17 lines
587 B
Plaintext
17 lines
587 B
Plaintext
Using Attestation
|
|
-----------------
|
|
|
|
This feature is only available in YubiKey 4.3 and newer.
|
|
|
|
Attestation works through a special key slot called “f9” this comes
|
|
pre-loaded from factory with a key and cert signed by Yubico, but can be
|
|
overwritten.
|
|
After a key has been generated in a normal slot it can be attested by this
|
|
special key, this can be realised by using the yubico-piv-tool action attest:
|
|
|
|
$ yubico-piv-tool --action=generate --slot=9a
|
|
...
|
|
$ yubico-piv-tool --action=attest --slot=9a
|
|
|
|
The output of this is a PEM encoded certificate, signed by the key in slot f9.
|