What’s new in Yubico PIV Tool 2.0?

Yubico Team

Yubico Team

2 minute read

New open authentication standards, FIDO2 and WebAuthn, have been getting a lot of attention lately with tech giants like Apple joining industry adoption. As a core creator of these standards, we celebrate these milestones, but our mission here at Yubico is to make a safer internet for all. In addition to driving new open web standards, our teams are also continuously working to support other authentication use cases or needs.

Today, we released Yubico PIV Tool 2.0. Many large companies and government agencies deploy YubiKeys as a user-friendly alternative to smart cards for public key infrastructure (PKI), and the PIV Tool helps with programming and managing YubiKeys. It allows users to import keys and certificates and generate keys on the device, among other operations.

If you are an enterprise or individual working with YubiKeys and PKI, the PKCS#11 module of the PIV Tool has a number of new capabilities that may help you with programming and managing YubiKeys. As a result, the 2.0 release is now compatible with:

The new functionality in PIV Tool 2.0 is primarily in the PKCS#11 module (YKCS11). With these new additions, developers can now:

  • Open multiple parallel PKCS#11 sessions and the module is thread safe.
  • Receive an attestation certificate for keys stored on the YubiKey PIV interface using standard PKCS#11 function calls.
  • Utilize new padding options for RSA operations, specifically PSS padding for signatures/verification and OAEP padding for encryption/decryption.

The YKCS11 module updates also support a number of new functions to talk to a YubiKey:

  • Encryption – EncryptInit, Encrypt, EncryptUpdate, EncryptFinal
  • Decryption – DecryptInit, Decrypt, DecryptUpdate, DecryptFinal
  • Digest – DigestInit, Digest, DigestUpdate, DigestFinal
  • Signatures – SignUpdate, SignFinal (SignInit/Sign were already supported)
  • Signature Verification – VerifyInit, Verify, VerifyUpdate, VerifyFinal
  • Other Functions – InitToken, GetObjectSize, SeedRandom, GenerateRandom

A complete list of all the supported functions in Yubico PIV Tool 2.0, as well as new YKCS11 attributes, can be found here. Download Yubico PIV Tool 2.0 here, or learn more about the PIV (smart card) functionality of the YubiKey, and its varying use cases.

, , ,
Talk to our teamTalk to our team

Share this article:
  • CEO Corner: Entering the second half of 2025 with momentumAs we continue to move further into the second half of 2025, I want to share a look back at our journey so far this year and as well as lay out Yubico’s strategic path ahead.  Resurgence in order growth and key segment wins While net sales declined for Q2, the end of the quarter […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Survey says: Your dog’s name isn’t a passwordWe all know we should be protecting our digital lives, but what are Americans actually doing? Yubico recently commissioned a survey, conducted by Talker Research, which asked 5,000 Americans in 10 major metro cities across the U.S. about their online security habits. Here’s a closer look at what they found (hint: they’re not as secure as they […]Read moreCompany Newssurvey
  • Passkeys are winning, but security leaders must raise the barPasswords are on their way out. In their place is a new form of login called passkeys that promises stronger security and less frustration. All passkeys offer the rare combination of improved usability and stronger security, especially when compared to passwords alone. But unless we act now, millions could be left more vulnerable than ever. […]Read moreDevice-bound passkeysHardware passkeypasskeyssynced passkeys
  • Your top YubiKey questions, answeredOver the 10+ years I’ve been at Yubico, I’ve had the pleasure of meeting customers, partners and many others talking about digital security. While every conversation is different, I am often asked many of the same questions about YubiKeys. One thing remains consistent: many people know they need better security, but they’re not sure what […]Read moreFAQYubiKey