Module Name
YubiKey 5 Cryptographic Module
Caveat
When operated in FIPS mode, installed, initialized, and configured as specified in Section 3 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.
Security Level Exceptions
- Physical Security: Level 3
- EMI/EMC: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Description
The YubiKey 5 cryptographic module is a secure element that supports multiple protocols designed to be embedded in USB and/or NFC security tokens. The module can generate, store, and perform cryptographic operations for sensitive data and can be utilized via an external touch-button for Test of User Presence. The module implements several major functions - Yubico One Time Password (OTP), FIDO/FIDO2, FIDO/U2F, PIV-compatible smart card, OpenPGP smart card, and OATH OTP authentication.
Approved Algorithms
AES |
Cert. #C1680 |
CKG |
Vendor Affirmed |
CVL |
Cert. #C1680 |
DRBG |
Cert. #C1680 |
ECDSA |
Cert. #C1680 |
HMAC |
Cert. #C1680 |
KAS-SSC |
Vendor Affirmed |
KBKDF |
Cert. #C1680 |
KDA |
Vendor Affirmed |
KTS |
AES Cert. #C1680 |
KTS |
AES Cert. #C1680 and AES Cert. #C1680 |
KTS |
AES Cert. #C1680 and HMAC Cert. #C1680 |
RSA |
Cert. #A985 |
SHS |
Cert. #C1680 |
Triple-DES |
Cert. #C1680 |
Allowed Algorithms
EC Diffie-Hellman (shared secret computation provides between 128 and 256 bits of encryption strength); NDRNG; RSA (CVL Cert. #C1680, key unwrapping; key establishment provides between 112 and 150 bits of encryption strength); RSA (key unwrapping; key establishment provides between 112 and 150 bits of encryption strength)
Hardware Versions
SLE78CLUFX3000PH and SLE78CLUFX5000PH
Firmware Versions
5.4.2 and 5.4.3