YubiKey Bio - Multi-protocol Edition


ykbio-mpe.png

 

Note: This article lists the technical specifications of the YubiKey Bio Multi-protocol Edition. If you're looking for setup instructions for your YubiKey Bio Multi-protocol Edition, see https://www.yubico.com/start.

 

The YubiKey Bio Multi-protocol Edition has three distinct applications, which are all independent of each other and can be used simultaneously. To find out if an application is compatible with the YubiKey Bio - Multi-protocol Edition, browse to the Works With YubiKey Catalog, and in the Series drop-down, select YubiKey Bio Series to only display services that are compatible with it.

 

Storage

 

YubiKey Application Firmware 5.7+ Firmware 5.6
FIDO2 Up to 100 discoverable credentials (unlimited non-discoverable) Up to 25 discoverable credentials (unlimited non-discoverable)
FIDO U2F Unlimited credentials Unlimited credentials
PIV (Smart card) Up to 24 certificates* Up to 24 certificates*

 

*YubiKeys comply with the PIV standard for smart cards. See https://developers.yubico.com/PIV/Introduction/Certificate_slots.html for additional details on this standard and the associated slots. When used with Windows and the YubiKey Smart Card Minidriver, it is possible to load up to 12 certificates and use them for authentication. With standard PIV support (no minidriver, and/or operating systems other than Windows), only one authentication certificate is supported, and it must be stored in slot 9a. Most applications that support PIV (no minidriver) will only read from up to the first 4 slots. The remaining slots are intended to hold retired keys for the purpose of preserving the ability to decrypt encrypted e-mail, etc., and for attestation purposes.

 

Interface

The YubiKey Bio Multi-protocol Edition uses a USB 2.0 interface. All of the applications are available through this interface.

 

Applications

FIDO2

The FIDO2 application allows for secure single and multi-factor authentication, and can store up to 25 discoverable credentials (100 with firmware 5.7+). These credentials, which are protected by user verification (PIN or fingerprint), enable passwordless login, where the YubiKey, unlocked by user verification and authorized by touch, can log you in to your accounts without entering a username or password. For FIDO certification information, see YubiKey Hardware FIDO2 AAGUIDs.

 

USB Interface: FIDO

 

More about FIDO 2

 

FIDO U2F

The U2F application can hold an unlimited number of U2F credentials.

 

USB Interface: FIDO

 

More about FIDO U2F

 

PIV (Smart Card)

manual-icon.svg Note:
The YubiKey Bio Multi-protocol Edition supports using fingerprint 
verification in lieu of the PIN when performing cryptographic operations. 
In the case of PIV smart card however, to provide users with this fingerprint
option, client software or middleware is required. Yubico has implemented
support for this in the Yubico Minidriver from version 4.6.1. If users
attempt to use PIV smart card on the YubiKey Bio Multi-protocol Edition
without supporting middleware, they will encounter limitations.

In scenarios where supporting middleware is not available or not utilized,
users can still access the PIV application on the YubiKey Bio Multi-protocol
Edition. However, they will not have the option to utilize fingerprint
authentication for cryptographic operations. Instead, they will need to rely
on traditional methods such as entering a PIN.

While users can still access the PIV application and perform cryptographic
operations, they miss out on the convenience and potentially enhanced
security offered by biometric authentication. Without the fingerprint
option, users may need to rely on the PIN.

This application provides a PIV compatible smart card. On Windows, the smart card functionality can be enhanced with the YubiKey Smart Card Minidriver.

 

Default Values:

 

  • PIN: 123456
  • PUK: 12345678
  • Management Key: 010203040506070801020304050607080102030405060708 (AES)

Supported Algorithms:

 

  • ECC P256
  • ECC P384
  • RSA 1024
  • RSA 2048

Additional Supported Algorithms (firmware 5.7+):

 

  • RSA 3072
  • RSA 4096
  • Ed25519
  • X25519

Management Key Algorithms:

  • TDES and AES

Slot Information:

 

  • Slot 9a: Authentication
  • Slot 9b: Management Key
  • Slot 9c: Digital Signature
  • Slot 9d: Key Management
  • Slot 9e: Card Authentication
  • Slot f9: Attestation
  • Slots 82-95: Retired Key Management

USB Interface: CCID

 

More info about PIV

 

Physical Specifications

Form Factor

Connector: USB-A
Dimensions: 18mm x 45mm x 3.35mm
Weight: 4.3g

 

Temperatures

Operational range: 0 °C to 40 °C (32 °F to 104 °F)
Storage range: -20 °C to 85 °C (-4 °F to 185 °F)