Yubico YubiKey YubiHSM 2 FIPS v2.2
YubiKey YubiHSM 2 FIPS v2.2 ostenny jst with open source software.
Description
Yubico YubiKey YubiHSM 2 FIPS v2.2
YubiKey YubiHSM 2 FIPS v2.2 (FIPS 140-2 validated, v2.2, USB-A)
With the YubiHSM 2 SDK available as open source, organizations can easily and quickly integrate secure YubiHSM 2 FIPS support into a wide range of existing and new platforms and systems.
- IP68 protection level (water and dust resistant),
- crush resistant,
- no batteries required,
- there are no moving parts.
- support for custom applications using open source libraries,
- interfaces via YubiHSM KSP, PKCS#11 and native libraries,
- discreet mounting in the port - nano shape,
- USB-A connector for standard ports 1.0, 2.0 and 3.0,
- designed for use with low power consumption,
- made in the USA and Sweden,
- NIST Certified - FIPS 140-2 Compliant (General Level 2, Physical Security Level 3),
YubiHSM 2 FIPS is a hardware solution for protection against copying by attackers and malware. It offers an attractive option for securely generating, storing and managing keys.
klucz bezpieczeństwa, klucz sprzętowy, klucz zabezpieczający komputer, dwuetapowe uwierzytelnianie, zabezpieczenia kont w portalach internetowych, potwierdzenie tożsamości podczas logowania, klucz unikalny, security key, hardware key, computer security key, two-step authentication, security of accounts on Internet portals, identity confirmation when logging in, unique key, Sicherheitsschlüssel, Hardwareschlüssel, Computer-Sicherheitsschlüssel, Zwei-Faktor-Authentifizierung, Sicherheit von Konten auf Internetportalen, Identitätsbestätigung beim Anmelden, eindeutiger Schlüssel,
Technical Data
| Operating System Support | Windows, Linux, macOS |
| Linux | CentOS 7, Debian 8, Debian 9, Debian 10 , Fedora 28, Fedora 30, Fedora 31 , Ubuntu 1404, Ubuntu 1604, Ubuntu 1804, Ubuntu 1810, Ubuntu 1904, Ubuntu 1910 |
| Windows | Windows 10, Windows Server 2012, Windows Server 2016, Windows Server 2019 |
| MacOS | 10.12 Sierra, 10.13 High Sierra, 10.14 Mojave |
| Cryptographic interfaces (APIs) | |
| Microsoft CNG (KSP) | |
|---|---|
| PKCS#11 (Windows, Linux, macOS) | |
| Native YubiHSM Core Libraries (C, python) | |
| Cryptographic capabilities | |
| Hashing (used with HMAC and asymmetric signatures) | SHA-1, SHA-256, SHA-384, SHA-512 |
| RSA | |
| 2048, 3072, and 4096 bit keys | |
| Signing using PKCS#1v1.5 and PSS | |
| Decryption using PKCS#1v1.5 and OAEP | |
| Elliptic Curve Cryptography (ECC) | |
| Curves | secp224r1, secp256r1, secp256k1, secp384r1, secp521r, bp256r1, bp384r1, bp512r1, curve25519 |
| Signing | ECDSA (all except curve25519), EdDSA (curve25519 only) |
| Decryption | ECDH (all except curve25519) |
| Key wrap | |
| Import and export using NIST AES-CCM Wrap at 128, 196, and 256 bits | |
| Random numbers | |
| On-chip True Random Number Generator (TRNG) used to seed NIST SP 800-90 AES 256 CTR_DRBG | |
| Attestation | |
| Asymmetric key pairs generated on-device may be attested using a factory certified attestation key and certificate, or using your own key and certificate imported into the HSM | |
| Performance | |
| Performance varies depending on usage. The accompanying Software Development Kit includes performance tools that can be used for additional measurements. Example metrics from an otherwise unoccupied YubiHSM 2 FIPS. | |
| RSA-2048-PKCS1-SHA256 | ~139ms avg |
| RSA-3072-PKCS1-SHA384 | ~504ms avg |
| RSA-4096-PKCS1-SHA512 | ~852ms avg |
| ECDSA-P256-SHA256 | ~73ms avg |
| ECDSA-P384-SHA384 | ~120ms avg |
| ECDSA-P521-SHA512 | ~210ms avg |
| EdDSA-25519-32Bytes | ~105ms avg |
| EdDSA-25519-64Bytes | ~121ms avg |
| EdDSA-25519-128Bytes | ~137ms avg |
| EdDSA-25519-256Bytes | ~168ms avg |
| EdDSA-25519-512Bytes | ~229ms avg |
| EdDSA-25519-1024Bytes | ~353ms avg |
| AES-(128|192|256)-CCM-Wrap | ~10ms avg |
| HMAC-SHA-(1|256) | ~4ms avg |
| HMAC-SHA-(384|512) | ~243ms avg |
| Storage capacity | |
| All data stored as objects. 256 object slots, 128KB (base 10) max total | |
| Stores up to 127 rsa2048, 93 rsa3072, 68 rsa4096 or 255 of any elliptic curve type, assuming only one authentication key is present | |
| Object types | Authentication keys (used to establish sessions); asymmetric private keys; opaque binary data objects, e.g. x509 certs; wrap keys; HMAC keys |
| Management | |
| Mutual authentication and secure channel between applications and HSM | |
| M of N unwrap key restore via YubiHSM Setup Tool | |
| Software Development Kit | |
| A Software Development Kit for YubiHSM 2 FIPS is available for download on Yubico.com and includes | |
| YubiHSM Core Library (libyubihsm) for C, Python | |
| YubiHSM Shell (Configuration CLI) | |
| PKCS#11 Module | |
| YubiKey Key Storage Provider (KSP) for use with Microsoft | |
| YubiHSM Connector | |
| YubiHSM Setup Tool | |
| Documentation and code examples | |
| Physical characteristics | |
| Form factor | ‘nano’ designed for confined spaces such as internal USB ports in servers |
| Dimensions | 12mm x 13mm x 3.1mm |
| Weight | 1 gram |
| Current requirements 20mA avg, 30mA max | |
| USB-A plug connector | |
| Safety and environmental compliance | |
| FCC | |
| CE | |
| WEEE | |
| ROHS | |
| Host interface | |
| Universal Serial Bus (USB) 1.x Full Speed (12Mbit/s) Peripheral with bulk interface. | |
