YubiKey FIPS 4 Series Overview

The YubiKey FIPS (4 Series) are hardware authentication devices manufactured by Yubico which support one-time passwords, public-key encryption and authentication, and the Universal 2nd Factor (U2F) protocols developed by the FIDO Alliance, with Yubico as a primary contributor and thought leader.

The cryptographic functionality of the YubiKey FIPS (4 Series) devices are powered by the FIPS 140-2 certified YubiKey 4 cryptographic module, a single-chip cryptographic processor with a non-extractable key store that handles all of the cryptographic operations. The YubiKey 4 cryptographic module is FIPS 140-2 certified (Overall Level 2, Physical Security Level 3).

YubiKey FIPS (4 Series) Devices

The YubiKey 4 cryptographic module is a secure element that supports multiple protocols designed to be embedded in USB security tokens. The module can generate, store, and perform cryptographic operations for sensitive data and can be utilized via an external touch-button for Test of User Presence in addition to PIN for smart card authentication. The module implements five major functions - Yubico One Time Password (OTP), FIDO Universal 2nd Factor (U2F), PIV-compatible smart card, OpenPGP smart card and OATH OTP authentication.

YubiKey 4 Cryptographic Module, FIPS 140-2 Certificate #: 3517

https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/3517

YubiKey FIPS (4 Series) devices covered by this Certificate
Product Name Description
YubiKey FIPS (4 Series) Keychain form factor with USB-A connector
YubiKey Nano FIPS (4 Series) Nano form factor with USB-A connector
YubiKey C FIPS (4 Series) Keychain form factor with USB-C connector
YubiKey C Nano FIPS (4 Series) Nano form factor with USB-C connector

All of the models in the YubiKey FIPS (4 Series) provide a USB 2.0 interface, regardless of the form factor or the USB connector. The YubiKey presents itself as a USB composite device in addition to each individual USB interface.

The YubiKey USB PID is described in the YubiKey USB ID Values guide.

YubiKey FIPS Sub-Modules

The YubiKey FIPS Series device features are implemented in five sub-modules.

YubiKey FIPS 4 features by sub-module
Sub-Module Key Features
One Time Password (OTP)
2 Slots for OTP configurations
Supported protocols
- Yubico OTP
- OATH-HOTP
- Challenge/Response HMAC-SHA1
- Static password
OATH
32 for OATH credentials
Supported protocols
- OATH-TOTP
- OATH-HOTP
Supported Algorithms
- HMAC-SHA1
- HMAC-SHA256
PIV-compatible
24 slots for private keys
Support Key algorithms
- RSA 2048
- ECC P256
- ECC P384
OpenPGP Card
PGP Smart Card V2.0
Supported Algorithms
- RSA 2048
- RSA 3072
- RSA 4096 (imported only)
FIDO U2F
FIDO U2F