PIV-enabled YubiKeys

The YubiKey 4 and YubiKey NEO support the Personal Identity Verification (PIV) interface specified in NIST SP 800-73 document "Cryptographic Algorithms and Key Sizes for PIV". This enables you to perform RSA or ECC sign/decrypt operations using a private key stored on the smartcard, through common interfaces like PKCS#11.

For information about what you can do with a PIV-enabled YubiKey, please see the various sections in the menu on the left.

Technical details about the YubiKey PIV implementation

The default PIN code is 123456. The default PUK code is 12345678.

The default 3DES management key (9B) is 010203040506070801020304050607080102030405060708.

Note

We urge you to change these values before using the PIV functionality for any non-testing purpose. For details on what these keys do, see Admin access.

The following key slots exists:

  • 9A, 9C, 9D, 9E: RSA 1024, RSA 2048, or ECC secp256r1 keys (algorithms 6, 7, 11 respectively).

  • 9B: Triple-DES key (algorithm 3) for PIV management.

The maximum size of stored objects is 2025/3049 bytes for current versions of YubiKey NEO and YubiKey 4, respectively.

Currently all functionality are available over both contact and contactless interfaces (contrary to what the specifications mandate).