Yubico YubiHSM 2 v2.4. Hardware Security Module. USB-A

The YubiHSM 2 is a game changing hardware solution for protecting Certificate Authority root keys from being copied by attackers. malware. and malicious insiders. It offers superior cost effective security and easy deployment making it accessible for every organization. It offers a higher level of security for cryptographic digital key generation. storage. and management. for organizations running Microsoft Active Directory Certificate Services.The YubiHSM 2 features are accessible by integrating with an open source and comprehensive software development toolkit (SDK) for a wide range of open source and commercial applications. The most common use case is hardware-based digital signature generation and verification. In additional emerging use cases such as securing cryptocurrency exchanges and IoT gateways are just a few examples of how the world’s smallest HSM can secure modern infrastructures.YubiHSM 2 secures cryptographic keys through their entire lifecycle from secure key generation. attestation. secure key storage. secure key distribution. secure key backup all the way to secure key destruction if needed. Screen reader support enabled.Use CasesEnhance Protection for Cryptographic KeysYubiHSM 2 offers a compelling option for secure generation. storage and management of keys. Key protection is done in the secure on-chip hardware isolated from operations on the server. Most common use cases involve protecting of the certificate authorities (CAs) private key. YubiHSM 2 capabilities include: generate. write. sign. decrypt. hash and wrapping keys.Rapidly integrate with Hardware-based Strong SecurityYubiHSM 2 can be used as a comprehensive cryptographic toolbox for low-volume operations in conjunction with a huge set of open source and commercial applications spanning many different products and services. Most common use case involve on-chip hardware based processing for signature generation and verification. The YubiHSM 2 supports the PKCS#11 industry standard.Secure Microsoft Active Directory Certificate ServicesYubiHSM 2 can provide hardware backed keys for your Microsoft-based PKI implementation. Deploying YubiHSM 2 to your Microsoft Active Directory Certificate services not only protects the CA root keys but also protects all signing and verification services using the private key.- Secure key storage and operations- Extensive cryptographic capabilities: RSA. ECC. ECDSA (ed25519). SHA-2. AES (ECB/CBC mode for non-FIPS only)- Secure session between HSM and application- Role-based access controls for key management and key usage- 16 concurrent connections- Optionally network shareable- Remote management- Unique “Nano” form factor. low-power usage- M of N wrap key Backup and Restore- Interfaces via YubiHSM KSP. PKCS#11. and native libraries- Tamper evident Audit LoggingSecure Cryptocurrency ExchangesWith the explosive growth of the cryptocurrency market also comes a high volume of assets that need protection to mitigate against emerging security risks. The YubiHSM 2 FIPS allows organizations to strongly secure cryptographic keys and keep sensitive financial information safe.Protect Internet of Things (IoT) EnvironmentsThe Internet-of-Things (IoT) is a rapidly emerging area where systems often operate in hostile environments. That makes securing cryptographics keys even more important as organizations need to protect sensitive information. Cryptographic keys are used in numerous IoT applications. with insufficient security in place. Developers building IoT applications can rapidly enable support for the YubiHSM 2 FIPS to protect cryptographic keys and keep critical IoT environments from falling victim to hostile takeovers.Feature DetailsBackups using Asymmetric Cryptography (New to v2.4)YubiHSM 2 v2.4 allows secure data backups using asymmetric encryption. ensuring sensitive information remains protected. even during transfers over the internet.Bring Your Own Key Support (New to v2.4)The ‘Bring Your Own Key’ (BYOK) feature in YubiHSM 2 v2.4 lets organizations securely manage and store their own encryption keys in a multi-cloud environment. offering enhanced security. control. portability. and regulatory compliance at a lower cost than traditional on-premises HSMs.Crypto Library Update (New to v2.4)YubiHSM 2 v2.4 includes an in-house developed cryptographic library for performing RSA and ECC operations like decryption and signing. the same library used in the YubiKey 5.7 release.Secure key storage and operationsCreate. import. and store keys. then perform all crypto operations in the YubiHSM 2 FIPS hardware to prevent theft of keys while at rest or in use. This protects against both logical attacks against the server. such as zero-day exploits or malware. and physical theft of a server or its hard drive.Extensive cryptographic capabilitiesYubiHSM 2 FIPS supports hashing. key wrapping. asymmetric signing and decryption operations including advanced signing using ed25519. Attestation is also supported for asym