Yubico Forum

Re: [QUESTION] What do I do with this certificate?

2014-12-16T20:13:51+01:00

Thanks for the info. I was figuring that was the case with the "extra" certificate, but I could never find a solid explanation in the spec documents.

Statistics: Posted by tlockley — Tue Dec 16, 2014 8:13 pm

Re: [QUESTION] What do I do with this certificate?

2014-12-16T21:09:05+01:00

Short answer: Ignore it.

Long answer: It is used to verify the service that a device was manufactured by a specific manufacturer in a specific batch. It is generally only interesting to very paranoid companies. It is not really useful information for end users, and most non-debug implementations should hide it from view. All consumer U2F tokens do not use the attestation certificate to uniquely identify the device (for privacy reasons), so the private key for the attestation certificate (not to be confused with the "device master secret", which is unique to each device) is shared by batches of tokens.

Statistics: Posted by darco — Tue Dec 16, 2014 7:24 pm

[SOLVED] What do I do with this certificate?

2014-12-16T20:14:05+01:00

Been playing with a U2F NEO and so far everything is making sense except for this certificate I get back when I complete a registration. Is that the attestation certificate for my device or something else?

I ask because I am unsure where it gets used, if at all and why I would want to keep it.

Statistics: Posted by tlockley — Tue Dec 16, 2014 6:36 pm