Having played with a #YubiHSM for about 4 full days, I'm kind of happy with the choice! 😁 That said, it also falls short on a number of places, so your mileage may vary (also some places where I needed it not to fall short). 🧵

Where it absolutely shines is its capabilities and relative elegance and ease of use. Opposed to a YubiKey where you talk to the device directly, the HSM is generally exposed via a webserver interfacing it. This allows you to use the HSM remotely (with the gnarly opsec issues).

Yubico provides a CLI shell that can speak YubiHSM, which is nice because you can get started immediately (you really don't want to roll your own protocol here). On the down side, it's... not the high profile CLI we're used to nowadays. It's has a lot of tech debt and footguns.

Unfortunately, YubiHSMs aren't that common, so interface libraries from other languages are close to non-existent. Yubico does python, so you either roll with that, or fall back to the shell... just remember the footguns.

My main issue with footguns is "ooops, I signed something invalid". Well yes, ooops, because you will never be able to explain that audit log entry nor prove what you signed (mostly because you won't even know or be able to prove it). Which leads us to the bad: auditing.

The YubiHSM touts itself having a tamper proof signed audit log. Well, the signed part turned out to be marketing, it's not signed. The audit log *is* hash linked, unfortunately without a signature it's also useless for offline auditing as any log can be forged and hashed.

The only way to audit a YubiHSM is to have a live connection to it. That is because you can prove you're connected to a Yubico HSM (via signed certs), so if you trust Yubico and their HSM hardware, then when it says it's at hash H, you believe it. But it's interactive.

The other downside is that the audit log only contains the operations it ran, but no data. This is somewhat understandable, but also makes the logs a lot less useful: your script looped 10 times and signed the empty string? Well, there's 10 opportunities for malicious signatures.

Also, at least for now, I haven't found a way to demonstrate to an auditor that a specific key *is* on the device. If you give an auditor access to attesting your keys, then yes, it works, but it just feels wrong. Without that I can only prove that *at some point I had keys*.

My personal pain is because I want to create a transparency report for my @dark_dot_bio project, which seems semi-impossible with the YubiHSM. If your threat model is to protect the keys from bad actors, a YubiHSM is perfect. If you want to demonstrate no misuse, though luck.

All in all there doesn't seem to be a better product on the market at a price range I can actually afford, so the YubiHSM will have to do, but anyone looking into it, be advised, the auditing capability assumes a *lot* of trust that could have been avoided, just wasn't. Fin.