imported>Jimmy-bot：机器人: 尚未清空的已重定向分类）（Cat:認證方法→Cat:身份验证方法

2025-12-07T11:25:42Z

新页面

{{校对翻译}}
{{NoteTA
|G1=IT
}}
'''YubiKey'''是由'''Yubico'''生产的[[安全令牌|身份认证设备]]，支持[[一次性密码]]（OTP）、[[公钥]]加密和身份认证，以及由[[FIDO联盟]]（FIDO U2F）开发的[[通用第二因素]]（U2F）协议。<ref>{{cite web|url=https://fidoalliance.org/specifications/overview/|title=Specifications Overview|accessdate=4 December 2015|website=FIDO Alliance|archive-date=2018-12-09|archive-url=https://web.archive.org/web/20181209210217/https://fidoalliance.org/specifications/overview/}}</ref>它讓用户可以透过提交[[一次性密碼]]或是使用设备產生的公開/私密金钥来安全地登录自己的帐户。针对不支持一次性密码的网站，YubiKey也可以存储静态密码。<ref>{{cite web|url=https://www.yubico.com/about/intro/yubikey/|title=What Is A Yubikey|accessdate=7 November 2014|website=Yubico|archive-date=2015-01-31|archive-url=https://web.archive.org/web/20150131222500/https://www.yubico.com/about/intro/yubikey/}}</ref>[[Facebook]]使用YubiKey作为员工凭证；<ref>{{cite web|url=https://www.wired.com/2013/10/facebook-yubikey/|title=Facebook Pushes Passwords One Step Closer to Death|accessdate=7 November 2014|author=McMillan|date=3 October 2013|work=Wired|archive-date=2021-05-07|archive-url=https://web.archive.org/web/20210507053634/https://www.wired.com/2013/10/facebook-yubikey/}}</ref>[[Google]]同时为雇员和用户提供支援。<ref>{{cite news|url=https://www.forbes.com/sites/amadoudiallo/2013/11/30/google-wants-to-make-your-passwords-obsolete/|title=Google Wants To Make Your Passwords Obsolete|first1=Amadou|date=30 November 2013|publisher=Forbes|accessdate=15 November 2014|last1=Diallo|archive-date=2017-08-18|archive-url=https://web.archive.org/web/20170818164058/https://www.forbes.com/sites/amadoudiallo/2013/11/30/google-wants-to-make-your-passwords-obsolete/|dead-url=no}}</ref><ref>{{cite news|url=https://online.wsj.com/news/articles/SB10001424127887323585604579008620509295960|title=Say Goodbye to the Password|first1=Andrew|date=15 September 2013|publisher=The Wall Street Journal|accessdate=15 November 2014|last1=Blackman|archive-date=2014-01-03|archive-url=https://web.archive.org/web/20140103085719/https://online.wsj.com/news/articles/SB10001424127887323585604579008620509295960|dead-url=no}}</ref>還有一些密码管理器也支持YubiKey。<ref>{{cite web|url=https://helpdesk.lastpass.com/security-options/multifactor-authentication-options/yubikey-authentication/|title=YubiKey Authentication|accessdate=15 November 2014|website=LastPass|archive-date=2014-10-07|archive-url=https://web.archive.org/web/20141007070737/https://helpdesk.lastpass.com/security-options/multifactor-authentication-options/yubikey-authentication/}}</ref><ref>{{cite web|url=http://keepass.info/help/kb/yubikey.html|title=KeePass & YubiKey|accessdate=15 November 2014|website=KeePass|archive-date=2022-03-08|archive-url=https://web.archive.org/web/20220308073612/https://keepass.info/help/kb/yubikey.html}}</ref>

Yubikey实现了{{tsl|en|HMAC-based One-time Password Algorithm|基于HMAC的一次性密码算法}}（HOTP）和[[基于时间的一次性密码算法]]（TOTP），并且將本身作为一个通过USB HID协议的键盘來提供一次性密码。YubiKey NEO和YubiKey 4还包含许多协议，如使用2048位[[RSA加密演算法|RSA]]和[[椭圆曲线密码学|椭圆曲线加密系统]]（ECC）p256和p384的OpenPGP卡、[[近場通訊|近场通信]]（NFC）以及FIDO U2F。YubiKey允许用户对消息签名、加密且同时不暴露私钥。第4代YubiKey于2015年11月16日推出，支持4096位RSA密钥的OpenPGP，并有{{tsl|en|FIPS 201|PIV智能卡}}的[[PKCS11]]支持，还允许对[[Docker (軟體)|Docker]]映像进行[[代码签名]]。<ref>{{cite web|url=https://www.yubico.com/2015/11/4th-gen-yubikey-4/|title=Launching The 4th Generation YubiKey|accessdate=20 November 2015|website=Yubico|archive-date=2018-11-30|archive-url=https://web.archive.org/web/20181130202118/https://www.yubico.com/2015/11/4th-gen-yubikey-4/}}</ref><ref>{{cite web|url=https://www.yubico.com/2015/11/yubico-docker-codesign/|title=With a Touch, Yubico, Docker Revolutionize Code Signing|accessdate=20 November 2015|website=Yubico|archive-date=2018-11-30|archive-url=https://web.archive.org/web/20181130202130/https://www.yubico.com/2015/11/yubico-docker-codesign/}}</ref>

Yubico是一家私人公司，2007年由[[首席执行官]]{{tsl|en|Stina Ehrensvärd}}创立，办事处位于[[帕羅奧圖 (加利福尼亞州)|帕羅奧圖]]、[[西雅圖]]和[[斯德哥尔摩]]。<ref>{{cite web|url=https://www.yubico.com/about/team/|title=The Team|accessdate=12 September 2015|publisher=Yubico|language=|archive-date=2022-05-10|archive-url=https://web.archive.org/web/20220510204632/https://www.yubico.com/about/team/}}</ref>Yubico[[首席技术官]]Jakob Ehrensvärd是原“强认证规范”的主要作者，该规范后来演变为通用第二因素（U2F）。<ref>{{cite web|url=https://fidoalliance.org/about/history/|title=History of FIDO|accessdate=16 March 2017|publisher=FIDO Alliance|archive-date=2018-08-26|archive-url=https://web.archive.org/web/20180826095559/https://fidoalliance.org/about/history/}}</ref>

== 历史 ==
在[[消費電子展|CES 2017]]峰会上，YubiKey宣布推出新[[USB Type-C|USB-C]]设计的YubiKey 4C。YubiKey 4C于2017年2月13日发布。<ref>{{Cite news|url=https://www.yubico.com/2017/01/yubikey-usb-c-ces2017/|title=NEW YubiKey 4C featuring USB-C revealed at CES 2017 {{!}} Yubico|date=2017-01-05|work=Yubico|accessdate=2017-09-14|language=en-US|archive-date=2020-01-06|archive-url=https://web.archive.org/web/20200106092933/https://www.yubico.com/2017/01/yubikey-usb-c-ces2017/}}</ref>在通过USB-C连接的[[Android]]上，目前仅支持一次性密码功能，而[[通用第二因素]]（U2F）之類的其他功能仍無法使用。<ref>{{Cite news|url=https://www.yubico.com/support/knowledge-base/categories/articles/can-yubikey-4c-plugged-directly-android-phones-tablets-usb-c-ports/|title=Can the YubiKey 4C be plugged directly into Android phones or tablets with USB-C ports? {{!}} Yubico|work=Yubico|accessdate=2017-09-14|language=en-US|archive-url=https://web.archive.org/web/20170914215822/https://www.yubico.com/support/knowledge-base/categories/articles/can-yubikey-4c-plugged-directly-android-phones-tablets-usb-c-ports/|archive-date=2017-09-14|dead-url=yes}}</ref>

== ModHex ==
YubiKey可以发出类十六进制字母形式的密码，目的是尽可能不受系统键盘设置的限制。这种字母表被称为ModHex或Modified Hexadecimal，由字母cbdefghijklnrtuv组成，对应于十六进制数字0123456789abcdef。<ref>{{Cite web|url=https://forum.yubico.com/viewtopic.php?f=6&t=96|title=Modhex - why and what is it?|accessdate=6 November 2016|date=12 June 2008|last=E|first=Jakob|publisher=Yubico|language=en|archive-url=https://web.archive.org/web/20171116184919/https://forum.yubico.com/viewtopic.php?f=6&t=96|archive-date=2017-11-16|dead-url=yes}}</ref>

== 对YubiKey 4的安全担忧（封闭源代码） ==
Yubico已使用闭源代码替换了YubiKey 4中全部开源组件，这使得独立审查安全缺陷不再可能。<ref>{{Cite web|url=https://plus.google.com/+KonstantinRyabitsev/posts/4a7RNxtt7vy|title=I must, sadly, withdraw my endorsement of yubikey 4 devices (and perhaps all ...|accessdate=12 November 2016|last=Ryabitsev|first=Konstantin|archive-date=2019-03-22|archive-url=https://web.archive.org/web/20190322223600/https://plus.google.com/+KonstantinRyabitsev/posts/4a7RNxtt7vy}}</ref>Yubico宣布已经在内部和外部审查中完成缺陷审查。Yubikey NEO仍使用开源代码。<ref>{{Cite web|url=https://github.com/Yubico/ykneo-openpgp/issues/2#issuecomment-218446368|title=dainnilsson commented on 11 May|accessdate=12 November 2016|archive-date=2021-04-30|archive-url=https://web.archive.org/web/20210430191308/https://github.com/Yubico/ykneo-openpgp/issues/2#issuecomment-218446368}}</ref>2016年5月16日，Yubico CTO Jakob Ehrensvärd发布[[博客|博文]]对开源社区的担忧作出回复<ref>{{Cite web|url=https://www.yubico.com/2016/05/secure-hardware-vs-open-source/|title=Secure Hardware vs. Open Source|accessdate=16 March 2017|archive-date=2019-11-14|archive-url=https://web.archive.org/web/20191114104751/https://www.yubico.com/2016/05/secure-hardware-vs-open-source/}}</ref>，申明公司有力的开源支持，并给出了Yubikey 4更新的理由和益处。

2017年10月，安全研究人员发现了一个安全隐患（称为{{tsl|en|ROCA vulnerability||ROCA}}），其出现在大量英飞凌（Infineon）安全芯片使用的加密[[程序库]]中实现RSA密钥对生成的部分。这一漏洞允许攻击者使用公钥重建私钥。<ref>{{Cite web|url=https://crocs.fi.muni.cz/public/papers/rsa_ccs17|title=ROCA: Vulnerable RSA generation (CVE-2017-15361) [CRoCS wiki]|accessdate=2017-10-19|language=en|archive-date=2021-03-23|archive-url=https://web.archive.org/web/20210323092347/https://crocs.fi.muni.cz/public/papers/rsa_ccs17|dead-url=no}}</ref><ref>{{Cite web|url=https://nvd.nist.gov/vuln/detail/CVE-2017-15361|title=NVD - CVE-2017-15361|accessdate=2017-10-19|archive-date=2021-12-06|archive-url=https://web.archive.org/web/20211206182708/https://nvd.nist.gov/vuln/detail/CVE-2017-15361}}</ref>所有固件版本在4.2.6与4.3.4之间的YubiKey 4、YubiKey 4C以及YubiKey 4 nano都受到影响。<ref>{{Cite web|url=https://www.yubico.com/keycheck/|title=Infineon RSA Key Generation Issue - Customer Portal|accessdate=2017-10-19|archive-date=2020-11-11|archive-url=https://web.archive.org/web/20201111224830/https://www.yubico.com/keycheck/}}</ref>Yubico发布了一个检查工具，如果检查确认自己的Yubikey受到影响，可以免费更换。<ref>{{Cite web|url=https://www.yubico.com/keycheck/verify_otp|title=Infineon RSA Key Generation Issue - Customer Portal|accessdate=2017-10-19|archive-url=https://web.archive.org/web/20181222101837/https://www.yubico.com/keycheck/verify_otp|archive-date=2018-12-22|dead-url=yes}}</ref>

== 社會參與 ==

2019年香港[[反對逃犯條例修訂草案運動]]中，對於[[香港警察相關爭議及犯罪指控|警察濫捕及對抗爭者網絡入侵]]的恐懼，Yubico向香港示威者贊助了500支YubiKey以用作保護示威者。Yubico表示該決定源自他們保護弱勢互聯網使用者的使命以及對言論自由的支持<ref>{{Cite web|url=https://www.scmp.com/news/hong-kong/society/article/3032287/swedish-tech-firm-yubico-hands-hong-kong-protesters-free|title=Swedish tech firm Yubico hands Hong Kong protesters free security keys amid fears over police tactics online|date=2019-10-10|website=South China Morning Post|language=en|access-date=2019-10-18|archive-date=2022-05-10|archive-url=https://web.archive.org/web/20220510042154/https://www.scmp.com/news/hong-kong/society/article/3032287/swedish-tech-firm-yubico-hands-hong-kong-protesters-free}}</ref><ref>{{Cite web|url=https://thestandnews.com/technology/yubico-%E8%B4%8A%E5%8A%A9%E9%A6%99%E6%B8%AF%E6%8A%97%E7%88%AD%E8%80%85%E4%B8%96%E4%B8%8A%E6%9C%80%E5%BC%B7%E7%B6%B2%E4%B8%8A%E4%BF%9D%E5%AE%89%E9%8E%96%E5%8C%99-yubikey/|title=Yubico 贊助香港抗爭者世上最強網上保安鎖匙 Yubikey {{!}} 立場新聞|website=立場新聞 Stand News|language=en|access-date=2019-10-18|archive-date=2021-06-23|archive-url=https://web.archive.org/web/20210623180321/https://www.thestandnews.com/technology/yubico-%E8%B4%8A%E5%8A%A9%E9%A6%99%E6%B8%AF%E6%8A%97%E7%88%AD%E8%80%85%E4%B8%96%E4%B8%8A%E6%9C%80%E5%BC%B7%E7%B6%B2%E4%B8%8A%E4%BF%9D%E5%AE%89%E9%8E%96%E5%8C%99-yubikey/}}</ref>。

== 另见 ==
* {{le|OpenPGP智能卡|OpenPGP card}}

== 参考文献 ==
{{Reflist|2}}

==外部链接==
*{{Official website}}{{En icon}}
[[Category:身份验证方法]]
[[Category:计算机访问控制]]
[[Category:USB]]

YubiKey - 版本历史

imported>Jimmy-bot：​机器人: 尚未清空的已重定向分类） （Cat:認證方法→Cat:身份验证方法

imported>Jimmy-bot：机器人: 尚未清空的已重定向分类）（Cat:認證方法→Cat:身份验证方法