YubiHSM 2

Enable Hardware-Based Cryptographic Operations

The YubiHSM 2 is a game changing hardware solution for protecting Certificate Authority root keys from being copied by attackers, malware, and malicious insiders. It offers superior cost effective security and easy deployment making it accessible for every organization. It offers a higher level of security for cryptographic digital key generation, storage, and management, for organizations running Microsoft Active Directory Certificate Services.

The YubiHSM 2 features are accessible through Yubico’s Key Storage Provider (KSP) for industry-standard PKCS#11 or Microsoft’s CNG, or via native Windows, Linux and macOS libraries . Its ultra-slim “nano” form factor fits inside a server’s USB port, eliminating the need for bulky additional hardware, and offers flexibility for offline key transfer or backup.

YubiHSM 2 can be used as a comprehensive cryptographic toolbox for a wide range of open source and commercial applications. The most common use case being hardware-based digital signature generation and verification. YubiHSM 2 offers a compelling option for secure generation, storage and management of digital keys including essential capabilities to generate, write, sign, decrypt, hash and wrap keys.