Yubico HSM For IDTP (Binimoy)
We, Commlink Info Tech Limited are the partner of Yubico and providing Yubico YubiHSM2 (Recommended by Bangladesh Bank) for BB-IDTP (Binimoy) Project to Banks, MFS, PSP and PSO.
Secure your sensitive data and critical applications by storing, protecting and managing cryptographic keys with the YubiHSM 2, a dedicated hardware security module (HSM) that offers superior protection against key theft and misuse. A FIPS 140-2 validated version (Level 3) is also available via the YubiHSM 2 FIPS. With the same feature set as the YubiHSM 2, the YubiHSM 2 FIPS can meet the requirements of government agencies, and organizations in financial services, healthcare, energy, and any other area where the FIPS security standard is a requirement.
About this product:
- Direct USB Support
- General Purpose HSM
- Introduces asymmetric cryptography
- PKCS#11 (Windows, Linux, macOS)
- Native YubiHSM Core Libraries (C, python)
- Windows, Linux, and Mac support
- USB-A, IP68 rated, Crush Resistant, No Batteries Required, No Moving Parts.
Product Description
The YubiHSM 2 is a game changing hardware solution for protecting Certificate Authority root keys from being copied by attackers, malware, and malicious insiders. It offers superior cost effective security and easy deployment making it accessible for every organization. It offers a higher level of security for cryptographic digital key generation, storage, and management, for organizations running Microsoft Active Directory Certificate Services.
The YubiHSM 2 features are accessible by integrating with an open source and comprehensive software development toolkit (SDK) for a wide range of open source and commercial applications. The most common use case is hardware-based digital signature generation and verification. In additional emerging use cases such as securing cryptocurrency exchanges and IoT gateways are just a few examples of how the world’s smallest HSM can secure modern infrastructures.
YubiHSM 2 secures cryptographic keys through their entire lifecycle from secure key generation, attestation, secure key storage, secure key distribution, secure key backup all the way to secure key destruction if needed. Screen reader support enabled.
Secure Microsoft Active Directory Certificate Services
YubiHSM 2 can provide hardware backed keys for your Microsoft-based PKI implementation. Deploying YubiHSM 2 to your Microsoft Active Directory Certificate services not only protects the CA root keys but also protects all signing and verification services using the private key.
⦁ Secure key storage and operations
⦁ Extensive cryptographic capabilities: RSA, ECC, ECDSA (ed25519), SHA-2, AES
⦁ Secure session between HSM and application
⦁ Role-based access controls for key management and key usage
⦁ 16 concurrent connections
⦁ Optionally network shareable
⦁ Remote management
⦁ Unique “Nano” form factor, low-power usage
⦁ M of N wrap key Backup and Restore
⦁ Interfaces via YubiHSM KSP, PKCS#11, and native libraries
⦁ Tamper evident Audit Logging
Interfaces via YubiHSM KSP, PKCS#11, and native libraries
Crypto enabled applications can leverage the YubiHSM via Yubico’s Key Storage Provider (KSP) for Microsoft’s CNG or industry-standard PKCS#11. Native libraries are also available on Windows, Linux and macOS to enable more direct interaction with the device’s capabilities.
Direct USB Support
The YubiHSM 2 can talk directly to the USB layer without the need for an intermediate HTTP mechanism. This delivers an improved experience for the developers who are developing solutions for virtualized environments.
Cryptographic interfaces (APIs)
⦁ Microsoft CNG (KSP)
⦁ PKCS#11 (Windows, Linux, macOS)
⦁ Native YubiHSM Core Libraries (C, python)
Hashing (used with HMAC and asymmetric signatures)
⦁ SHA-1, SHA-256, SHA-384, SHA-512
RSA
⦁ 2048, 3072, and 4096 bit keys
⦁ Signing using PKCS#1v1.5 and PSS
⦁ Decryption using PKCS#1v1.5 and OAE
Picture:
