Yubico previews passkey-enabled digital signatures in upcoming YubiKey 5.8 firmware

Yubico’s upcoming YubiKey 5.8 firmware introduces standardized APIs that integrate hardware-backed signatures with passkey authentication. To enable privacy-capable digital signatures using passkeys, expanded enterprise IdP support, and next-generation digital wallet use cases, the firmware adds support for FIDO CTAP 2.3 and preview WebAuthn signing extensions.

“The adoption of CTAP 2.3, together with enhancements such as the W3C signing extension, enables usable digital signatures in web applications and services where digital signing is part of the workflow,” Albert Biketi, CPTO, Yubico, explained.

Firmware 5.8 includes Conditional Mediation and PPUAT, allowing platforms to display YubiKey credentials in dropdowns alongside software passkeys, improving usability and login speed.

Enterprise Attestation RPID storage allows organizations to manage complex enterprise identity architectures, including mixed production and test environments, on a single device.

To support cross-domain transaction verification without redirects, YubiKey 5.8 adds integrated support for Secure Payment Confirmation (SPC) through the ThirdPartyPayment extension.

“The goal of the First Person Project is a universal solution to privacy-preserving proof of personhood. This solution must be rooted in digital wallets and verifiable credentials with platform independent, privacy-preserving authentication and digital signatures. YubiKey 5.8 with FIDO CTAP 2.3 and preview signing extension support is a major step in that direction. We look forward to working closely with SIROs and YubiKey to integrate this into the First Person Network,” added Drummond Reed, Co-Founder, First Person Project in collaboration with the Linux Foundation.