What’s new in Yubico PIV Tool 2.0?

Yubico Team

Yubico Team

2 minute read

New open authentication standards, FIDO2 and WebAuthn, have been getting a lot of attention lately with tech giants like Apple joining industry adoption. As a core creator of these standards, we celebrate these milestones, but our mission here at Yubico is to make a safer internet for all. In addition to driving new open web standards, our teams are also continuously working to support other authentication use cases or needs.

Today, we released Yubico PIV Tool 2.0. Many large companies and government agencies deploy YubiKeys as a user-friendly alternative to smart cards for public key infrastructure (PKI), and the PIV Tool helps with programming and managing YubiKeys. It allows users to import keys and certificates and generate keys on the device, among other operations.

If you are an enterprise or individual working with YubiKeys and PKI, the PKCS#11 module of the PIV Tool has a number of new capabilities that may help you with programming and managing YubiKeys. As a result, the 2.0 release is now compatible with:

The new functionality in PIV Tool 2.0 is primarily in the PKCS#11 module (YKCS11). With these new additions, developers can now:

  • Open multiple parallel PKCS#11 sessions and the module is thread safe.
  • Receive an attestation certificate for keys stored on the YubiKey PIV interface using standard PKCS#11 function calls.
  • Utilize new padding options for RSA operations, specifically PSS padding for signatures/verification and OAEP padding for encryption/decryption.

The YKCS11 module updates also support a number of new functions to talk to a YubiKey:

  • Encryption – EncryptInit, Encrypt, EncryptUpdate, EncryptFinal
  • Decryption – DecryptInit, Decrypt, DecryptUpdate, DecryptFinal
  • Digest – DigestInit, Digest, DigestUpdate, DigestFinal
  • Signatures – SignUpdate, SignFinal (SignInit/Sign were already supported)
  • Signature Verification – VerifyInit, Verify, VerifyUpdate, VerifyFinal
  • Other Functions – InitToken, GetObjectSize, SeedRandom, GenerateRandom

A complete list of all the supported functions in Yubico PIV Tool 2.0, as well as new YKCS11 attributes, can be found here. Download Yubico PIV Tool 2.0 here, or learn more about the PIV (smart card) functionality of the YubiKey, and its varying use cases.

, , ,
Talk to our teamTalk to our team

Share this article:
  • CEO Corner: Maintaining stable growth while navigating global uncertaintyAs we officially close out the first quarter of 2025,  I am pleased we saw a quarter with solid growth and profitability along with ongoing demand for phishing-resistant authentication. We continue to see new types of high-profile cyber attacks appearing regularly, and a major reason for the success of phishing attacks is stolen credentials. As […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more
  • AI is booming — but proving you’re human matters more than everIf you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains […]Read moreAIArtificial IntelligencephishingRSAC
  • Ditching passwords for good: Celebrating the inaugural World Passkey DayHave you ever been stuck in a relationship with someone who constantly lets you down, exposes your secrets, and leaves you vulnerable? Odds are you cut your losses, packed up your things and moved on. Today is the day to do the same with your passwords: say goodbye forever! The reality is a majority of […]Read morepasskeyspasswordlessWorld Passkey Day