Files
yubikey.rs/doc/Attestation.adoc
T
2016-05-24 15:41:07 +02:00

21 lines
743 B
Plaintext

Using Attestation
-----------------
== Introduction
This feature is only available in YubiKey 4.3 and newer.
A high level description of the thinking and how this can be used can be found link:/PIV/Introduction/PIV_attestation.html[here].
== Usage
Attestation works through a special key slot called “f9” this comes
pre-loaded from factory with a key and cert signed by Yubico, but can be
overwritten.
After a key has been generated in a normal slot it can be attested by this
special key, this can be realised by using the yubico-piv-tool action attest:
$ yubico-piv-tool --action=generate --slot=9a
...
$ yubico-piv-tool --action=attest --slot=9a
The output of this is a PEM encoded certificate, signed by the key in slot f9.