Supports four key slots: PIV Authentication, Digital Signature, Key Management, and Card Authentication.
Each slot is capable of holding an X.509 certificate, along with its accompanying private key.
Supports key sizes up to RSA 2048, or ECC secp256r1 keys.
All functionality is available over both contact and contactless interfaces.
YubiKey works as a PIV-compliant smart card out-of-the-box with compatibility for Microsoft Windows Server 2008 R2 and later servers, and Microsoft Windows 7 and later clients.
Request a certificate from a Windows Certification Authority, generate a self-signed certificate, or import an existing certificate to the YubiKey. Generate a certificate based on the Server CA Template stored in the secure element on the device. Supports all Windows smart card behaviors, including lock on removal. No additional software is required for authentication. Identifies as a Microsoft USB CCID smart card reader and NIST SP 800-73 PIV smart card.
Certificate Authority with YubiKey
Set up a Certificate Authority (CA) with subordinate CA private keys stored on YubiKey to sign end entity certificates
Supports up to RSA 2048 bit keys for the subordinate CAs and end entity certificates.
OS X Code Signing
Generate a certificate on the YubiKey, submit the certificate request to Apple, and use it for OS X code signing. Certificates will also be loaded to the Apple Keychain.
Use the certificates as usual with codesign, pkgbuild, productbuild, and productsign commands.
SSH with PIV and PKCS11
The YubiKey with PIV can work for public key authentication with OpenSSH through PKCS11. Primarily on Mac OS X or Linux systems with the OpenSC software installed.
Uses a self-signed cert loaded on the slot 9a of the PIV applet for SSH Authentication via OpenSC.
More Places to Use the YubiKey with Smart Card/PIV