From f3839b423b4eea2b9c32673fa5c1d1b0b988334f Mon Sep 17 00:00:00 2001 From: Yubi-David Date: Wed, 21 Feb 2024 12:01:45 -0600 Subject: [PATCH] Update PIV_attestation.adoc Expanded on where users can find the FIPS/CSPN in the attestation certificate chain - pointed users to the factory-loaded certificate in slot f9. --- content/PIV/Introduction/PIV_attestation.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/PIV/Introduction/PIV_attestation.adoc b/content/PIV/Introduction/PIV_attestation.adoc index 5d35bc919..60ae19c26 100644 --- a/content/PIV/Introduction/PIV_attestation.adoc +++ b/content/PIV/Introduction/PIV_attestation.adoc @@ -31,8 +31,8 @@ Extensions in the generated certificate: ** USB-C Keychain: 03 (83 for FIPS Devices) ** USB-C Nano: 04 (84 for FIPS Devices) ** Lightning and USB-C: 05 (85 for FIPS Devices) -* +1.3.6.1.4.1.41482.3.10+: FIPS Certified YubiKey -* +1.3.6.1.4.1.41482.3.11+: CSPN Certified YubiKey +* +1.3.6.1.4.1.41482.3.10+: FIPS Certified YubiKey (Only present on the factory-loaded Attestation certificate in slot f9. This certificate will be included as part of the attestation certificate chain) +* +1.3.6.1.4.1.41482.3.11+: CSPN Certified YubiKey (Only present on the factory-loaded Attestation certificate in slot f9. This certificate will be included as part of the attestation certificate chain) The YubiKey comes with a pre-loaded attestation certificate signed by a link:piv-attestation-ca.pem[Yubico PIV CA]. This can be overwritten by loading a new key and certificate to slot f9. After the Yubico key is overwritten it can not be brought back. The attestation key and certificate will not be cleared out by a reset of the device.