What’s new in Yubico PIV Tool 2.0?

Yubico Team

Yubico Team

2 minute read

New open authentication standards, FIDO2 and WebAuthn, have been getting a lot of attention lately with tech giants like Apple joining industry adoption. As a core creator of these standards, we celebrate these milestones, but our mission here at Yubico is to make a safer internet for all. In addition to driving new open web standards, our teams are also continuously working to support other authentication use cases or needs.

Today, we released Yubico PIV Tool 2.0. Many large companies and government agencies deploy YubiKeys as a user-friendly alternative to smart cards for public key infrastructure (PKI), and the PIV Tool helps with programming and managing YubiKeys. It allows users to import keys and certificates and generate keys on the device, among other operations.

If you are an enterprise or individual working with YubiKeys and PKI, the PKCS#11 module of the PIV Tool has a number of new capabilities that may help you with programming and managing YubiKeys. As a result, the 2.0 release is now compatible with:

The new functionality in PIV Tool 2.0 is primarily in the PKCS#11 module (YKCS11). With these new additions, developers can now:

  • Open multiple parallel PKCS#11 sessions and the module is thread safe.
  • Receive an attestation certificate for keys stored on the YubiKey PIV interface using standard PKCS#11 function calls.
  • Utilize new padding options for RSA operations, specifically PSS padding for signatures/verification and OAEP padding for encryption/decryption.

The YKCS11 module updates also support a number of new functions to talk to a YubiKey:

  • Encryption – EncryptInit, Encrypt, EncryptUpdate, EncryptFinal
  • Decryption – DecryptInit, Decrypt, DecryptUpdate, DecryptFinal
  • Digest – DigestInit, Digest, DigestUpdate, DigestFinal
  • Signatures – SignUpdate, SignFinal (SignInit/Sign were already supported)
  • Signature Verification – VerifyInit, Verify, VerifyUpdate, VerifyFinal
  • Other Functions – InitToken, GetObjectSize, SeedRandom, GenerateRandom

A complete list of all the supported functions in Yubico PIV Tool 2.0, as well as new YKCS11 attributes, can be found here. Download Yubico PIV Tool 2.0 here, or learn more about the PIV (smart card) functionality of the YubiKey, and its varying use cases.

, , ,
Talk to our teamTalk to our team

Share this article:
  • Future-proofing authentication: A look at the future of post-quantum cryptographyThe path from passwords to passkeys and beyond In a previous blog I talked about the end of passwords and the rise of passkeys, which promise stronger security and less frustration for both individuals and businesses. The global momentum behind passkeys represents one of the most exciting shifts in authentication history, but realizing their full […]Read more
  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more