Software Signing

Yubico aims to cryptographically sign all software that it distributes. We use three different techniques to achieve this.

OpenPGP Software Signing

Source code releases are usually signed by an OpenPGP key of one of Yubico’s developers. Some ZIP files containing Windows executables are also signed using OpenPGP.

Following are the keys for Yubico developers who are currently releasing code.

Following are the keys for developers who have released code in the past.

Windows Software Signing

Our Windows executables are signed with one of two code signing certificates, issued by GoDaddy and one issued by DigiCert:

SHA256 fingerprint

42:77:C7:17:01:5F:DB:6F:EA:CC:5D:4B:69:BD:72:D7:64:18:3E:6A:81:D6:64:87:BC:70:E9:B6:C5:9C:01:FE

SHA256 fingerprint

C3:C1:BE:40:B7:F2:C7:B2:51:DB:67:35:88:40:76:9F:37:35:28:D2:5E:32:AD:0D:80:6F:01:C6:ED:96:E8:2D

Windows software released before 2017-03-12 is signed with:

SHA256 fingerprint

F0:45:D8:A2:54:37:97:B1:29:6F:32:A1:4F:6C:BC:C6:13:5F:79:C5:18:EF:25:6C:B0:7F:C7:FD:01:70:5C:EB

Windows software released before 2016-03-12 is signed with:

SHA256 fingerprint

1F:DA:33:2D:C3:DB:B7:DA:13:1B:BE:78:6E:2E:F9:2C:40:86:59:08:E5:C8:AA:1C:FC:F7:C6:5F:35:37:E3:7E

Windows software released before 2015-03-12 is signed with:

SHA256 fingerprint

DB:75:AF:B8:AF:DF:5C:DC:F9:70:1E:0E:FA:4C:44:97:ED:BE:0D:95:DB:8D:12:82:77:23:C6:6B:69:FE:3E:8B

Mac Software Signing

Our Mac executables are signed with a Yubico code signing certificate, issued by Apple.

SHA256 fingerprint

3C:3F:C5:78:DE:63:8A:96:A3:73:61:BD:3F:9C:39:55:DA:69:08:CD:C9:AF:57:8D:41:02:74:95:98:B8:98:83

Mac software released before 2017-09-25 is signed with:

SHA256 fingerprint

F4:EC:6D:AF:9A:E6:AD:49:F6:D3:99:9A:D8:92:8E:A1:D3:A9:45:94:15:90:BC:33:BA:9D:8E:35:59:02:3C:BD