This article describes the end-of-life of the YubiKey Validation Server (YK-VAL), the YubiKey Key Storage Module (YK-KSM) and YubiHSM 1 and next steps for customers.
YK-VAL is a server that validates Yubikey One-Time Passwords (OTPs). YK-VAL is written in PHP, for use behind web servers such as Apache. YK-KSM provides an AES key storage facility for use with a YubiKey validation server.
End of life and end of support timeline:
- End-of-life YK-VAL and YK-KSM on 1 May 2021
- End-of-sale YubiHSM 1 on 1 Nov 2021
- End-of-support YubiHSM 1 on 1 May 2022
On 26 April 2021, Yubico declared end-of-life of YK-VAL and YK-KSM and moved both to YubicoLabs as a reference architecture. Yubico will continue to sell YubiHSM 1 until 1 Nov 2021, so customers can purchase more should they wish before Yubico officially ends availability of YubiHSM 1 on 1 May 2022.
The YK-VAL service relies on PHP 5 which was normal in 2014 when it was created, but PHP 5 is now on the deprecation path. This dependency prevents some of our customers from maintaining secure and compliant posture because PHP 5 is not supported beyond Linux Ubuntu 16.04, which is already coming to its end of life with the current long term branch of 20.04.
Products and libraries on YubicoLabs are experimental projects and reference architectures to be used by anyone as-is without any option to purchase Priority Support, receive free support, or request development, bug-fixes or platform support from Yubico.
Yubico recommends customers who use these libraries to migrate to YubiCloud, a free validation service offered by Yubico that is not encumbered by YK-VAL’s limitations, and which benefits from a SaaS-delivered service with security reviews, patches and upgrades, continuous delivery and continuous improvement. As customers plan this migration, they can continue to utilize their existing YK-VAL deployments by purchasing extended support for Ubuntu 16.04 on which YK-VAL depends, and access source code at YubicoLabs.