YubiKey Profiles

YUBIKEY FIPS

Profile for YubiKey FIPS

24 2048-bit keys PIV Personal Identity Verification (technical standard of "HSPD-12") PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication, 20 Key Management Keys) loaded by ActivID CMS
PIV EP Buffer Objects
1 synchronous OATH_HOTP Object loaded by ActivID CMS
PIN, PIV AUTHENTICATION, CHUID Card Holder Unique Identifier and Printed Information objects are mandatory. All other objects are optional.
PIN Numeric Only
The following key must be present in the HSM for profile issuance: YBTK_FINAL_ADMIN_KEY_9B_AES_32.

Important: If you are using an older YubiKey firmware version (earlier than 5.4), you need to add the YBTK_FINAL_ADMIN_KEY_9B_TRIPLE key to the HSM.

Note:

The OATH application personalization is not supported on YubiKey 5, but it is supported on YubiKey 4 FIPS and YubiKey 5 FIPS devices. However, OATH personalization is only available using the ActivID Authentication Server.
If the OATH application is not personalized in the policy, then the native OTP slot will not be removed when the device is recycled.

Supported Devices

Supported Pre-Issuance IDs

YubiKey 4 FIPS

YUBIKEY_TOKEN

Description	YubiKey Tokens
Manufacturer Key Set	N/A
Diversification	N/A
Key Set Version / Index	N/A
Initial 9B key Label	YBTK_INIT_ADMIN_KEY_9B_TRIPLE
Initial 9B Key AlgoID	03
Logical Scheme	1
ManufacturerID	YUBICO-01
CardProductID	YUBIKEY_TOKEN_DEVICE
PhysicalDescriptionID	WHITE_CARD
PackageConfigID	FREE
RequirementID	YK
KeyConfigID	NO_KEY
LogicalDescription	7010000001

YubiKey 5 & YubiKey 5 FIPS

YUBIKEY_TOKEN

Description	YubiKey Tokens
Manufacturer Key Set	N/A
Diversification	N/A
Key Set Version / Index	N/A
Initial 9B key Label	YBTK_INIT_ADMIN_KEY_9B_TRIPLE
Initial 9B Key AlgoID	03
Logical Scheme	1
ManufacturerID	YUBICO-01
CardProductID	YUBIKEY_TOKEN_DEVICE
PhysicalDescriptionID	WHITE_CARD
PackageConfigID	FREE
RequirementID	YK
KeyConfigID	NO_KEY
LogicalDescription	7010000001