NFC vs FIPS
Difference between NFC and FIPS.
Set of communication protocols that enables communication between two electronic devices over a distance of 4 cm. | |
Set of publicly announced standards that the National Institute of Standards and Technology has developed for use in computer systems of non-military, American government agencies and contractors |
❊ Differences
| Device | Algorithms | Passwordless | Level 1 & 2 Certs | NFC |
|---|---|---|---|---|
NFC | RSA 2048 RSA 4096 ECC p256 ECC p384 | ❌ | ||
FIPS | RSA 2048 ECC p256 ECC p384 | ❌ |
The rules governing FIPS-certified environments forbid the use of the following features of the YubiKey 5 FIPS Series:
The P-224 curve
Credential registration over NFC.
A major difference between the NFC and FIPS series was that FIPS did not include GPG functionality. However, as of firmware v5.4.3; GPG is now available for both FIPS and NFC Yubikeys.
❊ Summary
Overall, the NFC and FIPS Yubikeys provide almost the same exact functionality. However, because RSA 4096 is not a government approved standard yet; the FIPS series keys do not allow this algorithm to be used.
If you are an everyday user and are not being specifically told that you must use a FIPS certified device by your employer; then the NFC series Yubikeys are more than enough.
Both the Yubikey 5 NFC and the Yubikey FIPS series include NFC variant devices. Which means that if you do require a FIPS certified device; you can get a FIPS device that supports USB + NFC.
❊ FIPS U2F
If for any reason; you need to RESET the U2F interface of a FIPS series Yubikey, this action will COMPLETELY wipe the U2F Master key and will invalidate the FIPS validation. It will no longer be possible to put the YubiKey back into FIPS mode, even if it had been in FIPS mode before the reset, and even if you set it with a password.
The U2F application will be configured with a new attestation cert, which includes information that the YubiKey has been reset, and hence cannot be in FIPS mode.
If you do not require a FIPS series Yubikey as a requirement by your employer, you should buy the Yubikey 5 NFC series key instead. The Yubikey 5 NFC series does not have this restriction.
Last updated
