Yubico Announces YubiHSM 2 Integration with AWS IoT Greengrass; Delivering Hardware-based Private Key and Secrets Storage

3 minute read

PALO ALTO, Calif. and STOCKHOLM, SWEDEN – December 3, 2018 – Yubico, the leading provider of hardware authentication security keys, announced that the YubiHSM 2 (hardware security module) is qualified for Amazon Web Services (AWS) Internet of Things (IoT) Greengrass Hardware Security Integration. AWS IoT Greengrass introduced a new feature that will utilize a small subset of the YubiHSM 2 PKCS#11 library, allowing the YubiHSM 2 to perform the crypto operations for AWS IoT Greengrass to use secure hardware to store private keys. AWS IoT Greengrass allows users to securely and locally run compute, messaging, data caching, sync, and machine learning inference capabilities for connected devices.


The YubiHSM 2 delivers some of the highest levels of security for cryptographic digital key generation, storage, and management, supporting an extensive range of enterprise environments and applications, in a cost effective and minimalistic form factor. The new YubiHSM 2 integration with AWS IoT Greengrass introduces hardware root of trust private key storage, adding to the existing AWS IoT Greengrass security model at the edge that includes the use of certificate-based authentication and encryption of data both in rest and in transit.


YubiHSM 2 hardware integration was designed to increase security for AWS IoT Greengrass customers by allowing for hardware-secured and end-to-end encrypted messages to be sent between the AWS IoT Greengrass Core and the cloud, or other AWS IoT Greengrass local devices using the AWS IoT Device SDK. The AWS IoT Greengrass Core software can also use the YubiHSM 2’s hardware-secured private key for the encryption of secrets stored from the cloud-based AWS Secrets Manager.

“Since the launch of YubiHSM last year, we have seen many exciting deployments that have explored the use of the YubiHSM 2 for improving security within IoT environments,” said Jerrod Chong, SVP of Product, Yubico. “AWS adding support for external hardware-backed secure devices within the AWS IoT Greengrass platform is another great use case for YubiHSM.”

The YubiHSM 2 defies a conventional design approach to an HSM with Yubico’s signature traits of simplicity and affordability. The ultra-slim nano form factor YubiHSM 2 device is affordable at $650, offering advanced capabilities and benefits at a price within reach for all organizations.

To begin using this new security feature, AWS IoT Greengrass customers can see information about the Yubico YubiHSM 2 through the AWS Partner Device Catalog. Customers will have the option to configure their AWS IoT Greengrass Core to use the private key generated on the YubiHSM secure element to integrate with the AWS IoT Greengrass software utilizing the PKCS#11 crypto standard interface.

For more information on the YubiHSM 2 and AWS IoT Greengrass, please visit the Works with YubiKey catalog.


About Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.

The company’s core invention, the YubiKey, delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. The YubiHSM, Yubico’s ultra-portable hardware security module, protects sensitive data stored in servers.

Yubico is a leading contributor to the FIDO2WebAuthn, and FIDO Universal 2nd Factor open authentication standards, and the company’s technology is deployed and loved by 9 of the top 10 internet brands and by millions of users in 160 countries.

Founded in 2007, Yubico is privately held, with offices in Sweden, UK, Germany, USA, Australia, and Singapore. For more information: www.yubico.com

Ronnie Manning

Chief Marketing Officer