Understanding Your YubiHSM 1

See also YubiHSM 2


The YubiHSM 1 is a special purpose HSM that protects encryption keys and OTP seeds for the PyHSM, a Python package to talk to a YubiHSM. The device features enterprise-grade security, low cost of ownership, and elegant simplicity. YubiHSM 1 includes a feature-rich subset of capabilities typically found in more expensive HSMs, including protection of secrets from internet intrusion, such as a hacker gaining root access to the server. The YubiHSM 1 does not support asymmetric cryptography, a feature that was added in the YubiHSM 2. The device also does not support FIPS 140 or similar standards. But YubiHSM 1 does support OTP, a feature not yet implemented in YubiHSM 2. Given space considerations, the internal key store is fixed at 1024 entries.


Other features include:

  • The YubiHSM 1 uses Communication Device Class, a USB device communication protocol (USB CDC) as opposed to a custom driver. USB CDC support is common across the Microsoft Windows, Linux, and Apple Mac OS X platforms. YubiHSM 1 internal key storage is set to 1024 entries due to limitations of the on-board memory size. The YubiHSM is protected against physical intrusion with the use of a secure element. In addition, the key store can be encrypted with an AES-256 key (passphrase needed on startup).
  • The YubiHSM 1 device firmware cannot be upgraded.