YubiKeys support the following Elliptic Curve algorithms in addition to RSA (Firmware 5. PIV, or FIPS 201, is a US government standard. 1. 1. Why YubiKey. I you want further access to the existing minidriver code I suggest you contact Yubico Sales or Solutions representatives. You can also follow the steps written below for how the setup process usually looks when you want to directly add your YubiKey to a service. Pre-provisioning a YubiKey for use with the YubiKey Smart Card Minidriver ; Can't find what you are looking for? Contact Customer Support. If you're looking for a usage guide, refer to this article. On the “Security” tab make sure users who will be using smart card authentication have permissions: Change the options as below:Download Microsoft Edge More info about Internet Explorer and Microsoft Edge Save. whoever will have to work a yubikey 5 in piv on a server rds. From the orders page when signed in at ssl. 2. Linux – AppImage Download (A package may need to be installed pcscd) Linux – Source Code Download. NET 6 console application project; Download the latest yubico-piv-tool and run this command from the folder you extracted the PFX to. Step 2: Start the installer. Download Yubico YubiKey Smart Card and Reader Drivers for Windows 11, 10, 8. Press Win+R to enter the execute menu and execute “ certmgr. msi INSTALL_LEGACY_NODE=1 /quiet. While the minidriver always asks for PIN, even if not required by YubiKey, slot 9e can still be used through PKCS11 without a PIN, so do not use it for stuff you want to keep secure. The Yubico Developer's PIV page contains information and resources for developers on how to incorporate PIV logon into their own applications. Download Microsoft Edge More info about Internet Explorer and Microsoft Edge Table of. . " Now the moment of truth: the actual inserting of the key. The changes to the new Tool includes new features, improved user interface and, of course, a number of bug fixes. The other issue is the changed USB smartcard reader driver in Server 2022. The Yubico minidriver will configure a YubiKey to PIN-protected mode. In Yubikey Manager, under Certificates, it has 4 tabs ( authentication, digital signature, key management and card authentication). Create an account. ”. Enterprises already know that PIV-enabled. Hence, it is possible to verify that a private key operation was performed (or will be performed) by the YubiKey and only the YubiKey. Each YubiKey must be registered individually. Next, you can configure the Code Signing certificate on the YubiKey device for better security. Minidriver files Latest version: 1. Click Import and browse to and select the bitlocker-certificate. Center column you should have an activate option where you will input the serial number printed on the Yubikey token itself. It is available as. I'm attaching and detaching the Yubikey from WSL2 as needed in order to use it in Windows. PIV; smart card; YubiKey Manager; Protecting fragile organizations. you’ll need a Windows Type Smart Card Minidriver. If the command succeeds, Windows considers the card to be a PIV device and the. Download Zip-file containing script, config and Resources folder. The app is a virtual smart card you can use for server access. Linux users check lsusb -v in Terminal. Get the latest official Yubico YubiKey smart card and reader drivers for Windows 11, 10, 8. YubiKey Smart Card Minidriver x64 is a Shareware software in the category Miscellaneous developed by Yubico AB. Yubico sets new world standards for simple, secure login. Portable - Get the same set of codes across our other Yubico. Click Certificate Templates, locate and right-click Smartcard Logon, and select Duplicate Template . macOS users check (Apple Menu) > About This Mac > System Report, and look under Hardware > USB. EDIT: I should be more clear on that last bit. generic. For the most current information about the Smart Card API, see Smart Card Minidriver Specification. If I plug it in the rear ports, it works perfectly and it's detected right away. But I'll ask them, yes. The Minidriver software is available as both an MSI installer for 32 and 64 bit systems, as well as a CAB file. On Windows, the smart card functionality can be enhanced with the YubiKey Smart Card Minidriver. g. It was initially added to our database on 12/01. Hopefully that will change soon since Microsoft is putting out ARM-based devices now. txt","contentType":"file"},{"name":"cardmod. The YubiKey 5 Series supports most modern and legacy authentication standards. Click on Scan account QR-code, then scan the QR code from the internet page. Type certtmpl. Bugfix release: Fix broken naming for "YubiKey 4", and a small OATH issue with touch Steam credentials. Download a copy of VMware player, workstation or Fusion for mac and install it on a device you can plug Yubikey in VMware Workstation. On the page shown above, select the user accounts to be provisioned during the current run of the Yubico Login for Windows by selecting the checkbox next to the username, and then click Next. application provides a PIV compatible smart card. Download and install YubiKey Manager. 1. YubiKey: Deployment Considerations for Call Centers. Product environment The minidriver is compatible with the following Windows environments: Windows 7 and 8 Windows 10 The minidriver supports the following V8. Install the YubiKey Minidriver on the client, the RAS Publishing Agents, and the destination session hosts. As I already wrote in my previous post, to work with X. Remove and reinsert the YubiKey. RESOURCES Buy YubiKeys Blog Newsletter. Each of these slots is capable of holding an X. Below is a list of all available downloads ordered by version, starting with the most recent version. Chocolatey integrates w/SCCM, Puppet, Chef, etc. FriendlyName -like "*YubiKey*"} | Select-Object -ExpandProperty FriendlyName. Setup YubiKey with iPads; Use OATH with the YubiKey; WebAuthn Compatibility; Using MFA Authenticator Codes with your YubiKey on Desktops; Using MFA Authenticator Codes with your Yubikey on Mobile. 2. Performs RSA or ECC sign/decrypt operations using a private. dll)Reuses YubiKey OTP security at 100% and offers a flexible hardware based authentication for Windows Remote Desktop: Supports OTP verification ; Remote Desktop Logon; Rohos Logon Key for YubiKey integration guide - Step-by-step guide on how to set up Windows remote desktop logon with YubiKey. 2. Installation. Importing a . Get authentication seamlessly across all major desktop and mobile platforms. Update drivers using the largest database. 16. Experience stronger security for online accounts by adding a layer of security beyond passwords. Defense against account takeovers. It should now see it as YubiKey Smart Card Minidriver. Save it Forward: One YubiKey donated by anyone 20 sold. OpenSC 0. The Yubico minidriver will configure a YubiKey to PIN-protected mode. In the User name or Alias field, verify you have the correct user, and then click Enroll. Portable – Get the same set of codes across our other Yubico Authenticator apps for desktops as well as for all leading mobile platforms. If you're looking for deployment considerations, refer to this article. Windows installer OpenSC-0. Smart Card PIN Unlock/Reset - Operational Approaches. 1. Today, PIV smart card support also is available on the YubiKey 4. yubikey-minidriver-tool has no bugs, it has no vulnerabilities and it has low support. From YubiKey there’s no tradeoff between great security real usability. For details see the attached installer log. The certificate chain is not trusted. Google Case Study. On the workstation I can see the. In the top menu, select the Application menu, select Sundry, and then click Authentication . Google Case Study. DO NOT use the 9e slot, because that slot is used to authenticate the card/YubiKey itself and, by default, is not protected by PIN. ToString ('MM-dd-yyyy'))-yubikeynumber" -f. 8. The permission is based on a bitwise ‘or’ of the specified PINs. To reiterate, the MSI package only updates the NIST driver when a smart card is attached to the local USB port. RDP to the server or workstation. After activating you will get your PIN that. 4. For convenience, I name my keys containing the YubiKey number and creation date. 210-x86. 1. Edit config. OS: Windows 10 Pro 21H2 (OS Build 19044. Block re-installation from Windows Update. msc ”. Smart Card Drivers and Tools | Yubico / Install Azul Zulu on Debian-based Linux English Français Deutsch 日本語 Español SvenskaNote: The YubiKey 5 FIPS Series U2F application cannot be used in a FIPS 140-2 Level 2 mode. GNU/Linux tutorialsAfter installation create the following shortcut in your startup folder. If you have a Security Key, right-click on the Security Key by Yubico device and select Remove device. Click on the Install button. Last year we released Yubico Authenticator 5. The smart card minidriver provides a simpler alternative to developing a legacy cryptographic service provider (CSP) by encapsulating most of the complex cryptographic operations from the card minidriver developer. Yubikey 5 NFC for Smart Card login on a domain connected workstation console as well as user elevation on the workstations are both working without an issue. 0. 2. The series provides a range of authentication choices including strong two-factor, multi-factor and passwordless authentication, and seamless touch-to-sign. To do so, you must import the certificate authority root certificate into all the device’s keystore. In order to change the driver from UMDF2 to WUDF, please try the following: Navigate to the Device Manager and find the Smart card readers. ) Yubikey: Yubico Yubikey 5 NFC (Firmware version: 5. Common name and Distinguished name will be automatically populated. No more reaching for your phone to open an app, or memorizing and typing in a code – simply touch the YubiKey to verify and you’re in. Handle Universal 2nd Factor (U2F) requests. Download the OpenSC minidriver and install before installing GPG4Win. IE: msiexec /i YubiKey-Minidriver-4. If you do see OpenSC near your clock, right click and select Exit / Close. In my windows 10 machine it shows as below because I use a different smartcard. EstablishContextException: 'Failure to establish. Start with having your YubiKey (s) handy. For many cases, this software is part of any modern operating system. PIV; smart card; YubiKey Boss; Proven at weight at Google. exe. To do so, install the minidriver with the INSTALL_LEGACY_NODE=1 option set. You can reach your startup folder by pressing the Windows key + R, type shell:startup, then hit enter. Go to the startmenu and press the windows key -> Start > type devmgmt. Launch ykman CLI, ( 64-bit)YubiKey Smart Card Minidriver Administrative Template (ADMX) windows active-directory yubikey pki piv admx Updated Aug 7, 2023; mI-PIV / app Star 8. Note: If you intend to import more than one certificate to the YubiKey for authentication, follow the CertUtil import method instead. YubiKey for Windows Hello. dmg; Windows – Double-click the Yubico-desktop. looking for a free tool to manage some of the more intricate features of the Gemalto IDPrime . Multiple form factors with support for USB-A, USB-C, NFC and Lightning. 1 (key length 2048) Belpic. YubiKey manager remains used to pair PIV card software key of and YubiKey as well as other applications. The Yubico Authenticator will work with any USB or NFC-enabled YubiKeys. For more information, see VMware's KB article on this. Optionally name the YubiKey (good if you have multiple keys. Handle Universal 2nd Factor (U2F) requests. Reason YubiKey. Post subject: Re: windows 10 1703 minidriver update breaks PIV. The various applications of the YubiKey 5 Series and YubiKey 5 FIPS Series are separate, and reset individually. The full list of curves supported by OpenPGP 3. Download and install the YubiKey Manager, YubiKey Smart Card Minidriver, and optionally Yubico Authenticator apps. Navigation to Certificates - Current User -> Personal -> Certificates. YubiKey Smart Card Minidriver (Windows) Download. 07. Enable passwordless security key sign-in to on-premises resources with Azure Active Directory. Download and install the latest version of the YubiKey Smart Card Minidriver. Select Smart Cards and click Next. I had to obtain 2 of the certs listed from our Cyber team to push to devices via a Config Profile, and I do see those in the inventory report for my machine in Certificates. Manual Uninstall Preventing Reinstallation after Removal Troubleshooting Working with the YubiKey and the YubiKey Minidriver, there are a number of options to. "C: P rogram Files (x86) G nuPG in g pg-connect-agent. 2 (released 2019-06-24) Add support for new YubiKey Preview. 11. YubiKey Manager is a cross-platform tool; it runs on Windows, macOS, and Linux. Open the Yubico Authenticator app. 210. But, using Yubikey Manager qt version 1. If the YubiKey is version 5. On Linux platforms you will need pcscd installed and running to be able to communicate with a YubiKey over the SmartCard interface. The Microsoft. exe -t ecdsa-sk -C "username-$ ( (Get-Date). NET 6 console application project; Download the latest yubico-piv-tool and run this command from the folder you extracted the PFX to. YUBICO WebAuthn OTP U2F OATH PGP PIV YubiHSM2 Software Projects. com --recv-keys 32CBA1A9. Google defends against account takeover and reduces IT costs. Deploying the YubiKey Minidriver to Workstations and Servers. You can also use the tool to check the type and firmware of a YubiKey, or to perform. Learn about Secure it Forward. The usage attributes on the certificate do not allow for smart card logon. These curves can be used for Signature, Authentication and Decipher keys. Place. 16. For each service you set up, have your spare YubiKey ready and add it right after the first one before moving to the next. Step 2: The User Account Control dialog appears. The tool works with any YubiKey (except the Security Key). Why YubiKey. I have an x1 carbon gen 6 that yubikeys stopped working on. Generate 2-step verification codes on a mobile or desktop device and apply cross platform. --- For the system drive ---. Download this sample PFX; Download this sample . Having this driver installed the behaviour changes to the following. 1. Automating EV SSL Yubikey Multiple Pin Prompts. 0 to connect a Yubikey into WSL2. 8 x MSI Package Download The MSI package contains the installation files for x64 bit and x32 bit minidriver: CivMinidriver-1. To work with YubiKey, you will need YubiKey Manager and the smart card minidriver installed on your machine. Some if the new features include: NDEF configuration support for YubiKey NEO beta/Production. Please select your option below. On Windows, the smart card functionality can be enhanced with the YubiKey Smart Card Minidriver. Warning: This will permanently delete any PGP keys you have on the YubiKey. 172-x64. The YubiKey FIPS (4 Series) is a FIPS 140-2 certified (Overall Level 2, Physical Security Level 3) device based on the YubiKey 4. The installation can be confirmed in the Device Manager. Select User Accounts. Bugfix: generate static password now works correctly. johndoe) and click Enroll. Each subsequent version specification contains all the features and capabilities of the prior version. Superior and cost effective protection - The YubiHSM 2 is a dedicated hardware security module (HSM) that offers superior protection for private keys against theft and misuse. OV and EV code signing certificates should not be installed manually on your computer, which may cause configuration issues. Accept the terms in License Agreement and click Next. Note | This project is supported but no longer under active development. 0 interface. 1. 1 or 1. And x64 emulation on Windows 11 does not work for device drivers. It was initially added to our database on 12/22/2018. Driver Fusion Omnify Hotspot. Use the Minidriver to view all User Authentication Certificates on the YubiKey smart card. 0. Stage 1 : Download and Install Yubikey Minidriver on your local machine as well as PSM server. YubiKey Manager. Product finder quiz; Set up. In the following text, the original YubiKey functionality is referenced as 'YubiKeyWith the release of a new whitepaper, FIDO Alliance Guidance for U. Google Case Review. Secure your accounts and protect your data with the Yubico Authenticator App. YubiKey 5 Series; YubiKey FIPS Series; YubiHSM;There is nothing stopping you from writing your own driver, and our open source libraries can be freely used for that (and they are used by the ksp). If you run certutil -scinfo with the YubiKey plugged in, does it throw any errors related to your certificate chain? Did you install the YubiKey Minidriver on the local machine as well as the machine you're trying to RDP to? There are some additional troubleshooting tips here:To troubleshoot I have made sure the certificate is in the yubikey using Yubico's tool: as well as verified that the yubikey smart card minidriver is installed in the PC's Device manager. Resolution 2:If you need to maintain cross-platform compliance, you can manually remove the YubiKey Smart Card Minidriver. Possibility to clear configuration slots. Step 1: In the Windows Start menu, select Yubico > Login Configuration. Open the Details tab, and the Drop down to Hardware ids. Chocolatey is software management automation for Windows that wraps installers, executables, zips, and scripts into compiled packages. Read and accept the license agreements to continue. The Yubikey 5 says it supports 12 slots. It also supports multiple accounts so your admins can use the same method to access privileged accounts as well as their normal user accounts really easily. bat. yubikey-manager-0. msi. The released minidriver specifications are the following. Fix reinit of the card ; Add an entry for Italian CNS (e) Fix detection of ECC mechanisms ; Fix ATRs before adding them to the windows registry ; NQ-Applet. Browse to the. Re-installing the minidriver and leaving the default management. kevinds. 1. Use a Windows 7 or 10 physical workstation to download the YubiKey Smart Card Mini Driver from the below location: Press Win+R to open the Run menu and run “certmgr. NET and MD cards then the Mini-Driver Manager. If you do see OpenSC near your clock, right click and select Exit / Close. Setting up Smart Card Login for Enroll. Hence, if you know that your application will be running alongside Microsoft Windows machines using the YubiKey Minidriver, you should strongly consider adding support for setting YubiKeys to PIN-protected mode. The Enroll certificate wizard creates and issues the certificate to MMC --> Console Root --> Certificates - Current. The first time the YubiKey is plugged into a PC running Windows 10 Creators Update or above, Windows will automatically download and install the YubiKey Minidriver via Windows Update. They are displayed for use by applications based on the certificate's Key Usage Extension and Extended Key Usage Extension. Generate random 20 digit value. 1. All reactions. Downloads for all supported operating systems are available on the Yubico Authenticator release page. Click Disabled, and then click OK. Google defends against account takeovers and reduces E costs. A key aspect to remember while Code Signing with the YubiKey is the “YubiKey smart card mini driver. 8 x MSI Package Download The MSI package contains the installation files for x64 bit and x32 bit minidriver: CivMinidriver-1. The EV codesign certificate from SSL. YubiKey-Minidriver-4. Twitter LinkedIn Facebook. Download popular programs, drivers and latest updates easily. Is this even possible at all, or is the Yubico Login tool the only option?We would like to show you a description here but the site won’t allow us. Note: Some software such as GPG can lock the CCID USB interface, preventing another software from accessing applications that use that mode. Click Next -> select Browse… -> save the file as bitlocker-certificate. Download and install the YubiKey Manager, YubiKey Smart Card Minidriver, and optionally Yubico Authenticator apps. User Account Control (UAC) is displayed, click Yes. 103 (as 103 is the ASCII value for g). PCSCExceptions. Then the PUK function will work properly to reset the PIN. However, the Windows inbox smart card minidriver for PIV smart cards (Identity Device (NIST SP 800-73 [PIV])) uses the same compatible identifier. 4 can be found in section 4. Python library and command line tool for configuring any YubiKey over all USB interfaces. This ADMX administrative template allows administrators to easily deploy configuration of the YubiKey Smart Card Minidriver through Active Directory Group Policy. exe. program ‘path_to_gpg_executable’) and your signing key (git config --global user. 2. I've contacted their support about this previously and they don't. Yubikey will show up NOT as this: Instead of this will get the right drivers and will work. Schools Details: The YubiKey Smart Card Minidriver enables users and administrators to use the native Windows interface for certificate enrollment, managing the YubiKey smart Card PIN, and smart card authentication on Windows. Hopefully that will change soon since Microsoft is putting out ARM-based devices now. Click New and add the absolute path to the Yubico PIV Toolin directory. RDP server is Server 2016 and client is Win10 20H2. 1. I spoke with a YubiCo engineer today and it seems the easiest way on a Windows system is to use the mini driver. _____ Retired 2023, thirteen year daily forums volunteer , Windows MVP 2010-2020. VMware Horizon customers can leverage the YubiKey for easy to use and reliable hardware-backed protection for smart card authentication. Smart card minidrivers contain the features specified for a version. You can manually (for each individual YubiKey) perform this process: Go to Device manager. AnyConnect does not work if any other PIV-compatible. A notification should appear: Re-launch Veracrypt, select your encrypted drive, click , select Add/Remove keyfiles To/From Volume, and then fill in your drive credentials again. This is the only way to ensure the YubiKey smart card minidriver is involved in the import and can properly maintain the container map file on the YubiKey. Windows: Fix issue with importing PIV certificates. They are displayed for use by applications based on the certificate's Key Usage Extension and Extended Key Usage Extension. For better integration between the YubiKey and Windows, that is the responsibility of the YubiKey MiniDriver (YKMD. 172-x64. Option 2 - Using YubiKey Manager CLI. Download the YubiKey Smart Card. Posted: Thu Oct 19, 2017 9:16 pm. More consistently mask PIN/password input in prompts. The card is not cold reset. Step 2: Select the Scan option to scan the QR code, getting displayed on the screen. Below is a list of all available downloads ordered by version, starting with the most recent version. To install Minidriver, I found that weirdly, I had to first install the MSI, and then connect the YubiKey and open “Add Hardware Wizard”, click till you can select device type “Smart card” and select the YubiKey, and finally choose the Minidriver from the available driver list. The authenticator app is not required for this guide, but it is useful for registering two-factor authentication (2FA) tokens to your YubiKey. 210-x64. Secret ID is now always a random value. Without the YubiKey Minidriver, Windows environments are able to read the 4 PIV-defined credentials for authentication, encryption, card authentication and digital signature. 2) open; Open up Windows Device ManagerRDP server is Server 2016 and client is Win10 20H2. To use the PUK, it must be first set with the YubiKey Manager before using the YubiKey Minidriver to load or modify certificates on the YubiKey PIV Applet. The YubiKey relies on protocols that are standardized, and any software that uses these protocols will work. Computer Configuration -> Administrative Templates -> Citrix Components -> Citrix Workspace -> Remoting client devices -> Generic USB Remoting -> SplitDevices or Set following registry on the clientThe ability to use PIN and touch policies other than the default was not available prior to YubiKey 4. YUBICO WebAuthn OTP U2F OATH PGP PIV YubiHSM2 Software Projects RESOURCES Buy YubiKeys Blog Newsletter Yubico Forum ArchiveThe affected library is included in the Yubico PIV Tool and in the YubiKey Smart Card Minidriver. msc and press Enter . The smart card certificate uses ECC. 2130) GnuPG: 2. シンプルなタッチ、もしくは PIN の組み合わせでコンピューター、ネットワーク、オンラインサービスへのアクセスを保護します。. YUBICO. It should say scfilter, I have confirmed the scfilter driver is started on the remote machine when the yubikey is inserted so there is some detection. Note the YubiKey 4/5 and YubiKey NEO have different hardware IDs. Select your YubiKey from the list below to start setup. 0 interface as well as an NFC. The latest version of YubiKey Smart Card Minidriver x64 is currently unknown. Click Select a server from the server pool, and from Server Pool, select the server on which you want to install the Certification Authority. Note: If this prompt doesn't appear, see the Troubleshooting and Additional Topics section below. The Yubico Minidriver expects the management Key to be the default and it protects it with the PIN. YubiKey manager is used go pair PIV card hardware functionality of the YubiKey as right when other applications. gz (2023-02-07) yubico. 1. The smart card minidriver provides a simpler alternative to developing a legacy cryptographic service provider (CSP) by encapsulating. 0 and the YubiKey Smart Card Minidriver to 4. As of the time of writing, some windows versions have issues using Yubikey after the system sleeps or any number of other events. The YubiKey 5 NFC has six distinct applications, which are all independent of each other and can be used simultaneously. 2. The Yubico Authenticator securely generates a code used to verify your identity as you are logging into various services. Government Agency […] Yubico has started shipping the YubiKey 5 Series with firmware 5. They are displayed for use by applications based on the certificate's Key. 4 Minidriver Downloads Download ID-ONE PIV® 2. STEP 4: ACTIVCLIENT PAGE. Windows (x64) Download. This is the only way to ensure the YubiKey smart card minidriver is involved in the import and can properly maintain the container map file on the YubiKey. Download the latest versions of YubiKey software tools for configuring, programming, and verifying your YubiKey for various applications. See the User's manual entry on PIN-only. Use something like Smart Card Utility from the App Store to see the certificate(s) on the Yubikey, it will also show you when they expire. Smart Card Minidrivers. Please follow below steps to turn on 1)Shut down the virtual machine. Click View devices and printers under the Hardware and Sound category. You can manually (for each individual YubiKey) perform this process: Go to Device manager. I'd love to be able to use my M1 Mac for work, but I can't with this limitation. YUBICO WebAuthn OTP U2F OATH PGP PIV YubiHSM2 Software Projects RESOURCES Buy YubiKeys Blog Newsletter Yubico Forum Archive The YubiKey was enrolled outside Windows' native enrollment tools and the computer has the YubiKey Smart Card Minidriver installed. ; Select the validity period for the Certification Authority certificate, and click Next. 2. YubiKey は 複数の認証プロトコルに対応した USB セキュリティトークンです。. msi file by using command prompt, running: msiexec /i YubiKey-Minidriver-4. com, you should see your company name towards the center. Each YubiKey must be registered individually. NET SDK is usually not involved in any way once the certificate has been stored on the YubiKey. Glorfindel. Windows Smart Card Specification Version 7. One or more domain controller(s) are missing certificates. If you find it is out of date by more than a week, please contact the maintainer (s) and let them know the package is no longer updating correctly. Linux – Ubuntu. Option 2 - PIN Unlock Key (PUK) Smart cards are designed to have a static code specifically to unlock and reset the user’s PIN. If you are not part of a particular branch of the military, look at these other options for you. The U2F application can hold an unlimited number of U2F credentials and is FIDO certified. Store and. 1. Minidriver compatibility. msc and check the Smart card readers section . 3. The YubiKey is a hardware-based authentication solution that provides superior defense against phishing, eliminates account takeovers, addresses compliance, and enables strong two-factor, multi-factor, and passwordless authentication. Setting up Windows Server for YubiKey PIV Authentication. We use an EV codesign certificate to sign our software on Windows. YubiKey Minidriver – CAB.