Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 12:55 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Tue Dec 16, 2014 6:36 pm 
Offline

Joined: Tue Dec 16, 2014 3:57 pm
Posts: 2
Been playing with a U2F NEO and so far everything is making sense except for this certificate I get back when I complete a registration. Is that the attestation certificate for my device or something else?

I ask because I am unsure where it gets used, if at all and why I would want to keep it.


Last edited by tlockley on Tue Dec 16, 2014 8:14 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Dec 16, 2014 7:24 pm 
Offline

Joined: Tue Nov 18, 2014 9:14 pm
Posts: 95
Location: San Jose, CA
Short answer: Ignore it.

Long answer: It is used to verify the service that a device was manufactured by a specific manufacturer in a specific batch. It is generally only interesting to very paranoid companies. It is not really useful information for end users, and most non-debug implementations should hide it from view. All consumer U2F tokens do not use the attestation certificate to uniquely identify the device (for privacy reasons), so the private key for the attestation certificate (not to be confused with the "device master secret", which is unique to each device) is shared by batches of tokens.


Last edited by darco on Tue Dec 16, 2014 9:09 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Tue Dec 16, 2014 8:13 pm 
Offline

Joined: Tue Dec 16, 2014 3:57 pm
Posts: 2
Thanks for the info. I was figuring that was the case with the "extra" certificate, but I could never find a solid explanation in the spec documents.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group