How fast is decryption by the FIPS Series YubiKey?

sudoman asked:

From what I understand, YubiKeys decrypt data directly within themselves, so this could slow down large downloads over SFTP (made possible by SSH-enabled subkeys in your GPG keyring). This would also apply when decrypting large GPG encrypted files. Please correct me if I’m wrong.

Encryption to another person’s public key likely doesn’t occur on the device, because the public keys aren’t themselves protected secrets. When signing a file, you’re just signing a small checksum of the file, so I wouldn’t expect much of a bottleneck there either.

So, given that decryption could be a bottleneck, what is the speed of decryption (in KB/s or MB/s) for large files encrypted to a 4096 bit RSA key on a FIPS Series YubiKey? Does the YubiKey have accelerated AES hardware that does most of the lifting?

I’m also interested in decryption speeds of other models from Yubico if you know stats for any of those. Thanks!

My answer:


The YubiKey only does public key cryptography, not symmetric cryptography.

In each of those cases, the YubiKey is used to encrypt (or decrypt) a symmetric key, which is then used by a symmetric cipher such as AES. The YubiKey is not involved at all, after this key is made available. Symmetric cryptography is performed by the device (computer, phone, etc).


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.