Series) provide a USB 2.0 interface, regardless of the form factor or the USB connector. The YubiKey presents itself as a USB composite device in addition to each individual USB interface.
The YubiKey USB PID is described in the YubiKey USB ID Values guide.
YubiKey FIPS Sub-Modules
The YubiKey FIPS Series device features are implemented in five sub-modules.
Sub-Module | Key Features |
---|---|
One Time Password (OTP) | 2 Slots for OTP configurations
Supported protocols
- Yubico OTP
- OATH-HOTP
- Challenge/Response HMAC-SHA1
- Static password
|
OATH | 32 for OATH credentials
Supported protocols
- OATH-TOTP
- OATH-HOTP
Supported Algorithms
- HMAC-SHA1
- HMAC-SHA256
|
PIV-compatible | 24 slots for private keys
Support Key algorithms
- RSA 2048
- ECC P256
- ECC P384
|
OpenPGP Card | PGP Smart Card V2.0
Supported Algorithms
- RSA 2048
- RSA 3072
- RSA 4096 (imported only)
|
FIDO U2F | FIDO U2F
|