| Yubico Forum https://forum.yubico.com/ |
|
| Invalid public key in attestation certificate https://forum.yubico.com/viewtopic.php?f=26&t=2749 |
Page 1 of 1 |
| Author: | fremen1983 [ Wed Oct 11, 2017 10:22 am ] |
| Post subject: | Invalid public key in attestation certificate |
As a relying party, we need to verify registration data when enrolling yubico token into our system. Verification should be done using the public key certified in the attestation certificate. Unfortunately, that public key seems to be invalid. This is the public key (decompressed value of EC point at P-256 curve) from the certificate: 042fe1a23effa55bff461d59a43522d79748981cba6d289a98f1bd7dff656680dbbbfdbc2bae607e6ef772f576b04d54c4e5f32f596f26e61115c7272cf6ca7594 Whole attestation certificate which is returned in registration response message follows: -----BEGIN CERTIFICATE----- MIICTzCCATegAwIBAgIEKtlq8zANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZ dWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAw MDBaGA8yMDUwMDkwNDAwMDAwMFowMTEvMC0GA1UEAwwmWXViaWNvIFUyRiBFRSBT ZXJpYWwgMjM5MjU3MzQ1MTY1NTAzODcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC AAQv4aI+/6Vb/0YdWaQ1IteXSJgcum0ompjxvX3/ZWaA27v9vCuuYH5u93L1drBN VMTl8y9ZbybmERXHJyz2ynWUozswOTAiBgkrBgEEAYLECgIEFTEuMy42LjEuNC4x LjQxNDgyLjEuMjATBgsrBgEEAYLlHAIBAQQEAwIEMDANBgkqhkiG9w0BAQsFAAOC AQEAhWr6i89P/2JfKRvBFY48/70lUrz3VwdT9RIdpqVNJMzP7ifO1qsxEowp/1tb iQXdoCAXkx8fX1klk1lR/ABLy+IK3X2NBS+VQ7NJbBW4MQ4Qy9m7BTgnT1g+rR9F EojD6nbQcK1E5Tr+qPItH3NiX/LVif4w3yZiy3y7fJlhgK3P6YpNASzzE0bNEXRq WEjo/+3z4wzL2cHdIhZxsoOIYfZaRTYjtRjVVn+o8KPOEF308TlT4RTqWeCn8v5m iGdDLlL9ai9k9zxIzZs48t+6LHpLOxEo3ybWaiT4ld2gthGA9BRPa3B1wxikmuCL WNNq2x4wU2crF8Whn38KIvEOlA== -----END CERTIFICATE----- Also, we do not understand, why subject of the certificate is: CN = Yubico U2F EE Serial 23925734516550387 while serial number is 718891763 (2a d9 6a f3 in hex). But this is not as serious as issue mentioned above. Has anyone experienced similar problems? |
|
| Author: | dain [ Thu Oct 12, 2017 11:25 am ] |
| Post subject: | Re: Invalid public key in attestation certificate |
The certificate you posted it seems to be corrupted. I've tracked down the real certificate with that serial number, and it looks like a few bits are wrong in both the public key and the signature. Can you test the device against our demo server at demo.yubico.com/u2f ? If that doesn't give you an error, then the certificate corruption must be happening on your end. If it does give you an error, please copy and paste it here. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|