Yubico Forum

Page 1 of 1

Author:  Fredrik-at-Yubico [ Wed Apr 06, 2011 3:23 pm ]
Post subject:  Introduction

Everyone - meet YubiHSM.

YubiHSM is the latest innovation from Yubico. It is Yubico's take
on what an HSM should be like. Easy to use and affordable.

Want to validate Yubico OTPs?

YubiHSM is a one-stop solution for validation of up to 1024
YubiKeys with an internal database.

YubiHSM can decrypt indefinite numbers of YubiKey's OTP's (if you
have access to the token unique AES key that is) with secure
storage of the AES keys on the host computer. The AES keys are
only readable to the YubiHSM through the use of
Authenticated Encryption with Associated Data (AEAD).

Want to securely validate OATH tokens?

The YubiHSM makes for an excellent security device in an OATH
validation service by providing HMAC-SHA1 capabilities with the
secret key secured inside AEADs.

Want to securely validate plain text passwords?

The YubiHSM can compare the decrypted contents of a previously
generated AEAD and internally compare it with provided plain text.
This makes it possible to generate an AEAD from a password (or
better, from a PBKDF2 hash of a password) and then later on
securely verify that the same password is presented by a user.

Want random number seed?

The YubiHSM includes a random number generator. Technical details
in the YubiHSM manual.

Want generic cryptography primitives?

The YubiHSM provides AES ECB encrypt/decrypt/decrypt-compare,
as well as HMAC-SHA1 with key stored in the YubiHSM (64 slots
available for such keys). Keys can have associated permissions
through an extensive set of flags, so a poor-mans asymmetric
cryptography can be achieved with two or more YubiHSM's sharing
the same key but possibly with different associated permissions
(YubiHSM 1 can only encrypt, YubiHSM 2 can only decrypt).

Want generic cryptography primitives with a twist?

The YubiHSM provides AES ECB encrypt/decrypt/decrypt-compare,
as well as HMAC-SHA1 - all leveraged with powerful key
indirection where the secret key is stored in an AEAD and only
ever decrypted inside the YubiHSM.

For product information, see http://www.yubico.com/yubihsm/.

For technical documentation, see http://static.yubico.com/var/uploads/YubiHSM%20Manual%202011-04-02.pdf.

On behalf of the Yubico Team,

Fredrik Thulin - YubiHSM product manager

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group