Software Signing

Yubico aims to cryptographically sign all software that it distributes. We use three different techniques to achieve this.

OpenPGP Software Signing

Source code releases are usually signed by an OpenPGP key of one of Yubico’s developers. Some ZIP files containing Windows executables are also signed using OpenPGP.

Following are the keys for Yubico developers who are currently releasing code.

Following are the keys for developers who have released code in the past.

Windows Software Signing

Our Windows executables are signed with a code signing certificate, issued by GoDaddy.

SHA256 fingerprint

F0:45:D8:A2:54:37:97:B1:29:6F:32:A1:4F:6C:BC:C6:13:5F:79:C5:18:EF:25:6C:B0:7F:C7:FD:01:70:5C:EB

Windows software released before 2016-03-12 is signed with:

SHA256 fingerprint

1F:DA:33:2D:C3:DB:B7:DA:13:1B:BE:78:6E:2E:F9:2C:40:86:59:08:E5:C8:AA:1C:FC:F7:C6:5F:35:37:E3:7E

Windows software released before 2015-03-12 is signed with:

SHA256 fingerprint

DB:75:AF:B8:AF:DF:5C:DC:F9:70:1E:0E:FA:4C:44:97:ED:BE:0D:95:DB:8D:12:82:77:23:C6:6B:69:FE:3E:8B

Mac Software Signing

Our Mac executables are signed with a Yubico code signing certificate, issued by Apple.

SHA256 fingerprint

F4:EC:6D:AF:9A:E6:AD:49:F6:D3:99:9A:D8:92:8E:A1:D3:A9:45:94:15:90:BC:33:BA:9D:8E:35:59:02:3C:BD