Firmware Overview
YubiKey 5 Series
The new 5.7. firmware for the YubiKey 5 Series has a number of new and improved features that will be available for the first time on the multi-protocol YubiKey 5. The changes and additions are described in detail in 5.7 Firmware Specifics.In addition to the features that are directly accessible, there are a number of features that require partner support.
Note
Yubico periodically updates the firmware to take advantage of features and capabilities introduced into the ecosystem. YubiKeys are programmed in Yubico’s facilities with the latest available firmware and once programmed cannot be updated to another version. The firmware cannot be altered or removed from a YubiKey.
The firmware version on a YubiKey or a Security Key determines whether or not a feature or a capability is available to that device. The quickest and most convenient way to determine your device’s firmware version is to use either the Yubico Authenticator or the YubiKey Manager tool (ykman), a lightweight software package installable on many OS. The YubiKey Manager has both a graphical user interface (GUI) and a command line interface (CLI). For more information, see the YubiKey Manager (ykman) CLI & GUI Guide.
The features, capabilities, and enhancements of the YubiKey 5 Series that are dependent on firmware version are listed below in the Firmware Capability Matrix below.
Security Key Series
The Security Key Series - including Enterprise Edition - will be updated with the latest firmware, including the updates from FIDO listed above. The Enterprise Edition will have the following additional updates:
- Minimum PIN length set to 6
- PIN Complexity turned on by default (and cannot be turned off)
- Serial number retrievable by client software in Windows without requiring elevated privileges (admin rights) since the YubiKey management application is accessible via CCID, which enables use cases where client software needs to read the serial number of the authenticator.
Firmware Capability Matrix
YubiKey 5 Series
| Firmware Versions | ||||||
|---|---|---|---|---|---|---|
| Feature/Form Factor | 5.0.x | 5.1.x | 5.2.x | 5.3.x | 5.4.x | 5.7.x |
| Serial Number | Yes | Yes | Yes | Yes | Yes | Yes |
| OTP | Yes | Yes | Yes | Yes | Yes | Yes |
| OATH | Yes | Yes | Yes | Yes | Yes | Yes |
| OpenPGP version | 2.1 | 2.1 | 3.4 | 3.4 | 3.4 | 3.4 |
| PIV/Smart Card | Yes | Yes | Yes | Yes | Yes | Yes |
| FIDO U2F | Yes | Yes | Yes | Yes | Yes | Yes |
| FIDO2/WebAuthn | Yes | Yes | Yes | Yes | Yes | Yes |
| YubiHSM Auth | Yes | Yes | ||||
| SCP03 | Yes | Yes | Yes | |||
| SCP11 | Yes | |||||
| FIDO2 Credential Storage | 25 | 25 | 25 | 25 | 25 | 100 |
| OATH Credential Storage | 32 | 32 | 32 | 32 | 32 | 64 |
| USB-A | Yes | Yes | Yes | Yes | Yes | Yes |
| USB-A + NFC | Yes | Yes | Yes | Yes | Yes | Yes |
| USB-C | Yes | Yes | Yes | Yes | Yes | Yes |
| USB-C + NFC | Yes | Yes | Yes | Yes | Yes | |
| USB-A Nano | Yes | Yes | Yes | Yes | Yes | Yes |
| USB-C Nano | Yes | Yes | Yes | Yes | Yes | Yes |
| Lightning + USB-C | Yes | Yes | Yes | Yes |
YubiKey 5 FIPS Series
| Firmware Versions | ||
|---|---|---|
| Feature/Form Factor | 5.4.2 | 5.4.3 |
| Serial Number | Yes | Yes |
| OTP | Yes | Yes |
| OATH | Yes | Yes |
| OpenPGP version | 3.4 | |
| PIV/Smart Card | Yes | Yes |
| FIDO U2F | Yes | Yes |
| FIDO2/WebAuthn | Yes | Yes |
| YubiHSM Auth | Yes | |
| SCP03 | Yes | Yes |
| SCP11 | ||
| USB-A | Yes | Yes |
| USB-A + NFC | Yes | Yes |
| USB-C | Yes | Yes |
| USB-C + NFC | Yes | Yes |
| USB-A Nano | Yes | Yes |
| USB-C Nano | Yes | Yes |
| Lightning + USB-C | Yes | Yes |
YubiKey 5 CSPN Series
| Feature/Form Factor | Firmware Version 5.4.2 |
|---|---|
| Serial Number | Yes |
| OTP | Yes |
| OATH | Yes |
| OpenPGP version | |
| PIV/Smart Card | Yes |
| FIDO U2F | Yes |
| FIDO2/WebAuthn | Yes |
| YubiHSM Auth | |
| SCP03 | Yes |
| USB-A | Yes |
| USB-A + NFC | Yes |
| USB-C | Yes |
| USB-C + NFC | Yes |
| USB-A Nano | Yes |
| USB-C Nano | Yes |
| Lightning + USB-C | Yes |
YubiKey Bio Series
| Firmware Versions | ||
|---|---|---|
| Feature/Form Factor | 5.5.x | 5.6.x |
| Serial Number | Yes | Yes |
| OTP | ||
| OATH | ||
| OpenPGP version | ||
| PIV/Smart Card | ||
| FIDO U2F | Yes | Yes |
| FIDO2/WebAuthn | Yes | Yes |
| YubiHSM Auth | ||
| SCP03 | ||
| SCP11 | ||
| USB-A | Yes | Yes |
| USB-A + NFC | ||
| USB-C | Yes | Yes |
| USB-C + NFC | ||
| USB-A Nano | ||
| USB-C Nano | ||
| Lightning + USB-C |
Security Key Series
| Firmware Versions | |||||
|---|---|---|---|---|---|
| Feature/Form Factor | 5.0.x - 5.2.x | 5.4.x | 5.4.x Enterprise Ed. | 5.7.x | 5.7.x Enterprise Ed. |
| Serial Number | Yes | Yes | |||
| OTP | |||||
| OATH | |||||
| OpenPGP version | |||||
| PIV/Smart Card | |||||
| FIDO U2F | Yes | Yes | Yes | Yes | Yes |
| FIDO2/WebAuthn | Yes | Yes | Yes | Yes | Yes |
| YubiHSM Auth | |||||
| SCP03 | |||||
| FIDO2 PIN Mgmt* | Yes | Yes | |||
| Enterprise Attestation | Yes | ||||
| Blob Storage | Yes | Yes | |||
| Always UV | Yes | Yes | |||
| USB-A | Yes | ||||
| USB-A + NFC | Yes | Yes | Yes | Yes | Yes |
| USB-C | |||||
| USB-C + NFC | Yes | Yes | Yes | Yes | |
| USB-A Nano | |||||
| USB-C Nano | |||||
| Lightning + USB-C |
Click for Yubico Support.