Module Name
YubiKey 5 Cryptographic Module
Caveat
When operated in FIPS mode, installed, initialized, and configured as specified in Section 3 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.
Security Level Exceptions
- Physical Security: Level 3
- EMI/EMC: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Description
The YubiKey 5 cryptographic module is a secure element that supports multiple protocols designed to be embedded in USB and/or NFC security tokens. The module can generate, store, and perform cryptographic operations for sensitive data and can be utilized via an external touch-button for Test of User Presence. The module implements several major functions - Yubico One Time Password (OTP), FIDO/FIDO2, FIDO/U2F, PIV-compatible smart card, OpenPGP smart card, and OATH OTP authentication.
Approved Algorithms
| AES |
Cert. #C1680 |
| CKG |
Vendor Affirmed |
| CVL |
Cert. #C1680 |
| DRBG |
Cert. #C1680 |
| ECDSA |
Cert. #C1680 |
| HMAC |
Cert. #C1680 |
| KAS-SSC |
Vendor Affirmed |
| KBKDF |
Cert. #C1680 |
| KDA |
Vendor Affirmed |
| KTS |
AES Cert. #C1680 |
| KTS |
AES Cert. #C1680 and AES Cert. #C1680 |
| KTS |
AES Cert. #C1680 and HMAC Cert. #C1680 |
| RSA |
Cert. #A985 |
| SHS |
Cert. #C1680 |
| Triple-DES |
Cert. #C1680 |
Allowed Algorithms
EC Diffie-Hellman (shared secret computation provides between 128 and 256 bits of encryption strength); NDRNG; RSA (CVL Cert. #C1680, key unwrapping; key establishment provides between 112 and 150 bits of encryption strength); RSA (key unwrapping; key establishment provides between 112 and 150 bits of encryption strength)
Hardware Versions
SLE78CLUFX3000PH and SLE78CLUFX5000PH
Firmware Versions
5.4.2 and 5.4.3
