Yubico Introduces Open Source YubiHSM SDK for Securing Infrastructures and Cryptographic Key Material

4 minute read

PALO ALTO, CA and STOCKHOLM, SWEDEN – November 26, 2018 – Yubico, the leading provider of hardware authentication security keys, today announced a new open source YubiHSM 2 (hardware security module) software development kit (SDK) available for developers and engineers to easily implement the YubiHSM 2 for an unlimited amount of use cases. The YubiHSM 2 delivers the highest levels of security for cryptographic digital key generation, storage, and management, supporting an extensive range of enterprise environments and applications, in a cost effective and minimalistic form factor

With the introduction of the open source YubiHSM 2 SDK, developers can rapidly build apps, across a wide variety of architectures and platforms, to easily integrate with the YubiHSM 2. For apps that communicate using PKCS#11, they can now use the SDK to integrate to the YubiHSM 2 and enable all of its security capabilities for greater protection of cryptographic keys and to conduct a range of other high security functions.

YubiHSM 2

“Open sourcing the SDK will help developers build more secure solutions in a rapid fashion,” said Jerrod Chong, SVP Products, Yubico.  “We are always looking at ways to increase usability of our products, while maintaining a high level of trust between Yubico and our user community of developers and      security specialists.”

The YubiHSM 2 can be used for protecting cryptographic keys stored on servers used in data centers, cloud server infrastructures, manufacturing and industrial services.  While the protection of root keys for Microsoft AD Certificate services is a common use case, YubiHSM 2 can be used as a comprehensive cryptographic toolbox for a wide range of open source and commercial applications, spanning many different products and services.

“Two of the main drawbacks to traditional HSMs are cost and complexity,” said Garrett Bekker, Principal Analyst, 451 Research. “By offering the YubiHSM 2 in an ultra-slim nano form factor and at a $650 price point that is much lower than standard HSMs, Yubico could help bring the benefits of HSMs to a wider range of organizations and new potential use cases.”

Highlighted YubiHSM 2 Use Cases

Since the product’s launch last year, Yubico has seen many unique implementations of the YubiHSM 2. Below are two deployments that have explored the multi-functionality of YubiHSM 2 for improving security within IoT hardware and gateways.

HashiCorp Extends Vault Enterprise PKCS#11 HSM Seal

HashiCorp is a cloud infrastructure automation company that enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp Vault is a tool for managing secrets and protecting sensitive data. Vault is designed to help security teams secure, store, and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets, and other sensitive data using a UI, CLI, or HTTP API.

Working with HashiCorp, Yubico has introduced an integration between the YubiHSM 2 and the Vault Enterprise PKCS#11 HSM seal/unseal feature. Utilizing the YubiHSM 2 SDK, HashiCorp enables organizations using YubiHSM 2 to seal wrap Certificate Authority root keys using PKCS#11 for an added layer of security. This integration also enables features such as key generation and key rolling.

For more information about Vault Enterprise’s PKCS#11 seal function, please visit HashiCorp’s website for documentation.

Integrating YubiHSM with the Curity Identity Server

Curity is a supplier of API-driven identity management, providing unified security for digital services. Customers include some of the largest financial service providers, banks, governments, and gaming companies around the world. Curity enables their customers to solve several challenges by using the YubiHSM 2, such as key management, hygiene, and security, the ability to sign JSON Web Tokens (JWT) using keys stored in hardware, and the ability to terminate SSL using keys they trust.

Curity Identity Server supports the use of the YubiHSM 2 for key storage using PKCS#11.  Because YubiHSM 2 supports PKCS#11, it can be used with Curity to sign tokens, encrypt SSL communication and perform other sensitive operations.

To read more on this integration, please visit Curity’s website for a tutorial.  

YubiHSM Open Source SDK and the Yubico Developers Program

Earlier this year, the company introduced the Yubico Developer Program to enable rapid integration of Yubico products. Initially focused on the YubiKey for strong authentication within web and mobile applications, the Developer Program is expanding its hardware track to now include the YubiHSM. Those who sign up will have access to developer resources including workshops, webinars, implementation guides, reference code, and SDKs.

For more information on the YubiHSM SDK and implementation guides, please visit the Yubico Developer site. For more information on Yubico products and technology, please visit yubico.com.

About Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.

The company’s core invention, the YubiKey, delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. The YubiHSM, Yubico’s ultra-portable hardware security module, protects sensitive data stored in servers.

Yubico is a leading contributor to the FIDO2WebAuthn, and FIDO Universal 2nd Factor open authentication standards, and the company’s technology is deployed and loved by 9 of the top 10 internet brands and by millions of users in 160 countries.

Founded in 2007, Yubico is privately held, with offices in Sweden, UK, Germany, USA, Australia, and Singapore. For more information: www.yubico.com

Ashton Tupper

Director of Global Communications

Ronnie Manning

Chief Marketing Officer