The YubiHSM 2 is a hardware security module that is within the reach of every organization. It offers advanced cryptography, including hashing, asymmetric and symmetric key cryptography, to protect the cryptographic keys of crucial applications, identities and sensitive data in a company for certificate authorities, databases, code signing and more.
The YubiHSM 2 is accessible for applications through a Microsoft KSP, industry standard PKCS # 11 or native OS libraries and optionally shared by the deployment flexibility network. The ultra-thin ‘nano’ form factor fits completely into the USB port of a server and also makes it highly transportable for off-line key transport or back-up.
Example usage scenarios
Improve security for cryptographic keys
YubiHSM 2 offers an attractive option for secure generation, storage and management of keys. The main security is implemented in the secure on-chip hardware that is isolated from operations on the server. Most common use cases are securing the master key of the certification authority (CAs). The YubiHSM 2 possibilities include generating, writing, signing, decoding, hash and packaging.
Enable hardware-based cryptographic operations
YubiHSM 2 can be used as a comprehensive cryptographic toolbox for small operations in combination with a huge range of open source and commercial applications that include many different products and services. The most common use case concerns on-chip hardware-based processing for the generation and verification of signatures.
Secure Microsoft Active Directory Certificate Services
YubiHSM 2 can provide hardware back keys for your Microsoft-based PKI implementation. Deploying YubiHSM 2 in your Microsoft Active Directory Certificate services not only protects the root CA keys, but also protects all signing and authentication services using the root key.