Skip to content
Secure Login

YubiHSM 2 v2.4

SKU: YK-HSM-2
Enquire Now
YubiKey yubihsm token
YubiKey yubihsm being used in internals of a computer
1/ 3

Specifications

Additional information

Weight 0.001 kg
Dimensions 1.2 × 1.3 × 0.31 cm
USB Type

USB-A
Linux OS

CentOS 7
Debian 8
Debian 9
Debian 10
Fedora 28
Fedora 30
Fedora 31
Ubuntu 1404
Ubuntu 1604
Ubuntu 1804
Ubuntu 1810
Ubuntu 1904
Ubuntu 1910
Windows OS

Windows 10
Windows Server 2012
Windows Server 2016
Windows Server 2019
macOS

10.12 Sierra
10.13 High Sierra
10.14 Mojave
Cryptographic interfaces (APIs)

Microsoft CNG (KSP)
PKCS#11 (Windows\, Linux\, macOS)
Native YubiHSM Core Libraries (C\, python)
Cryptographic capabilities

Hashing (used with HMAC and asymmetric signatures)
• SHA-1\, SHA-256\, SHA-384\, SHA-512

RSA
• 2048\, 3072\, and 4096 bit keys
• Signing using PKCS#1v1.5 and PSS
• Decryption using PKCS#1v1.5 and OAEP

Elliptic Curve Cryptography (ECC)
• Curves: secp224r1\, secp256r1\, secp256k1\, secp384r1\, secp521r\, bp256r1\, bp384r1\, bp512r1\, curve25519
• Signing: ECDSA (all except curve25519)\, EdDSA (curve25519 only)
• Decryption: ECDH (all except curve25519)

Key wrap
• Import and export using NIST AES-CCM Wrap at 128\, 196\, and 256 bits

Random numbers
• On-chip True Random Number Generator (TRNG) used to seed NIST SP 800-90 AES 256 CTR_DRBG

Attestation
• Asymmetric key pairs generated on-device may be attested using a factory certified attestation key and certificate\, or using your own key and certificate imported into the HSM
Performance

RSA-2048-PKCS1-SHA256: ~139ms avg
RSA-3072-PKCS1-SHA384: ~504ms avg
RSA-4096-PKCS1-SHA512: ~852ms avg
ECDSA-P256-SHA256: ~73ms avg
ECDSA-P384-SHA384: ~120ms avg
ECDSA-P521-SHA512: ~210ms avg
EdDSA-25519-32Bytes: ~105ms avg
EdDSA-25519-64Bytes: ~121ms avg
EdDSA-25519-128Bytes: ~137ms avg
EdDSA-25519-256Bytes: ~168ms avg
EdDSA-25519-512Bytes: ~229ms avg
EdDSA-25519-1024Bytes: ~353ms avg
AES-(128, 192, 256)-CCM-Wrap: ~10ms avg
HMAC-SHA-(1, 256): ~4ms avg
HMAC-SHA-(384, 512): ~243ms avg
Storage capacity

All data stored as objects. 256 object slots\, 128KB (base 10) max total
Stores up to 127 rsa2048\, 93 rsa3072\, 68 rsa4096 or 255 of any elliptic curve type\, assuming only one authentication key is present
Object types: Authentication keys (used to establish sessions); asymmetric private keys; opaque binary data objects\, e.g. x509 certs; wrap keys; HMAC keys
Management

Mutual authentication and secure channel between applications and HSM
M of N unwrap key restore via YubiHSM Setup Tool
Software Development Kit

YubiHSM Core Library (libyubihsm) for C\, Python
YubiHSM Shell (Configuration CLI)
PKCS#11 Module
YubiKey Key Storage Provider (KSP) for use with Microsoft
YubiHSM Connector
YubiHSM Setup Tool
Documentation and code examples
Physical characteristics

Form factor: ‘nano’ designed for confined spaces such as internal USB ports in servers
Dimensions: 12mm x 13mm x 3.1mm
Weight: 1 gram
Current requirements 20mA avg\, 30mA max
USB-A plug connector
Safety and environmental compliance

FCC
CE
WEEE
ROHS
Host interface

Universal Serial Bus (USB) 1.x Full Speed (12Mbit/s) Peripheral with bulk interface.

Due to the nature of these keys, you will need to fill in the form below and we will get back to you as soon as possible

Your Shipping Address(Required)
Your Billing Address