YubiHSM 2, the world’s smallest hardware security module, enhanced with new features to support security for the Public Sector

Compliance mandates require many of our customers in regulated industries or in high-risk environments to prove adequate levels of protection for their data, no matter where it lives or travels. This is why we’ve continued to enhance the capabilities of both the YubiHSM 2 and YubiHSM 2 FIPS, the world’s smallest FIPS-validated and non-FIPS hardware security modules (HSMs). Today, we’re also excited to share that the YubiHSM 2 FIPS now meets FIPS 140-2, Level 3.

While credential theft and phishing attacks continue to skyrocket, so do the number of server-based attacks. Approximately 85% of all data breaches involve human interaction — a fact reinforced by the dizzying array of breaches to hit news headlines last year, not to mention what we expect to see again this year, only accelerated. 

The YubiHSM 2 product lineup delivers advanced protection for certificate authority (CA) keys, database master keys, code signing, authentication/access tokens, manufacturing processes and component authenticity checks, IoT gateways or proxies, file encryption, cryptocurrency exchanges and more. The rise of threats like zero day exploits and malware makes software-based cryptographic key storage increasingly vulnerable for organizations. Alternatively, HSMs offer advanced protection, backed by tamper-resistant hardware, for servers and the cryptographic keys stored within them. 

Why is this important? 

Provides secure hardware protection for cryptographic keys

  • The YubiHSM 2 and YubiHSM 2 FIPS enable secure key storage and operations on tamper-resistant hardware, with audit logging. This prevents accidental copying and distribution of keys, and remote theft of cryptographic software keys. Extensive cryptographic capabilities include: hashing, key wrapping, asymmetric signing, decryption, attestation and more.

Leverages innovative design for flexible use and simple deployment

  • Traditional rack-mounted and card-based HSMs are not practical for many organizations due to their size and deployment complexity. The YubiHSM 2 lineup offers a portable ‘nano’ form factor that allows fast and flexible deployment across diverse environments. It fits easily into a USB-A slot, lying almost flush to remain concealed.

Offers low-cost, high security ROI

  • The YubiHSM 2 FIPS delivers government-grade high cryptographic security and operations at a price point that is up to 90% cheaper than traditional HSMs. Additionally, low-power usage reduces business energy consumption. 

So, what’s new?

With the latest SDK libraries, tools, and the new 2.3.1 firmware just released, roadblocks that prevented YubiHSM 2 products integration with more widely available libraries and operating systems have been removed. This ensures smooth integration with libraries that are used by public sector agencies such as the Department of Defense among others.  

Key new features both versions of the YubiHSM 2 lineup include:

  • Support for Advanced Encryption Standard (AES) in Electronic Code Book (ECB) and Cipher Block Chaining (CBC) modes, for non-FIPS only.
    • AES is one of the most widely used symmetric cryptography algorithms and can be used in several modes such as ECB, CBC, CCM and GCM. Out of these four modes, YubiHSM 2 now supports three most commonly used modes of encryption. 
  • Support for authentication using asymmetric encryption.
    • This feature enables authentication to YubiHSM 2 using Public Key Infrastructure (PKI) where authentication credentials can be stored in a YubiKey enhancing the security of the authentication mechanism. 
  • Support for storing custom information for keys and other objects transparently in YubiHSM 2.
    • Prior to this enhancement, YubiHSM 2 only supported a specified set of information per type of objects. This prevented integration with a few cryptographic libraries that required storing information that did not conform to the template supported by YubiHSM 2. 
    • With this enhancement, information that does not conform to the standard template for keys, can also be stored in YubiHSM 2. This removes the roadblocks that prevented integration of YubiHSM 2 with certain libraries and operating systems. 

For more information on the YubiHSM 2 lineup, please visit the Yubico site. Products are  available for purchase on the Yubico store, through Yubico’s dedicated sales team, or from any Yubico-approved channel partners and resellers

Talk to our teamTalk to our team

Share this article:


  • AI is booming — but proving you’re human matters more than everIf you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains […]Read moreAIArtificial IntelligencephishingRSAC
  • Ditching passwords for good: Celebrating the inaugural World Passkey DayHave you ever been stuck in a relationship with someone who constantly lets you down, exposes your secrets, and leaves you vulnerable? Odds are you cut your losses, packed up your things and moved on. Today is the day to do the same with your passwords: say goodbye forever! The reality is a majority of […]Read morepasskeyspasswordlessWorld Passkey Day
  • Digital security’s unique role in protecting our environmentAs sustainability expands to include social, economic, and technological challenges, cybersecurity has emerged as a top global threat – with cybercrime projected to cost $12 trillion this year. Stolen credentials and phishing account for 80% of breaches. At Yubico, making the world more secure is just part of how we care for the world around […]Read moreCSREarth DaySecure It ForwardSustainability
  • Breaking down Australia’s plan to combat AI-driven phishing scamsAcross Australia, cybercrime continues to be a major challenge impacting businesses, critical infrastructure and consumers alike. The use of AI by bad actors across the spectrum of cybercrime is on the rise, and as a result, credential phishing scams are becoming increasingly sophisticated. AI is effectively helping to lower the cost of phishing and increase […]Read moreAIAPACAustraliaphishing