Home page - Bitcoin and Crypto security

Hardware Security Module Yubico YubiHSM v2.1, USB-A

Yubico 5060408461976 292 FLAYUB016
BAR Code: 5060408461976
SKU Code: 292
User Code: FLAYUB016
Warranty: 1 year
Hardware Security Module Yubico YubiHSM v2.1, USB-A
This item is currently out of stock.
OutOfStock

The YubiHSM 2 is a Hardware Security Module that is within reach of all organizations. It provides advanced cryptography, including hashing, asymmetric and symmetric key cryptography, to protect the cryptographic keys that secure critical applications, identities, and sensitive data in an enterprise for certificate authorities, databases, code signing and more.

The YubiHSM 2 can be accessed by applications through a Microsoft KSP, industry standard PKCS#11, or native OS libraries and optionally network-sharable for deployment flexibility. Its ultra-slim “nano” form factor fits completely inside a server’s USB port and also makes it highly transportable for off-line key transport or backup.

Root of trust for servers and computing devices

The YubiHSM 2 is a cost-effective Hardware Security Module (HSM) for servers and IoT gateways, offering advanced digital key protection capabilities and benefits at a price within reach of all organizations. It provides the highest levels of security for cryptographic digital key generation, storage, and management, supporting an extensive range of enterprise environments and applications.

The YubiHSM 2 features are accessible through Yubico’s Key Storage Provider (KSP) for industry-standard PKCS#11 or Microsoft’s CNG, or via native Windows, Linux and macOS libraries . Its ultra-slim “nano” form factor fits inside a server’s USB port, eliminating the need for bulky additional hardware, and offers flexibility for offline key transfer or backup.

Essential security features, including hashing, asymmetric, and symmetric cryptography to protect cryptographic keys while at rest or in use. These keys are most often used by certificate authorities, databases, and code signing, to secure critical applications, identities, and sensitive data in an enterprise.

Secure Microsoft Active Directory Certificate Services

YubiHSM 2 provides a hardware-backed key to secure digital keys used in a Microsoft-based PKI implementation. Deploying YubiHSM 2 to Microsoft Active Directory Certificate services not only guards the CA root keys but also protects all signing and verification services using the root key.

Enable Hardware-Based Cryptographic Operations

YubiHSM 2 can be used as a comprehensive cryptographic toolbox for a wide range of open source and commercial applications. The most common use case being hardware-based digital signature generation and verification.

Enhance Protection for Cryptographic Keys

YubiHSM 2 offers a compelling option for secure generation, storage and management of digital keys including essential capabilities to generate, write, sign, decrypt, hash and wrap keys.

Feature Overview

  • Secure key storage and operations
  • Extensive cryptographic capabilities: RSA, ECC, ECDSA (ed25519), SHA-2, AES
  • Secure session between HSM and application
  • Role-based access controls for key management and key usage
  • 16 concurrent connections
  • Optionally network sharable
  • Remote management
  • Unique “Nano” form factor, low-power usage
  • M of N wrap key Backup and Restore
  • Interfaces via YubiHSM KSP, PKCS#11, and native libraries
  • Tamper evident Audit Logging

Feature Details

Secure key storage and operations

Create, import, and store keys, then perform all crypto operations in the HSM hardware to prevent theft of keys while at rest or in use. This protects against both logical attacks against the server, such as zero-day exploits or malware, and physical theft of a server or its hard drive.

Extensive cryptographic capabilities

YubiHSM 2 supports hashing, key wrapping, asymmetric signing and decryption operations including advanced signing using ed25519.  Attestation is also supported for asymmetric key pairs generated on-device.

Secure session between HSM and application

The integrity and privacy of commands and data in transit between the HSM and applications are protected using a mutually authenticated, integrity and confidentiality protected tunnel.

Role-based access controls for key management and key usage 

All cryptographic keys and other objects in the HSM belong to one or more security domains. Access rights are assigned for each authentication key at creation time which allow a specific set of cryptographic or management operations to be performed per security domain. Admins assign rights to authentication keys based on its use case, such as a event monitoring app that needs the ability to read all audit logs in the HSM, or a Registration Authority that needs to issue (sign) end user digital certificates, or a domain security admin who needs to create and delete crypto keys.

16 concurrent connections

Multiple applications can establish sessions with a YubiHSM to perform cryptographic operations. Sessions can be automatically terminated after inactivity or be long-lived to improve performance by eliminating session creation time.

Network Sharable

To increase the flexibility of deployments, the YubiHSM 2 can be made available for use over the network by applications on other servers. This can be especially advantageous on a physical server that is hosting multiple virtual machines.

Remote Management

Easily manage multiple deployed YubiHSMs remotely for the entire enterprise – eliminate on-call staff complexity and travel expense.

Unique “Nano” form factor, low-power usage

The Yubico “Nano” form factor allows the HSM to be inserted completely inside a USB-A port so it’s completely concealed – no external parts that protrude out of the server back or front chassis. It uses minimal power, max of 30mA, for cost-savings on your power budget.

M of N wrap key Backup and Restore

Backing up and deploying cryptographic keys on multiple HSMs is a critical component of an enterprise security architecture, but it’s a risk to allow a single individual to have that ability. The YubiHSM supports setting M of N rules on the wrap key used to export keys for backup or transport, so that multiple administrators are required to import and decrypt a key to make it usable on additional HSMs. For example in an enterprise, the Active Directory root CA private key might be key wrapped for 7 administrators (M=7) and at least 4 of them (N=4) are required to import and unwrap (decrypt) the key in the new HSM.

Interfaces via YubiHSM KSP, PKCS#11, and native libraries

Crypto enabled applications can leverage the YubiHSM via Yubico’s Key Storage Provider (KSP) for Microsoft’s CNG or industry-standard PKCS#11. Native libraries are also available on Windows, Linux and macOS to enable more direct interaction with the device’s capabilities.

Tamper evident Audit Logging

The YubiHSM internally stores a log of all management and crypto operation events that occur in the device and that log can be exported for monitoring and reporting. Each event (row) in the log is hash chained with the previous row and signed so that it’s possible to determine if any events are modified or deleted.

Advanced, Affordable Hardware Security

Whether you are getting started securing servers, or replacing pre-existing Hardware Security Module (HSM) solutions, YubiHSM 2 offers robust capabilities and benefits at a price that is now within easy reach for enterprises.

Trusted Brand

The YubiHSM 2 evolved from the award-winning YubiKey, trusted by 9 of the top 10 internet companies, and 2 of the top 3 financial, retail, healthcare and research institutions globally. Manufactured in USA and Sweden with high security and quality.

Technical Specifications

Operating System Support (amd64 architecture)

  • Linux: CentOS 6, CentOS 7, Debian 8, Debian 9, Fedora 25, Ubuntu 1404, Ubuntu 1604
  • Windows: Windows 10, Windows Server 2012, Windows Server 2016
  • macOS: 10.12 Sierra, 10.13 High Sierra

Cryptographic interfaces (APIs)

  • Microsoft CNG (KSP)
  • PKCS#11 (Windows, Linux, macOS)
  • Native YubiHSM Core Libraries (C, python)

Cryptographic capabilities

Hashing (used with HMAC and asymmetric signatures)

  • SHA-1, SHA-256, SHA-384, SHA-512

RSA

  • 2048, 3072, and 4096 bit keys
  • Signing using PKCS#1v1.5 and PSS
  • Decryption using PKCS#1v1.5 and OAEP

Elliptic Curve Cryptography (ECC)

  • Curves: secp224r1, secp256r1, secp256k1, secp384r1, secp521r, bp256r1, bp384r1, bp512r1, curve25519
  • Signing: ECDSA (all except curve25519), EdDSA (curve25519 only)
  • Decryption: ECDH (all except curve25519)

Key wrap

  • Import and export using NIST AES-CCM Wrap at 128, 196, and 256 bits

Random numbers

  • On-chip True Random Number Generator (TRNG) used to seed NIST SP 800-90 AES 256 CTR_DRBG

Attestation

  • Asymmetric key pairs generated on-device may be attested using a factory certified attestation key and certificate, or using your own key and certificate imported into the HSM

Performance

Performance varies depending on usage. The accompanying Software Development Kit includes performance tools that can be used for additional measurements. Example metrics from an otherwise unoccupied YubiHSM 2:

  • RSA-2048-PKCS1-SHA256: ~139ms avg
  • RSA-3072-PKCS1-SHA384: ~504ms avg
  • RSA-4096-PKCS1-SHA512: ~852ms avg
  • ECDSA-P256-SHA256: ~73ms avg
  • ECDSA-P384-SHA384: ~120ms avg
  • ECDSA-P521-SHA512: ~210ms avg
  • EdDSA-25519-32Bytes: ~105ms avg
  • EdDSA-25519-64Bytes: ~121ms avg
  • EdDSA-25519-128Bytes: ~137ms avg
  • EdDSA-25519-256Bytes: ~168ms avg
  • EdDSA-25519-512Bytes: ~229ms avg
  • EdDSA-25519-1024Bytes: ~353ms avg
  • AES-(128|192|256)-CCM-Wrap: ~10ms avg
  • HMAC-SHA-(1|256): ~4ms avg
  • HMAC-SHA-(384|512): ~243ms avg

Storage capacity

  • All data stored as objects. 256 object slots, 128KB (base 10) max total
  • Stores up to 127 rsa2048, 93 rsa3072, 68 rsa4096 or 255 of any elliptic curve type, assuming only one authentication key is present
  • Object types: Authentication keys (used to establish sessions); asymmetric private keys; opaque binary data objects, e.g. x509 certs; wrap keys; HMAC keys

Management

  • Mutual authentication and secure channel between applications and HSM
  • M of N unwrap key restore via YubiHSM Setup Tool

Software Development Kit

A Software Development Kit for YubiHSM 2 is available for download on Yubico.com and includes:

  • YubiHSM Core Library (libyubihsm) for C, Python
  • YubiHSM Shell (Configuration CLI)
  • PKCS#11 Module
  • YubiKey Key Storage Provider (KSP) for use with Microsoft
  • YubiHSM Connector
  • YubiHSM Setup Tool
  • Documentation and code examples

Physical characteristics

  • Form factor: ‘nano’ designed for confined spaces such as internal USB ports in servers
  • Dimensions: 12mm x 13mm x 3.1mm
  • Weight: 1 gram
  • Current requirements 20mA avg, 30mA max
  • USB-A plug connector


Device Type Secure USB key
Connection type USB-A

B2B

Products are intended only for resale partners.

Application for partners is available here.

We automatically place necessary cookies on your device when you visit our website so that our website may be displayed and function properly. We may also place non-necessary analytical and marketing cookies on your device if you choose the “Accept All” option. These cookies collect and analyse different information about your interactions with our website and other websites for targeted advertising purposes.

Please click the Accept All button to agree to the use of all types of cookies or opt out of non-essential cookies by clicking Reject All. See our Cookie Policy to learn more.

×
Managing cookies on the Eventus Sistemi website
Mandatory cookies

are cookies that are essential for the proper functioning of the website, whereby the transmission of information in the communication network would not be possible without them. These cookies are also necessary in order for us to offer you the services, which are available on our website. They allow you to log in to the user profile, select the language, agree to the terms and conditions and identify the session of the user. We are not obliged to obtain consent for their use.

Analytical cookies

These cookies help us understand how our visitors use our website. They help us improve the user experience and identify user requirements and trends. We only use these cookies if you have explicitly consented to their use.

Advertising cookies

Third-party plug-ins and tools used as cookies enable various functionalities to work, help us analyse the frequency of visits and how the website is used. If an individual does not agree to the use of these cookies, they will not be installed, while it may however happen, that some interesting features of the website will not be available. We only use these cookies if you have explicitly consented to their use.

Social network cookies

These cookies make it possible for us to provide content for posts on social media and record your actions so that we may provide a more personal and enhanced user experience. We use these cookies only if you are logged into a Twitter, Facebook or Google user account when using the website.

1. General information about cookies 1.1. What are cookies?

Cookies are small text files that most modern websites store on the devices of their visitors, i.e. people who access certain websites on the Internet with their devices. The storing of cookies is under the complete control of the user, since users can easily configure their browser to restrict or disable the storage of cookies.

While visiting the website and its subpages and performing operations on the website, your computer, phone or tablet, automatically or after gaining your explicit consent, stores certain cookies through which various data can be recorded.

1.2. How do they work and why we use them?

Each visitor or shopper is assigned a cookie in order to identify him and ensure traceability at the beginning of each use of the online store. The servers provided to the company by the subcontractor automatically collect data on how visitors, shop owners or shoppers use the online store and store this data in the form of an activity log.

The servers store information about the use of the online store, statistics and IP numbers. Data on the use of the online store by shoppers can be used by the company for compiling anonymous statistics that help us improve the user experience as well as market products and / or services through an online store.

Indirectly and upon obtaining consent, the online store may also store external service cookies on the visitor's or shopper's device (e.g. Google Analytics) which are used to collect data on website visits. Regarding external services, the rules and general conditions on the processing of personal data, which are available at the links below, apply.

2. Permission to use cookies

If the settings of the browser with which you visit the website are such, that they accept all cookies, it means that you agree to their use. In case you do not want to use cookies on this website or you want to remove them, you may follow the procedure below. Removing or blocking cookies may result in suboptimal performance of this website.

3. Mandatory and optional cookies and your consent 3.1. We are not required to gain your consent for the use of mandatory cookies:

Mandatory cookies are cookies, that are essential for the proper functioning of the website, whereby the transmission of information in the communication network would not be possible without them. These cookies are also necessary in order for us to offer you the services, which are available on our website. They enable login into the user profile, language selection, agreeing to the terms and conditions and user session identification.

3.2. Cookies that are not necessary for the normal operation of the website, and for which we are obliged to obtain your consent (optional cookies):

Analytical cookies

These cookies help us understand how our visitors use our website. They help us improve the user experience and identify user requirements and trends. We only use these cookies if you have explicitly consented to their use.

Advertising cookies

Third-party plug-ins and tools used as cookies enable various functionalities to work, help us analyse the frequency of visits and how the website is used. If an individual does not agree to the use of these cookies, they will not be installed, while it may however happen, that some interesting features of the website will not be available. We only use these cookies if you have explicitly consented to their use.

Social network cookies

These cookies make it possible for us to provide content for posts on social media and record your actions so that we may provide a more personal and enhanced user experience. We use these cookies only if you are logged into a Twitter, Facebook or Google user account when using the website.

4. How to manage cookies?

You can manage cookies by clicking on the "Cookie settings" link in the footer of the website.

You can also control and change cookie settings in your own web browser.

In case you want to delete cookies from your device, we advise you to follow the described procedures, by doing so, you will most likely limit the functionality of not only our website but also most other websites, as the majority of modern websites use cookies.