U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Cryptographic Module Validation Program CMVP

Certificate #3914

Details

Module Name
YubiKey 5 Cryptographic Module
Standard
FIPS 140-2
Status
Active
Sunset Date
5/2/2026
Validation Dates
05/03/2021;08/19/2021
Overall Level
2
Caveat
When operated in FIPS mode, installed, initialized, and configured as specified in Section 3 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.
Security Level Exceptions
  • Physical Security: Level 3
  • EMI/EMC: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Single Chip
Description
The YubiKey 5 cryptographic module is a secure element that supports multiple protocols designed to be embedded in USB and/or NFC security tokens. The module can generate, store, and perform cryptographic operations for sensitive data and can be utilized via an external touch-button for Test of User Presence in addition to PIN for smart card authentication.The module implements five major functions - Yubico One Time Password (OTP), FIDO2, PIV-compatible smart card, OpenPGP smart card and OATH OTP authentication.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Cert. #C1680
CKG Vendor Affirmed
CVL Cert. #C1680
DRBG Cert. #C1680
ECDSA Cert. #C1680
HMAC Cert. #C1680
KAS-SSC Vendor Affirmed
KBKDF Cert. #C1680
KDA Vendor Affirmed
KTS AES Cert. #C1680
KTS AES Cert. #C1680 and AES Cert #C1680
KTS AES Cert. #C1680 and HMAC Cert. #C1680
RSA Cert. #A985
SHS Cert. #C1680
Triple-DES Cert. #C1680
Allowed Algorithms
EC Diffie-Hellman (shared secret computation provides between 128 and 256 bits of encryption strength); NDRNG; RSA (CVL Cert. #C1680, key unwrapping; key establishment provides between 112 and 150 bits of encryption strength); RSA (key unwrapping; key establishment provides between 112 and 150 bits of encryption strength)
Hardware Versions
SLE78CLUFX3000PH and SLE78CLUFX5000PH
Firmware Versions
5.4.2 and 5.4.3

Vendor

Yubico, Inc.
530 Lytton Ave
Suite 301
n/a
Palo Alto, CA 94301
USA

Jakob Ehrensvard
jakob@yubico.com
Phone: +1 650-283-1537
Fax: n/a
n/a
n/a
Phone: n/a
Fax: n/a

Lab

ACUMEN SECURITY, LLC
NVLAP Code: 201029-0