It just makes sense to put the tightest security on the servers that store the guarded secrets for all user authentications. If those servers are compromised it means the security of all cryptographic keys and passwords resident on that server are compromised — or in other words, a disaster.

Yubico originally developed the YubiHSM to process the encryption, decryption, and storage of secrets on its own servers. Today, the YubiHSM, a hardware security module, is Yubico’s offering for easy, affordable, and secure protection of authentication secrets related to the Yubico OTP stored on the authentication or key server. The device protects data at rest against remotely conducted intrusion attacks and internal threats like employees copying secrets.

The current version of YubiHSM features a secure element and a change from the original larger form factor to a smaller nano design with a molded plastic harness.


  • Works with any standard USB port, across multiple operating systems including Linux and Microsoft Windows.
  • Offers encryption with a Message Authentication Code (MAC), HMAC-SHA1 hashing, AES encryption/decryption, and cryptographic True Random Number Generation.
  • Provides a physically isolated environment for cryptographic processing.
  • Has no moving parts and requires no additional maintenance once installed.
  • Capable of supporting any counter-based OTP protocol including YubiOTP (Yubico’s OTP implementation) and OATH-HOTP authentication.
  • Works with the Yubico Validation Server.


The YubiHSM installation does not require any specialized setup and it is quickly configured as it requires no additional drivers or software to use,. It consumes less than 0.2 W compared to over 300 W for some HSM hardware and, at $500, is priced tens of thousands of dollars below traditional HSM hardware.


The YubiHSM is configured by default to support Yubico’s OTP validation, but can be configured to handle AES encryption/decryption, secure comparison of decrypted data or HMAC-SHA1 validation with the key stored on the YubiHSM. In addition, it can be used to generate truly random numbers derived from the physical characteristics of the computer and USB port to which it is attached.


The YubiHSM processes the encryption, decryption, and storage of keys. When called to validate a Yubico OTP, it will load the OTP and the associated encrypted key into its onboard processor and perform the decryption and comparison. Subsequently, it will only pass the validation results and associated data (such as usage counters) back to the host machine; the decrypted key and plaintext OTP never leave the YubiHSM hardware. This provides a great level of security for secrets, should an authentication server become compromised –- the secrets themselves remain secure in the YubiHSM hardware, encrypted with a 128-bit AES key.


The YubiHSM has been validated by internet security experts and is currently used by more than 100 organizations, including leading internet companies and US Department of Defense contractors. YubiHSM also protects the YubiCloud, Yubico’s hosted validation service.


  • Authentication Service: You run an authentication service; secrets are stored on a computer that has to be accessible from the internet and you are concerned it will be hacked some day.
  • Restrict Access: You want to prevent system administrators and staff who have physical access to the server to copy the database and get access to sensitive data.
  • Prevent Compromise: You need an architecture that prevents a hacker from compromising your secrets, but allows you to run your service full speed.
  • Support YubiKeys: You have a smaller fleet of Yubikeys and want to do the authentication yourself without having to implement a complete authentication server with a database.
  • Cost Sensitive: You have rejected typical HSMs for cost reasons (they are typically $15k per unit or more + maintenance fees).
YubiHSM Video




YubiHSM Reference Manual
Basic YubiHSM Windows Monitor Utility Manual
YubiHSM Security Advisory
Python framework


Is the YubiHSM for symmetric encryption only?

YES – the YubiHSM at the current level does not support asymmetric cryptography.

Is the YubiHSM security certified (FIPS 140 or similar)?

NO – we may consider this in the future for a premium version (due to cost). We will decide later on when the final functionality is fully defined and has been tested out thoroughly.

Is the YubiHSM protected against physical intrusion?

Yes, YubiHSM uses a secure element. In addition, the key store can be stored encrypted with AES-256 (passphrase needed on startup).

Are keys deleted on intrusion events?

Yes, the YubiHSM uses a secure element that is designed to destroy data in the case of an intrusion.

Is the internal CPU a designated security CPU or just an ordinary COTS one?

It is a designated security CPU.

Why is USB CDC used rather than a custom driver?

This is because the Windows, Linux and Mac platforms all support USB CDC. USB CDC communication is very simple and straight-forward using normal file I/O functions.

The USB interface is only full-speed. Why not high-speed?

With the current design, the communication speed is not a practical performance limiting factor.

The internal Yubikey key storage is just 1024 entries. I want more!

We needed to set the limit somewhere and onboard storage represents a cost driver. We may introduce a version with more internal storage later on.

Can the device firmware be upgraded via USB (otherwise known as DFU)?

No, we explicitly decided to not include an upgrade feature due to security concerns. The only interface and protocol available is USB CDC under firmware control.