U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #3907

Details

Module Name
YubiKey 5 Cryptographic Module
Standard
FIPS 140-2
Status
Active
Sunset Date
4/21/2026
Validation Dates
04/22/2021
Overall Level
1
Caveat
When operated in FIPS mode, installed, initialized, and configured as specified in Section 3 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.
Security Level Exceptions
  • Physical Security: Level 3
  • EMI/EMC: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Single Chip
Description
The YubiKey 5 cryptographic module is a secure element that supports multiple protocols designed to be embedded in USB and/or NFC security tokens. The module can generate, store, and perform cryptographic operations for sensitive data and can be utilized via an external touch-button for Test of User Presence. The module implements several major functions - Yubico One Time Password (OTP), FIDO/FIDO2, FIDO/U2F, PIV-compatible smart card, OpenPGP smart card, and OATH OTP authentication.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Cert. #C1680
CKG Vendor Affirmed
CVL Cert. #C1680
DRBG Cert. #C1680
ECDSA Cert. #C1680
HMAC Cert. #C1680
KAS-SSC Vendor Affirmed
KBKDF Cert. #C1680
KDA Vendor Affirmed
KTS AES Cert. #C1680
KTS AES Cert. #C1680 and AES Cert. #C1680
KTS AES Cert. #C1680 and HMAC Cert. #C1680
RSA Cert. #A985
SHS Cert. #C1680
Triple-DES Cert. #C1680
Allowed Algorithms
EC Diffie-Hellman (shared secret computation provides between 128 and 256 bits of encryption strength); NDRNG; RSA (CVL Cert. #C1680, key unwrapping; key establishment provides between 112 and 150 bits of encryption strength); RSA (key unwrapping; key establishment provides between 112 and 150 bits of encryption strength)
Hardware Versions
SLE78CLUFX3000PH and SLE78CLUFX5000PH
Firmware Versions
5.4.2

Vendor

Yubico, Inc.
530 Lytton Ave
Suite 301
n/a
Palo Alto, CA 94301
USA

Jakob Ehrensvard
jakob@yubico.com
Phone: +1 650-283-1537
Fax: n/a
n/a
n/a
Phone: n/a
Fax: n/a

Lab

ACUMEN SECURITY, LLC
NVLAP Code: 201029-0