Note: This article lists the technical specifications of the YubiKey 5Ci. If you're looking for setup instructions for your YubiKey 5Ci, see https://www.yubico.com/start.
The YubiKey 5Ci has six distinct applications, which are all independent of each other and can be used simultaneously. Note: Some software such as GPG can lock the CCID USB interface, preventing another software from accessing applications that use that mode.
Storage
YubiKey Application | Firmware 5.7+ | Firmware 5.0 - 5.6 |
FIDO2 | Up to 100 discoverable credentials (unlimited non-discoverable) | Up to 25 discoverable credentials (unlimited non-discoverable) |
FIDO U2F | Unlimited credentials | Unlimited credentials |
PIV (Smart card) | Up to 24 certificates* | Up to 24 certificates* |
OATH | Up to 64 credentials | Up to 32 credentials |
OTP | Up to 2 credentials | Up to 2 credentials |
OpenPGP | Up to 3 subkeys (signature, encryption, authentication)** | Up to 3 subkeys (signature, encryption, authentication)** |
*YubiKeys comply with the PIV standard for smart cards. See https://developers.yubico.com/PIV/Introduction/Certificate_slots.html for additional details on this standard and the associated slots. When used with Windows and the YubiKey Smart Card Minidriver, it is possible to load up to 12 certificates and use them for authentication. With standard PIV support (no minidriver, and/or operating systems other than Windows), only one authentication certificate is supported, and it must be stored in slot 9a. Most applications that support PIV (no minidriver) will only read from up to the first 4 slots. The remaining slots are intended to hold retired keys for the purpose of preserving the ability to decrypt encrypted e-mail, etc., and for attestation purposes.
**All subkeys must be linked to a single OpenPGP identity, which is established when generating the primary key.
Interface
The YubiKey 5Ci uses a USB 2.0 interface. All of the applications are available through this interface.
Applications
FIDO2
The FIDO2 application allows for secure single and multi-factor authentication, and can store up to 25 discoverable credentials (100 with firmware 5.7+). These credentials, which are protected by a PIN, enable passwordless login, where the YubiKey, unlocked by a PIN and authorized by touch, can log you in to your accounts without entering a username or password. For FIDO certification information, see YubiKey Hardware FIDO2 AAGUIDs.
USB Interface: FIDO
FIDO U2F
The U2F application can hold an unlimited number of U2F credentials.
USB Interface: FIDO
PIV (Smart Card)
This application provides a PIV compatible smart card. On Windows, the smart card functionality can be enhanced with the YubiKey Smart Card Minidriver.
Default Values:
- PIN: 123456
- PUK: 12345678
- Management Key: 010203040506070801020304050607080102030405060708
Supported Algorithms:
- ECC P256
- ECC P384
- RSA 1024
- RSA 2048
Additional Supported Algorithms (firmware 5.7+):
- RSA 3072
- RSA 4096
- Ed25519
- X25519
Management Key Algorithms:
- TDES
- AES 128/192/256 (firmware 5.4+)
Slot Information:
- Slot 9a: Authentication
- Slot 9b: Management Key
- Slot 9c: Digital Signature
- Slot 9d: Key Management
- Slot 9e: Card Authentication
- Slot f9: Attestation
- Slots 82-95: Retired Key Management
USB Interface: CCID
OATH
The YubiKey 5 Series supports both OATH-TOTP (time based) and OATH-HOTP (counter based). Accessing this application requires Yubico Authenticator.
USB Interface: CCID
OTP
The OTP application contains two programmable slots, each can hold one of the following credentials:
- Yubico OTP
- HMAC-SHA1 Challenge-Response
- Static Password
- OATH-HOTP
USB Interface: OTP
OpenPGP
This application implements version 3.4 of the OpenPGP Smart Card specification starting in firmware version 5.2, which can be used with GnuPG. For firmware versions 5.0-5.1, version 2.0 of the OpenPGP Smart Card specification is implemented.
Supported Algorithms:
- RSA 1024
- RSA 2048
- RSA 3072
- RSA 4096
Additional Supported Algorithms (firmware 5.2+):
- secp256r1
- secp256k1
- secp384r1
- secp521r1
- brainpoolP256r1
- brainpoolP384r1
- brainpoolP512r1
- curve25519
- x25519 (decipher only)
- ed25519 (sign / auth only)
USB Interface: CCID
Physical Specifications
Form Factor
Connectors: USB-C, Lightning
Dimensions: 12mm x 40.3mm x 5mm.
Weight: 2.8g
Temperatures
Operational range: 0 °C to 40 °C (32 °F to 104 °F)
Storage range: -20 °C to 85 °C (-4 °F to 185 °F)