Skip to content

Commit

Permalink
Merge pull request #576 from elukewalker/master
Browse files Browse the repository at this point in the history 
Update preview certs
  • Loading branch information
@elukewalker
elukewalker authored Mar 26, 2024
2 parents 84e8da9 + 3cb9e3b commit ed6ed5e
Show file tree
Hide file tree
Showing 6 changed files with 62 additions and 2 deletions.
3 changes: 3 additions & 0 deletions content/PGP/Attestation.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,9 @@ NOTE: Cardholder name, fingerprint, and generation date can be overwritten with

The pre-loaded attestation certificate is signed by a link:opgp-attestation-ca.pem[Yubico OPGP CA].

NOTE: If you have a YubiKey Preview device, the attestation certificate will
instead be signed by our link:opgp-preview-ca-2023-cert.pem[Yubico OPGP Preview CA].

=== Protocol Specification

OpenPGP Attestation is an extension to the link:https://gnupg.org/ftp/specs/[OpenPGP application on ISO Smart Card Operating Systems] specification. The new tags and instructions are reserved from version 3.4 of the spec. Their usage is defined here.
Expand Down
19 changes: 19 additions & 0 deletions content/PGP/opgp-preview-ca-2023-cert.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDHzCCAgegAwIBAgIJAKWtxbaNvT1yMA0GCSqGSIb3DQEBCwUAMCYxJDAiBgNV
BAMMG1l1YmljbyAyMDIzIE9QR1AgUHJldmlldyBDQTAeFw0yMzA5MjUxMTI5Mzda
Fw0yNDEyMzExMTI5MzdaMCYxJDAiBgNVBAMMG1l1YmljbyAyMDIzIE9QR1AgUHJl
dmlldyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFPuJHD0ZGx
wk7oWee9IpjSmXSHZflvrScWjk3h+nNOP6/heF7iofdEFk/eYznbdpDuT1LScVSi
ESvld4vohhZshCFAeWOc7RYVxRkV9+PbzyZ2EP+gK4eURqZWsmgcrUxGoeCU+2gM
KPpzRzj3UrYw0Izt9dqNBsIJYhtC6mvWKRwzuZswmBOmUPtFKCNa0pcgUkf86alu
JKmiM4mJm8jvlsrZkxyPlZIFRnX1WBjp9WbvVi7FCaypo/mkMbOYCjsdaRtoWBff
c7MBiwe1oPE2Q/ybhQ5yJEpZsfOGIKoeNP5TIBKqEK3V87GDxQYlyzewZCa5/1oR
BM+LQYyWRb8CAwEAAaNQME4wHQYDVR0OBBYEFMaI7uUoItqMpTSlY+emo7Qitv5p
MB8GA1UdIwQYMBaAFMaI7uUoItqMpTSlY+emo7Qitv5pMAwGA1UdEwQFMAMBAf8w
DQYJKoZIhvcNAQELBQADggEBAGWbLnGuxrJFQF6rWfOn5OSGBwGA3/4SgNTHXB20
Crp4XVBikxl9Y2rbXrxR60buiEiyGOINoSz5jKukuRrLhWxdRTMYD6VzkSGsamFu
TnxAO+oPgYe3X1HaFLkcR0Y65aGsHuSoFHfoUX8wxTVnG/C0hurGRGCaKre7mT6T
C/2VJYluLOBwaR7NCmfONT0tkzM34hDsmObNS1Bv5eHGk4KOHys0gJbGR1TaRgGH
tIi9z2U1WvEGtYJ+RiyxWxdulQgrqUKlDlxjcRUnUlyHmpS8xuc36KHC8M/WrPfu
IRehShAY9ijQt5+aDnjku4aCcAlVky0VnDwZqTibPBQU+sA=
-----END CERTIFICATE-----
2 changes: 1 addition & 1 deletion content/PIV/Introduction/PIV_attestation.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ Extensions in the generated certificate:
The YubiKey comes with a pre-loaded attestation certificate signed by a link:piv-attestation-ca.pem[Yubico PIV CA]. This can be overwritten by loading a new key and certificate to slot f9. After the Yubico key is overwritten it can not be brought back. The attestation key and certificate will not be cleared out by a reset of the device.

NOTE: If you have a YubiKey Preview device, the attestation certificate will
instead be signed by our link:piv-attestation-preview-ca.pem[Yubico PIV Preview CA].
instead be signed by our link:piv-preview-ca-2023-cert.pem[2023 Yubico PIV Preview CA] or link:piv-attestation-preview-ca.pem[Yubico PIV Preview CA (prior to 2023)].

[NOTE]
====
Expand Down
19 changes: 19 additions & 0 deletions content/PIV/Introduction/piv-preview-ca-2023-cert.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDHTCCAgWgAwIBAgIJAIzZg9no1i/dMA0GCSqGSIb3DQEBCwUAMCUxIzAhBgNV
BAMMGll1YmljbyAyMDIzIFBJViBQcmV2aWV3IENBMB4XDTIzMDkyNTEwMTg1NloX
DTI0MTIzMTEwMTg1NlowJTEjMCEGA1UEAwwaWXViaWNvIDIwMjMgUElWIFByZXZp
ZXcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn5ZHMhPQpTOtf
tT7Iip2ERJu5be0i3VEjzoa91yzcY2WWJv+kiGaNnWchpwExxMxF3yK2iZS1aCMl
6V7WVpUX0BnqtnspgZ9d31p0K/CLy8iOph88Zdqucpq0Y0Hl8Fyit0NYRw66W2VR
MeRPFo0tCqc2LkpCOpWpMmGjh9fvPFeh5GVS7epgZOpJUutyWyCfmRDEccBWw5Vj
EsqJ+44eEkF45rAerRVkC6Sax7STS1xYS2JIVizQoggJVbbOr1D8048W08Gzb6Q8
p3cEQb4/j5Qtmvlb3UaTn8RKAAh81BVAVb4Ng+lwAU4iacvrqQSVaGpqoVWrFdWX
hhIXwrDPAgMBAAGjUDBOMB0GA1UdDgQWBBQYKraN/Thg0Xc/HWZPis6aCO9m/TAf
BgNVHSMEGDAWgBQYKraN/Thg0Xc/HWZPis6aCO9m/TAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQB32zBQKqsRASx4X6ZisWAJELauyk6oMEC/Bi9RKUU8
hqL6dschfA8xNmk8SsqtAqZBg3wLc8iQuDYLV5oRV/aMv9tBTfpQnfFdWkBQBk+u
JiGgDf6HVBvRmSMa51GfGio5SiUPMvGDp0ktff7MUJJdRI56Wg/myT4ZeZfRYMG/
PLlE2fOX/ga/86IfLR5ORJxG2c57Hk/I+7LHXdeH4x9G++yVYilGZaKrKYgXW1r2
W7nP41dZMrN3gGCMSJYQefX/scPyX3hbD4j+n0jwviGCYzn7cr7siKLO63IgElae
KXohM/38u2naBS6XESLlct1Pob8uRWsyeJFUjwbWgCZN
-----END CERTIFICATE-----
2 changes: 1 addition & 1 deletion content/U2F/Attestation_and_Metadata/index.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ validated. In Yubico's case, all our attestation certificates are signed by
link:/u2f/yubico-u2f-ca-certs.txt[our root CA]. The same attestation certificate is used for both U2F and WebAuthn.

NOTE: If you have a YubiKey Preview device, the attestation certificate will
instead be signed by our link:/u2f/fido-preview-ca-cert.pem[Yubico FIDO Preview CA].
instead be signed by our link:/u2f/fido-preview-ca-cert-2023.pem[2023Yubico FIDO Preview CA] or link:/u2f/fido-preview-ca-cert.pem[Yubico FIDO Preview CA (prior to 2023)].

=== Yubico's metadata format

Expand Down
19 changes: 19 additions & 0 deletions static/U2F/fido-preview-ca-cert-2023.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDKjCCAhKgAwIBAgIUef+VvHkcTQnED++wJM/IxzSULk0wDQYJKoZIhvcNAQEL
BQAwJjEkMCIGA1UEAwwbWXViaWNvIDIwMjMgRklETyBQcmV2aWV3IENBMB4XDTIz
MDkyNTExMzI0MVoXDTI0MTIzMTExMzI0MVowJjEkMCIGA1UEAwwbWXViaWNvIDIw
MjMgRklETyBQcmV2aWV3IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAouFMTOKaE0YtexOoisSxp+Ebi5IA4esEScx16lzQdqV6/eZ82KtJeNXEuNkB
VZDpc32gStuxLBH8mgsoHBFai2DkjfBn5qbwR/c5+snlwZvjgVA0hzKw9CwAeAwR
D5krWt88/CVyCkMcgLSGwZs/rj7F/Ls3Ebg7MqLbbQJ9CozbbLdJUYIHcPpSZPto
MrZb4Gvni6iVS9UvCKgpqc6LGRmoYGG4ZR3lGJ/XQZfu+GeJW67iimMj/yoXOwxu
cxivZHFk6cQSgwuwioeNm4wvk83LhSuWctf2kAyQcZ7kUnpNee+d4MgrmGU4XMFL
iTgutaB+e9V8d5JTkUOHiLztkQIDAQABo1AwTjAdBgNVHQ4EFgQUM5SB5bHrV+jp
IOMdJl7u7bcnTY8wHwYDVR0jBBgwFoAUM5SB5bHrV+jpIOMdJl7u7bcnTY8wDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEACowR3KTLfidJyQFNqEFfUrfZ
9aa9egpOQtNRJdLStJ6xu2WfLwvG4ojGJlBKNnfa5DIcyQYf/8qJ4eliAVeNXuYm
eMmgNgZZyuY6G1yWCD2V3sD6Z4uj3SbaDOHj3gHvszgQhrhT1h/puHQkn6+hYKAp
77kM7Ic6AZ/RFbjpmLLk2D0sE1lzT/02i+Bh7M8smaiDZ9++JGzxeSun8W1HleZU
m2qKGmRa4XPdryT7x6KGUGnU4a3bpUmVeY9rQ/sfMd5ZToo+3unFWDzoVV2vNu8+
+VLC9zo40FaKQLr9VAJDJ4yLENR7KrmV8L0cCXKJGZWAWtG5RGTmHIhd+nB41g==
-----END CERTIFICATE-----

0 comments on commit ed6ed5e

Please sign in to comment.