Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:32 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Wed Oct 11, 2017 10:22 am 
Offline

Joined: Wed Oct 11, 2017 9:59 am
Posts: 1
As a relying party, we need to verify registration data when enrolling yubico token into our system.
Verification should be done using the public key certified in the attestation certificate. Unfortunately, that public key seems to be invalid.

This is the public key (decompressed value of EC point at P-256 curve) from the certificate:
042fe1a23effa55bff461d59a43522d79748981cba6d289a98f1bd7dff656680dbbbfdbc2bae607e6ef772f576b04d54c4e5f32f596f26e61115c7272cf6ca7594

Whole attestation certificate which is returned in registration response message follows:

-----BEGIN CERTIFICATE-----
MIICTzCCATegAwIBAgIEKtlq8zANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZ
dWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAw
MDBaGA8yMDUwMDkwNDAwMDAwMFowMTEvMC0GA1UEAwwmWXViaWNvIFUyRiBFRSBT
ZXJpYWwgMjM5MjU3MzQ1MTY1NTAzODcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
AAQv4aI+/6Vb/0YdWaQ1IteXSJgcum0ompjxvX3/ZWaA27v9vCuuYH5u93L1drBN
VMTl8y9ZbybmERXHJyz2ynWUozswOTAiBgkrBgEEAYLECgIEFTEuMy42LjEuNC4x
LjQxNDgyLjEuMjATBgsrBgEEAYLlHAIBAQQEAwIEMDANBgkqhkiG9w0BAQsFAAOC
AQEAhWr6i89P/2JfKRvBFY48/70lUrz3VwdT9RIdpqVNJMzP7ifO1qsxEowp/1tb
iQXdoCAXkx8fX1klk1lR/ABLy+IK3X2NBS+VQ7NJbBW4MQ4Qy9m7BTgnT1g+rR9F
EojD6nbQcK1E5Tr+qPItH3NiX/LVif4w3yZiy3y7fJlhgK3P6YpNASzzE0bNEXRq
WEjo/+3z4wzL2cHdIhZxsoOIYfZaRTYjtRjVVn+o8KPOEF308TlT4RTqWeCn8v5m
iGdDLlL9ai9k9zxIzZs48t+6LHpLOxEo3ybWaiT4ld2gthGA9BRPa3B1wxikmuCL
WNNq2x4wU2crF8Whn38KIvEOlA==
-----END CERTIFICATE-----

Also, we do not understand, why subject of the certificate is:
CN = Yubico U2F EE Serial 23925734516550387
while serial number is 718891763 (‎2a d9 6a f3 in hex). But this is not as serious as issue mentioned above.

Has anyone experienced similar problems?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Oct 12, 2017 11:25 am 
Offline
Site Admin
Site Admin

Joined: Mon Mar 02, 2009 9:51 pm
Posts: 83
The certificate you posted it seems to be corrupted. I've tracked down the real certificate with that serial number, and it looks like a few bits are wrong in both the public key and the signature.

Can you test the device against our demo server at demo.yubico.com/u2f ?
If that doesn't give you an error, then the certificate corruption must be happening on your end. If it does give you an error, please copy and paste it here.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group