Concept: Domain


A Domain is a logical partition that can be conceptually mapped to a container. In a YubiHSM 2 there are 16 independent Domains; an Object can belong to one or more Domains.


Authentication Keys are Objects and thus can belong to multiple Domains.

Domains serve as a means to secure Objects so that they cannot be addressed by independent applications running on the same device. This is achieved by specifying the Object’s Domain. Only users or applications that belong to the same Domain as an Object can access it or use it.

The details involved in accessing an Object are explained in the Concept: Effective Capabilities page.

Protocol Details

Domains are encoded as 16-bit values, where each Domain is represented by a bit

Domain Number Hex Mask
1 0x0001
2 0x0002
3 0x0004
4 0x0008
5 0x0010
6 0x0020
7 0x0040
8 0x0080
9 0x0100
10 0x0200
11 0x0400
12 0x0800
13 0x1000
14 0x2000
15 0x4000
16 0x8000