< draft-richardson-rats-usecases-04.txt   draft-richardson-rats-usecases-05.txt >
RATS Working Group M. Richardson RATS Working Group M. Richardson
Internet-Draft Sandelman Software Works Internet-Draft Sandelman Software Works
Intended status: Informational C. Wallace Intended status: Informational C. Wallace
Expires: January 9, 2020 Red Hound Software Expires: April 8, 2020 Red Hound Software
W. Pan W. Pan
Huawei Technologies Huawei Technologies
July 08, 2019 October 06, 2019
Use cases for Remote Attestation common encodings Use cases for Remote Attestation common encodings
draft-richardson-rats-usecases-04 draft-richardson-rats-usecases-05
Abstract Abstract
This document details mechanisms created for performing Remote This document details mechanisms created for performing Remote
Attestation that have been used in a number of industries. The Attestation that have been used in a number of industries. The
document initially focuses on existing industry verticals, mapping document initially focuses on existing industry verticals, mapping
terminology used in those specifications to the more abstract terminology used in those specifications to the more abstract
terminology used by the IETF RATS Working Group. terminology used by the IETF RATS Working Group.
The document aspires to describe possible future use cases that would The document aspires to describe possible future use cases that would
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 9, 2020. This Internet-Draft will expire on April 8, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 19 skipping to change at page 2, line 19
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Static attestations . . . . . . . . . . . . . . . . . . . 4 2.1. Static attestations . . . . . . . . . . . . . . . . . . . 4
2.2. Session attestations . . . . . . . . . . . . . . . . . . 4 2.2. Session attestations . . . . . . . . . . . . . . . . . . 4
2.3. Statements . . . . . . . . . . . . . . . . . . . . . . . 4 2.3. Statements . . . . . . . . . . . . . . . . . . . . . . . 4
2.4. Hardware Root Of Trust . . . . . . . . . . . . . . . . . 4 2.4. Hardware Root Of Trust . . . . . . . . . . . . . . . . . 4
3. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 2.5. Template for Use cases . . . . . . . . . . . . . . . . . 5
4. Overview of Sources of Use Cases . . . . . . . . . . . . . . 4 3. Requirements Language . . . . . . . . . . . . . . . . . . . . 5
5. Use case summaries . . . . . . . . . . . . . . . . . . . . . 5 4. Overview of Sources of Use Cases . . . . . . . . . . . . . . 6
5.1. Device Capabilities/Firmware Attestation . . . . . . . . 5 5. Use case summaries . . . . . . . . . . . . . . . . . . . . . 6
5.1.1. Relying on an Attestation Server . . . . . . . . . . 5 5.1. Device Capabilities/Firmware Attestation . . . . . . . . 6
5.1.2. Autonomous Relying Party . . . . . . . . . . . . . . 5 5.1.1. Relying on an (third-party) Attestation Server . . . 7
5.1.3. Proxy Root of Trust . . . . . . . . . . . . . . . . . 5 5.1.2. Autonomous Relying Party . . . . . . . . . . . . . . 7
5.1.4. network scaling - small . . . . . . . . . . . . . . . 6 5.1.3. Proxy Root of Trust . . . . . . . . . . . . . . . . . 8
5.1.5. network scaling - medium . . . . . . . . . . . . . . 6 5.1.4. network scaling - small . . . . . . . . . . . . . . . 8
5.1.6. network scaling - large . . . . . . . . . . . . . . . 6 5.1.5. network scaling - medium . . . . . . . . . . . . . . 9
5.2. Hardware resiliency / watchdogs . . . . . . . . . . . . . 6 5.1.6. network scaling - large . . . . . . . . . . . . . . . 9
5.3. IETF TEEP WG use case . . . . . . . . . . . . . . . . . . 7 5.2. Hardware resiliency / watchdogs . . . . . . . . . . . . . 10
5.4. Confidential Machine Learning (ML) model . . . . . . . . 7 5.3. IETF TEEP WG use case . . . . . . . . . . . . . . . . . . 10
5.5. Critical infrastructure . . . . . . . . . . . . . . . . . 7 5.4. Confidential Machine Learning (ML) model . . . . . . . . 11
5.5.1. Computation characteristics . . . . . . . . . . . . . 7 5.5. Critical infrastructure . . . . . . . . . . . . . . . . . 11
5.6. Cryptographic Key Attestation . . . . . . . . . . . . . . 8 5.5.1. Computation characteristics . . . . . . . . . . . . . 12
5.6.1. Device Type Attestation . . . . . . . . . . . . . . . 8 5.6. Virtualized multi-tenant hosts . . . . . . . . . . . . . 13
5.6.2. Key storage attestation . . . . . . . . . . . . . . . 8 5.7. Cryptographic Key Attestation . . . . . . . . . . . . . . 13
5.6.3. End user authorization . . . . . . . . . . . . . . . 9 5.7.1. Device Type Attestation . . . . . . . . . . . . . . . 14
5.7. Geographic attestation . . . . . . . . . . . . . . . . . 9 5.7.2. Key storage attestation . . . . . . . . . . . . . . . 14
5.7.1. I am here . . . . . . . . . . . . . . . . . . . . . . 9 5.7.3. End user authorization . . . . . . . . . . . . . . . 15
5.7.2. I am near . . . . . . . . . . . . . . . . . . . . . . 9 5.8. Geographic attestation . . . . . . . . . . . . . . . . . 15
5.7.3. You are here . . . . . . . . . . . . . . . . . . . . 10 5.8.1. I am here . . . . . . . . . . . . . . . . . . . . . . 16
5.8. Connectivity attestation . . . . . . . . . . . . . . . . 10 5.8.2. I am near . . . . . . . . . . . . . . . . . . . . . . 16
6. Technology users for RATS . . . . . . . . . . . . . . . . . . 10 5.8.3. You are here . . . . . . . . . . . . . . . . . . . . 16
6.1. Trusted Computing Group (TCG) . . . . . . . . . . . . . . 10 5.9. Connectivity attestation . . . . . . . . . . . . . . . . 16
6.2. Android Keystore system . . . . . . . . . . . . . . . . . 12 5.10. Component connectivity attestation . . . . . . . . . . . 17
6.3. Fast IDentity Online (FIDO) Alliance . . . . . . . . . . 12 5.11. Device provenance attestation . . . . . . . . . . . . . . 17
7. Examples of Existing Attestation Formats. . . . . . . . . . . 14 6. Technology users for RATS . . . . . . . . . . . . . . . . . . 18
7.1. Android Keystore . . . . . . . . . . . . . . . . . . . . 14 6.1. Trusted Computing Group Remove Integrity Verification
7.1.1. TEE . . . . . . . . . . . . . . . . . . . . . . . . . 15 (TCG-RIV) . . . . . . . . . . . . . . . . . . . . . . . . 18
7.1.2. Secure Element . . . . . . . . . . . . . . . . . . . 19 6.2. Android Keystore system . . . . . . . . . . . . . . . . . 20
7.2. Windows 10 TPM . . . . . . . . . . . . . . . . . . . . . 24 6.3. Fast IDentity Online (FIDO) Alliance . . . . . . . . . . 21
7.2.1. Attestation statement . . . . . . . . . . . . . . . . 25
7.3. Yubikey . . . . . . . . . . . . . . . . . . . . . . . . . 28 7. Examples of Existing Attestation Formats. . . . . . . . . . . 22
7.3.1. Yubikey 4 . . . . . . . . . . . . . . . . . . . . . . 28 7.1. Android Keystore . . . . . . . . . . . . . . . . . . . . 22
7.3.2. Yubikey 5 . . . . . . . . . . . . . . . . . . . . . . 30 7.1.1. TEE . . . . . . . . . . . . . . . . . . . . . . . . . 23
8. Privacy Considerations. . . . . . . . . . . . . . . . . . . . 31 7.1.2. Secure Element . . . . . . . . . . . . . . . . . . . 35
9. Security Considerations . . . . . . . . . . . . . . . . . . . 31 7.2. Windows 10 TPM . . . . . . . . . . . . . . . . . . . . . 48
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 7.2.1. Attestation statement . . . . . . . . . . . . . . . . 50
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 32 7.3. Yubikey . . . . . . . . . . . . . . . . . . . . . . . . . 54
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 7.3.1. Yubikey 4 . . . . . . . . . . . . . . . . . . . . . . 54
12.1. Normative References . . . . . . . . . . . . . . . . . . 32 7.3.2. Yubikey 5 . . . . . . . . . . . . . . . . . . . . . . 58
12.2. Informative References . . . . . . . . . . . . . . . . . 32 8. Privacy Considerations. . . . . . . . . . . . . . . . . . . . 62
Appendix A. Changes . . . . . . . . . . . . . . . . . . . . . . 34 9. Security Considerations . . . . . . . . . . . . . . . . . . . 62
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 34 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 62
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 62
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 62
12.1. Normative References . . . . . . . . . . . . . . . . . . 62
12.2. Informative References . . . . . . . . . . . . . . . . . 62
Appendix A. Changes . . . . . . . . . . . . . . . . . . . . . . 65
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 65
1. Introduction 1. Introduction
The recently chartered IETF RATS WG intends to create a system of The recently chartered IETF RATS WG intends to create a system of
attestations that can be shared across a multitude of different attestations that can be shared across a multitude of different
users. users.
This document exists as place to collect use cases for the common This document exists as place to collect use cases for the common
RATS technologies in support of the IETF RATS charter point 1. This RATS technologies in support of the IETF RATS charter point 1. This
document is not expected to be published as an RFC, but remain open document is not expected to be published as an RFC, but remain open
skipping to change at page 4, line 24 skipping to change at page 4, line 27
result of evaluating attestations that are attached to the result of evaluating attestations that are attached to the
certificates used to create such a session. certificates used to create such a session.
2.3. Statements 2.3. Statements
The term "statement" is used as the generic term for the semantic The term "statement" is used as the generic term for the semantic
content which is being attested to. content which is being attested to.
2.4. Hardware Root Of Trust 2.4. Hardware Root Of Trust
(TBD: Seeking something useful here.) [SP800-155] offers the following definition for root of trust.
"Roots of Trust are components (software, hardware, or hybrid) and computing
engines that constitute a set of unconditionally trusted functions. Reliable
and trustworthy BIOS integrity measurement and reporting depend upon software
agents; each software agent relies upon Roots of Trust, and the level of
trustworthiness in each agent depends on its Roots of Trust. BIOS integrity
measurement requires the coordination of a Measurement Agent to harvest
measurements, a Storage Agent to protect the measurements from modification
until they can be reported, and a Reporting Agent to reliably report the
measurements. Each of these agents has a corresponding Root of Trust (Root of
Trust for Measurement, etc.) These Roots of Trust must act in concert and
build on each other to enable reliable and trustworthy measurement,
reporting, and verification of BIOS integrity measurements."
SP800-155 uses the terms RoT for Reporting, Storage and Measurement,
but not RoT for Verification - it uses "Verification Agent". Though
it is assumed the verifier is trustworthy.
However, [tcgglossary] (page 9) includes a RoT for Verification (RTV)
as well.
The TCG Glossary also offers a general definition for Root of Trust
"A component that performs one or more security-specific functions,
such as measurement, storage, reporting, verification, and/or update.
It is trusted always to behave in the expected manner, because its
misbehavior cannot be detected (such as by measurement) under normal
operation. "
[SP800-147B] defines RoT for Update (RoTU) and RoTU verification
(RoTU-v).
The TCG definition seems more concise than the NIST, but gets to the
same point.
For the purpose of this documenet, a hardware root of trust refers to
security functionality that is trusted to behave in the expected
manner, because its misbehavior cannot be detected under normal
operation and resists soft exploits by encapsulating the
functionality in hardware.
2.5. Template for Use cases
Each use case will consist of a table with a number of constant
fields, as illustrated below. The claim names will be loosely
synchronized with the EAT draft. The architecture draft (will)
describe two classes of attestation flow: the passport type (Attestee
sends evidence to Attester, receives signed statment, which is sent
to relying party), or the background check type (Attestee sends
measurements to Relying party, Relying Party checks with Attester).
Use case name: Twelve Monkeys
Who will use it: Army of the Twelve Monkeys SDO
Attesting Party: James Cole
Relying Party: Dr. Kathryn Reilly
Attestation type: Passport
Claims used: OEM Identity, Age Claim, Location Claim, ptime Claim
Description: James Cole must convince Dr. Reilly he is from the
future, and not insane.
3. Requirements Language 3. Requirements Language
This document is not a standards track document and does not make any This document is not a standards track document and does not make any
normative protocol requirements using terminology described in normative protocol requirements using terminology described in
[RFC2119]. [RFC2119].
4. Overview of Sources of Use Cases 4. Overview of Sources of Use Cases
The following specifications have been convered in this document: The following specifications have been covered in this document:
o The Trusted Computing Group "Network Attestation System" (private o The Trusted Computing Group "Network Device Attestation Workflow"
document) [I-D.fedorkow-rats-network-device-attestation]
o Android Keystore o Android Keystore
o Fast Identity Online (FIDO) Alliance attestation, o Fast Identity Online (FIDO) Alliance attestation,
This document will be expanded to include summaries from: This document will be expanded to include summaries from:
o Trusted Computing Group (TCG) Trusted Platform Module o Trusted Computing Group (TCG) Trusted Platform Module
(TPM)/Trusted Software Stack (TSS) (TPM)/Trusted Software Stack (TSS)
skipping to change at page 5, line 4 skipping to change at page 6, line 25
This document will be expanded to include summaries from: This document will be expanded to include summaries from:
o Trusted Computing Group (TCG) Trusted Platform Module o Trusted Computing Group (TCG) Trusted Platform Module
(TPM)/Trusted Software Stack (TSS) (TPM)/Trusted Software Stack (TSS)
o ARM "Platform Security Architecture" o ARM "Platform Security Architecture"
[I-D.tschofenig-rats-psa-token] [I-D.tschofenig-rats-psa-token]
o Intel SGX attestation [intelsgx] o Intel SGX attestation [intelsgx]
o Windows Defender System Guard attestation [windowsdefender] o Windows Defender System Guard attestation [windowsdefender]
o Windows Device Health Attestation [windowshealth] o Windows Device Health Attestation [windowshealth]
o Azure Sphere Attestation [azureattestation]: o Azure Sphere Attestation [azureattestation]:
https://azure.microsoft.com/enus/resources/azure-sphere-device- https://azure.microsoft.com/enus/resources/azure-sphere-device-
authentication-andattestation-service/en-us/ authentication-andattestation-service/en-us/
o IETF NEA WG [RFC5209] o IETF NEA WG [RFC5209]
And any additional sources suggested. And any additional sources suggested.
5. Use case summaries 5. Use case summaries
This section lists a series of cases where an attestation is done. This section lists a series of cases where an attestation is done.
5.1. Device Capabilities/Firmware Attestation 5.1. Device Capabilities/Firmware Attestation
A network operator wants to know the qualities of the hardware and This is a category of claims
software on the machines attached to their network. The process
starts with some kind of Root of Trust, performs a series of
measurements, and expresses this with an attestation as to the
hardware and firmware/software which is running. This is a general
description for which there are many specific use cases.
5.1.1. Relying on an Attestation Server Use case name: Device Identity
The measurements from a heterogenous network of devices are provided Who will use it: Network Operators
to device-specific attestation servers. The attestation servers know
what the "golden" measurements are, and perform the appropriate Attesting Party: varies
evaluations, resulting in attestations that the relying parties can
depend upon. Attestation type: varies
Relying Party: varies
Claims used: TBD
Description: Network operators want a trustworth report of identity
and version of information of the hardware and software on the
machines attached to their network. The process starts with some
kind of Root of Trust that provides device identity and protected
storage for measurements. The mechanism performs a series of
measurements, and expresses this with an attestation as to the
hardware and firmware/software which is running.
This is a general description for which there are many specific use
cases, including [I-D.fedorkow-rats-network-device-attestation]
section 1.2, "Software Inventory"
5.1.1. Relying on an (third-party) Attestation Server
Use case name: Third Party Attestation Server
Who will use it: Network Operators
Attestation type: background check
Attesting Party: manufacturer of OS or hardware system
Relying Party: network access control systems
Claims used: TBD
Description: The measurements from a heterogenous network of devices
are provided to device-specific attestation servers. The
attestation servers know what the "golden" measurements are, and
perform the appropriate evaluations, resulting in attestations
that the relying parties can depend upon.
5.1.2. Autonomous Relying Party 5.1.2. Autonomous Relying Party
The signed measurements are sent to a relying party which must Use case name: Autonomous
validate them directly. (It may do so with the help of of a signed
list of golden values, or some other process). The relying party Who will use it: network operators
needs to validate the signed statements directly.
Attestation type: passport
Attesting Party: manufacturer of OS or hardware system
Relying Party: peer systems
Claims used: TBD
Description: The signed measurements are sent to a relying party
which must validate them directly. They are not sent to a third
party. (It may do so with the help of a signed list of golden
values, or some other process). The relying party needs to
validate the signed statements directly.
This may occur because the network is not connected, or even because This may occur because the network is not connected, or even because
it can not be connected until the equipment is validated. it can not be connected until the equipment is validated.
5.1.3. Proxy Root of Trust 5.1.3. Proxy Root of Trust
A variety of devices provide measurements via their Root of Trust. A Use case name: Proxy Root of Trust
server collects these measurements, and (having applied a local
policy) then creates a device agnostic attestation. The relying Who will use it: network operators
party can validate the claims in a standard format.
Attestation type: passport
Attesting Party: manufacturer of OS or hardware system
Relying Party: peer systems
Claims used: TBD
Description: A variety of devices provide measurements via their
Root of Trust. A proxy server collects these measurements, and
(having applied a local policy) then creates a device agnostic
attestation. The relying party can validate the claims in a
standard format.
5.1.4. network scaling - small 5.1.4. network scaling - small
An entire network of systems needs to be validated (such as all the Use case name: Network scaled - small
desktops in an enterprise's building). The infrastructure is in
control of a single operator and is already trusted. The network can Who will use it: enterprises
be partitioned so that machines that do not pass attestation can be
quarantined. A 1:1 relationship between the device and the relying Attestation type: background check
party can be used to maintain freshness of the attestation.
Attesting Party: manufacturer of OS or hardware system
Relying Party: network equipment
Claims used: TBD
Description: An entire network of systems needs to be validated
(such as all the desktops in an enterprise's building). The
infrastructure is in control of a single operator and is already
trusted. The network can be partitioned so that machines that do
not pass attestation can be quarantined. A 1:1 relationship
between the device and the relying party can be used to maintain
freshness of the attestation.
5.1.5. network scaling - medium 5.1.5. network scaling - medium
An entire network of systems needs to be validated: such as all the Use case name: Network scaled - medium
desktops in an enterprise's building, or all the routers at an ISP.
The infrastructure is not necessarily trusted: it could be subverted, Who will use it: larger enterprises, including network operators
and it must also attest. The devices may be under a variety of
operators, and may be mutually suspicious: each device may therefore Attestation type: passport
need to process attestations from every other device. An NxM mesh of
attestations may be untenable, but a system of N:1:M relationships Attesting Party: manufacturer of OS or hardware system
can be setup via proxy attestations.
Relying Party: network equipment
Claims used: TBD
Description: An entire network of systems needs to be validated:
such as all the desktops in an enterprise's building, or all the
routers at an ISP. The infrastructure is not necessarily trusted:
it could be subverted, and it must also attest. The devices may
be under a variety of operators, and may be mutually suspicious:
each device may therefore need to process attestations from every
other device. An NxM mesh of attestations may be untenable, but a
system of N:1:M relationships can be setup via proxy attestations.
5.1.6. network scaling - large 5.1.6. network scaling - large
An entire network of systems need to be continuously attested. This Use case name: Network scaled - medium
could be all of the smartphones on an LTE network, or every desktop
system in a worldwide enterprise. The network operator wishes to do Who will use it: telco/LTE operators
this in order maintain identities of connected devices more than to
validate correct firmware, but both situations are reasonable. Attestation type: passport
Attesting Party: manufacturer of OS or hardware system
Relying Party: malware auditing systems
Claims used: TBD
Description: An entire network of systems need to be continuously
attested. This could be all of the smartphones on an LTE network,
or every desktop system in a worldwide enterprise. The network
operator wishes to do this in order to maintain identities of
connected devices more than to validate correct firmware, but both
situations are reasonable.
5.2. Hardware resiliency / watchdogs 5.2. Hardware resiliency / watchdogs
One significant problem is malware that holds a device hostage and Use case name: Hardware watchdog
does not allow it to reboot to prevent updates to be applied. This
is a significant problem, because it allows a fleet of devices to be Who will use it: individual system designers
held hostage for ransom. Within CyRes the TCG is defining hardware
Attention Triggers that force a periodical reboot in hardware. Attestation type: passport
Attesting Party: manufacturer of OS or hardware system
Relying Party: bootloader or service processor
Claims used: TBD
Description: One significant problem is malware that holds a device
hostage and does not allow it to reboot to prevent updates to be
applied. This is a significant problem, because it allows a fleet
of devices to be held hostage for ransom. Within CyRes the TCG is
defining hardware Attention Triggers that force a periodical
reboot in hardware.
This can be implemented by forcing a reboot unless attestation to an This can be implemented by forcing a reboot unless attestation to an
Attestation Server succeeds within the period interval, and having a Attestation Server succeeds within the period interval, and having a
reboot do remediation by bringing a device into compliance, including reboot do remediation by bringing a device into compliance, including
installation of patches as needed. installation of patches as needed.
This is unlike the previous section on Device Attestation in that the This is unlike the previous section on Device Attestation in that the
attestation comes from a network operator, as to the device's need to attestation comes from a network operator, as to the device's need to
continue operating, and is evaluated by trusted firmware (the relying continue operating, and is evaluated by trusted firmware (the relying
party), which resets a watchdog timer. party), which resets a watchdog timer.
5.3. IETF TEEP WG use case 5.3. IETF TEEP WG use case
The "Trusted Application Manager (TAM)" server wants to verify the Use case name: TAM validation
state of a TEE, or applications in the TEE, of a device. The TEE
attests to the TAM, which can then decide whether to install Who will use it: The TAM server
sensitive data in the TEE, or whether the TEE is out of compliance
and the TAM needs to install updated code in the TEE to bring it back Attestation type: background check
into compliance with the TAM's policy.
Attesting Party: Trusted Execution Environment (TEE)
Relying Party: end-application
Claims used: TBD
Description: The "Trusted Application Manager (TAM)" server wants to
verify the state of a TEE, or applications in the TEE, of a
device. The TEE attests to the TAM, which can then decide whether
to install sensitive data in the TEE, or whether the TEE is out of
compliance and the TAM needs to install updated code in the TEE to
bring it back into compliance with the TAM's policy.
5.4. Confidential Machine Learning (ML) model 5.4. Confidential Machine Learning (ML) model
Microsoft talked about this category of use cases at the recent Use case name: Machine Learning protection
Microsoft //build conference.
Who will use it: Machine Learning systems
Attestation type: TBD
Attesting Party: hardware TEE
Relying Party: machine learning model owner
Claims used: TBD
Description: Microsoft talked about this category of use cases at
the recent Microsoft //build conference.
An example use case is where a device manufacturer wants to protect An example use case is where a device manufacturer wants to protect
its intellectual property in terms of the ML model it developed and its intellectual property in terms of the ML model it developed and
that runs in the devices that its customers purchased, and it wants that runs in the devices that its customers purchased, and it wants
to prevent attackers, potentially including the customer themselves, to prevent attackers, potentially including the customer themselves,
from seeing the details of the model. This works by having some from seeing the details of the model. This works by having some
protected environment (e.g., a hardware TEE) in the device attest to protected environment (e.g., a hardware TEE) in the device attest to
some manufacturer's service, which if attestation succeeds, then the some manufacturer's service, which if attestation succeeds, then the
manufacturer service releases the model, or a key to decrypt the manufacturer service releases the model, or a key to decrypt the
model, to the requester. If a hardware TEE is involved, then this model, to the requester. If a hardware TEE is involved, then this
use case overlaps with the TEEP use case. use case overlaps with the TEEP use case.
5.5. Critical infrastructure 5.5. Critical infrastructure
When a protocol operation can affect some critical system, the device Use case name: Critical Infrastructure
attached to the critical equipment wants some assurance that the
requester has not been compromised. As such, attestation can be used Who will use it: devices
to only accept commands from requesters that are within policy.
Hardware attestation in particular, especially in conjunction with a Attestation type: TBD
TEE on the requester side, can provide protection against many types
of malware. Attesting Party: plant controller
Relying Party: actuator
Claims used: TBD
Description: When a protocol operation can affect some critical
system, the device attached to the critical equipment wants some
assurance that the requester has not been compromised. As such,
attestation can be used to only accept commands from requesters
that are within policy. Hardware attestation in particular,
especially in conjunction with a TEE on the requester side, can
provide protection against many types of malware.
5.5.1. Computation characteristics 5.5.1. Computation characteristics
A group of enterprises organized as a consortium seeks to deploy Use case name: Shared Block Chain Computational claims
computing node s as the basis of their shared blockchain system.
Each member of the consortium must forward an equal number of Who will use it: Consortia of Computation systems
computing nodes to participate in the P2P network of nodes that form
the basis of the blockchain system. In order to prevent the various Attestation type: TBD
issues (e.g. concentration of hash power, anonymous mining nodes)
found in other blockchain systems, each computing node must comply to Attesting Party: computer system (physical or virtual)
a predefined allowable manifest of system hardware, software and
firmware, as agreed to by the membership of the consortium. Thus, a Relying Party: other computer systems
given computing node must be able to report the (pre-boot)
configuration of its system and be able to report at an y time the Claims used: TBD
operational status of the various components that make-up its system.
Description: A group of enterprises organized as a consortium seeks
to deploy computing nodes as the basis of their shared blockchain
system. Each member of the consortium must forward an equal
number of computing nodes to participate in the P2P network of
nodes that form the basis of the blockchain system. In order to
prevent the various issues (e.g. concentration of hash power,
anonymous mining nodes) found in other blockchain systems, each
computing node must comply to a predefined allowable manifest of
system hardware, software and firmware, as agreed to by the
membership of the consortium. Thus, a given computing node must
be able to report the (pre-boot) configuration of its system and
be able to report at an y time the operational status of the
various components that make-up its system.
The consortium seeks to have the following things attested: system The consortium seeks to have the following things attested: system
configuration, group membership, and virtualization status. configuration, group membership, and virtualization status.
This is a peer-to-peer protocol so each device in the consortium is a This is a peer-to-peer protocol so each device in the consortium is a
relying party. The attestation may be requested online by another relying party. The attestation may be requested online by another
entity within the consortium, but not by other parties. The entity within the consortium, but not by other parties. The
attestation needs to be compact and interoperable and may be included attestation needs to be compact and interoperable and may be included
in the blockchain itself at the completion of the consensus in the blockchain itself at the completion of the consensus
algorithm. algorithm.
The attestation will need to start in a hardware RoT in order to The attestation will need to start in a hardware RoT in order to
validate if the system is running real hardware rather than running a validate if the system is running real hardware rather than running a
virtual machine. virtual machine.
5.6. Cryptographic Key Attestation 5.6. Virtualized multi-tenant hosts
The relying party wants to know how secure a private key that Use case name: Multi-tenant hosts
identifies an entity is. Unlike the network attestation, the relying
party is not part of the network infrastructure, nor do they
necessarily have a business relationship (such as ownership) over the
end device.
5.6.1. Device Type Attestation Who will use it: Virtual machine systems
This use case convinces the relying party of the characteristics of a Attestation type: TBD
device. For privacy reasons, it might not identify the actual device
itself, but rather the class of device. The relying party can
understand from either in-band (claims) or out-of-band (model
numbers, which may be expressed as a claim) whether the device has
features such as a hardware TPM, software TPM via TEE, or software
TPM without TEE. Other details such as the availability of finger-
print readers or HDMI outputs may also be inferred.
5.6.2. Key storage attestation Attesting Party: virtual machine hypervisor
This use case convinces the relying party only about the provenance Relying Party: network operators
of a private key by providing claims of the storage security of the
private key. This can be conceived as a subset of the previous case, Claims used: TBD
but may be apply very specifically to just a keystore. Additional
details associated with the private key may be provided as well, Description: The host system will do verification as per 5.1.
including limitations on usage of the key.
The tenant virtual machines will do verification as per 5.1
The network operator wants to know if the system _as a whole_ is free
of malware, but the network operator is not allowed to know who the
tenants are.
This is contrasted to the Chassis + Line Cards case (To Be Defined:
TBD).
Multiple Line Cards, but a small attestation system on the main card
can combine things together. This is a kind of proxy.
5.7. Cryptographic Key Attestation
Use case name: Key Attestation
Who will use it: network authentication systems
Attestation type: TBD
Attesting Party: device platform
Relying Party: internet peers
Claims used: TBD
Description: The relying party wants to know how secure a private
key that identifies an entity is. Unlike the network attestation,
the relying party is not part of the network infrastructure, nor
do they necessarily have a business relationship (such as
ownership) over the end device.
5.7.1. Device Type Attestation
Use case name: Device Type Attestation
Who will use it: mobile platforms
Attestation type: TBD
Attesting Party: device platform
Relying Party: internet peers
Claims used: TBD
Description: This use case convinces the relying party of the
characteristics of a device. For privacy reasons, it might not
identify the actual device itself, but rather the class of device.
The relying party can understand from either in-band (claims) or
out-of-band (model numbers, which may be expressed as a claim)
whether the device has trustworthy features such as a hardware
TPM, software TPM via TEE, or software TPM without TEE. Other
details such as the availability of finger-print readers or HDMI
outputs may also be inferred.
5.7.2. Key storage attestation
Use case name: Key storage Attestation
Who will use it: secure key storage subsystems
Attestation type: TBD
Attesting Party: device platform
Relying Party: internet peers
Claims used: TBD
Description: This use case convinces the relying party only about
the provenance of a private key by providing claims of the storage
security of the private key. This can be conceived as a subset of
the previous case, but may be apply very specifically to just a
keystore. Additional details associated with the private key may
be provided as well, including limitations on usage of the key.
Key storage attestations may be consumed by systems provisioning Key storage attestations may be consumed by systems provisioning
public key certificates for devices or human users. In these cases, public key certificates for devices or human users. In these cases,
attestations may be incorporated into certificate request protocols attestations may be incorporated into certificate request protocols
(e.g., EST {#rfc7030}, CMP {#rfc4210}, ACME {#rfc8555}, SCEP (e.g., EST {#rfc7030}, CMP {#rfc4210}, ACME {#rfc8555}, SCEP
[I-D.gutmann-scep], etc.) and processed by registration authorities [I-D.gutmann-scep], etc.) and processed by registration authorities
or certification authorities prior to determining contents for any or certification authorities prior to determining contents for any
issued certificate. issued certificate.
5.6.3. End user authorization 5.7.3. End user authorization
This use case convinces the relying party that the digital signatures Use case name: End User authorization
made by the indicated key pair were done with the approval of the
end-user operator. This may also be considered possible subset of
the device attestation above, but the attestation may be on a case-
by-case basis. The nature of the approval by the end-user would be
indicated. Examples include: the user unlocked the device, the user
viewed some message and acknowledge it inside an app, the message was
displayed to the user via out-of-app control mechanism. The
acknowledgements could include selecting options on the screen,
pushing physical buttons, scanning fingerprints, proximity to other
devices (via bluetooth beacons, chargers, etc)
5.7. Geographic attestation Who will use it: authorization systems
The relying party wants to know the physical location (on the planet Attestation type: TBD
earth) of the device. This may be provided directly by a
GPS/GLONASS/Galileo module that is incorporated into a TPM. This may
also be provided by collecting other proximity messages from other
device that the relying party can form a trust relationship with.
5.7.1. I am here Attesting Party: device platform
Relying Party: internet peers
Claims used: TBD
Description: This use case convinces the relying party that the
digital signatures made by the indicated key pair were done with
the approval of the end-user operator. This may also be
considered possible subset of the device attestation above, but
the attestation may be on a case-by-case basis. The nature of the
approval by the end-user would be indicated. Examples include:
the user unlocked the device, the user viewed some message and
acknowledge it inside an app, the message was displayed to the
user via out-of-app control mechanism. The acknowledgements could
include selecting options on the screen, pushing physical buttons,
scanning fingerprints, proximity to other devices (via bluetooth
beacons, chargers, etc)
5.8. Geographic attestation
Use case name: Location attestation
Who will use it: geo-fenced systems
Attestation type: passport (probably)
Attesting Party: secure GPS system(s)
Relying Party: internet peers
Claims used: TBD
Description: The relying party wants to know the physical location
(on the planet earth) of the device. This may be provided
directly by a GPS/GLONASS/Galileo module that is incorporated into
a TPM. This may also be provided by collecting other proximity
messages from other device that the relying party can form a trust
relationship with.
5.8.1. I am here
The simplest use case is the claim of some specific coordinates. The simplest use case is the claim of some specific coordinates.
5.7.2. I am near 5.8.2. I am near
The second use case is the claim that some other devices are nearby. The second use case is the claim that some other devices are nearby.
This may be absolute ("I am near device X, which claims to be at This may be absolute ("I am near device X, which claims to be at
location A"), or just relative, ("I am near device X"). This use location A"), or just relative, ("I am near device X"). This use
could use "I am here" or "I am near" claims from a 1:1 basis with could use "I am here" or "I am near" claims from a 1:1 basis with
device X, or use some other protocol. The nature of how the device X, or use some other protocol. The nature of how the
proximity was established would be part of this claim. In order to proximity was established would be part of this claim. In order to
defeat a variety of mechanisms that might attempt to proxy defeat a variety of mechanisms that might attempt to proxy
("wormhole") radio communications, highly precise clocks may be ("wormhole") radio communications, highly precise clocks may be
required, and there may also have to be attestations as to the required, and there may also have to be attestations as to the
skipping to change at page 10, line 10 skipping to change at page 16, line 36
An additional example of being near would be for the case where two An additional example of being near would be for the case where two
smartphones can establish that they are together by recording a smartphones can establish that they are together by recording a
common random movement, such as both devices being shaken together. common random movement, such as both devices being shaken together.
Each device may validate the claim from the other (in a disconnected Each device may validate the claim from the other (in a disconnected
fashion), or a third party may validate the claim as the relying fashion), or a third party may validate the claim as the relying
party. party.
This could be used to establish that a medical professional was in This could be used to establish that a medical professional was in
proximity of a patient with implanted devices who needs help. proximity of a patient with implanted devices who needs help.
5.7.3. You are here 5.8.3. You are here
A third way to establish location is for a third party to communicate A third way to establish location is for a third party to communicate
directly with the relying party. The nature of how this trust is directly with the relying party. The nature of how this trust is
established (and whether it is done recursively) is outside of the established (and whether it is done recursively) is outside of the
scope here. What is critical is that the identity of "You" can be scope here. What is critical is that the identity of "You" can be
communicated through the third party in a way that the relying party communicated through the third party in a way that the relying party
can use, but other intermediaries can not view. can use, but other intermediaries can not view.
5.8. Connectivity attestation 5.9. Connectivity attestation
The relying party wants to know what devices are connected. A Use case name: Connectivity attestation
typical situation would be a media owner needing to know what TV
device is connected via HDMI and if High-bandwidth Digital Content Who will use it: entertainment systems
Protection (HDCP) is intact.
Attestation type: TBD
Attesting Party: hardware-manufacturer/TEE
Relying Party: connected peer
Claims used: TBD
Description: The relying party wants to know what devices are
connected. A typical situation would be a media owner needing to
know what TV device is connected via HDMI and if High-bandwidth
Digital Content Protection (HDCP) is intact.
5.10. Component connectivity attestation
Use case name: Component connectivity
Who will use it: chassis systems with pluggable components
Attestation type: background check
Attesting Party: line card
Relying Party: management/control plane software
Claims used: TBD
Description: A management controller or similar hardware component
wants to know what peripherals, rack scale device or other
dynamically configurable components are currently attached to the
platform that is under management controller control. The
management controller may serve as attestation verifier over a
local bus or backplane but may also aggregate local attestation
results and act as a platform attester to a remote verifier.
5.11. Device provenance attestation
Use case name: RIV - Device Provenance
Who will use it: Industrial IoT devices
Attestation type: passport
Attesting Party: network management station
Relying Party: a network entity
Claims used: TBD
Description: A newly manufactured device needs to be onboarded into
a network where many if not all device management duties are
performed by the network owner. The device owner wants to verify
the device originated from a legitimate vendor. A cryptographic
device identity such as an IEEE802.1AR is embedded during
manufacturing and a certificate identifying the device is
delivered to the owner onboarding agent. The device authenticates
using its 802.1AR IDevID to prove it originated from the expected
vendor.
The device chain of custody from the original device manufacturer to
the new owner may also be verified as part of device provenance
attestation. The chain of custody history may be collected by a
cloud service or similar capability that the supply chain and owner
agree to use.
[I-D.fedorkow-rats-network-device-attestation] section 1.2 refers to
this as "Provable Device Identity", and section 2.3 details the
parties.
6. Technology users for RATS 6. Technology users for RATS
6.1. Trusted Computing Group (TCG) 6.1. Trusted Computing Group Remove Integrity Verification (TCG-RIV)
The TCG is trying to solve the problem of knowing if a networking The TCG RIV Reference Document addresses the problem of knowing if a
device should be part of a network, if it belongs to the operator, networking device should be part of a network, if it belongs to the
and if it is running appropriate software. The work covers most of operator, and if it is running appropriate software. The work covers
the use cases in Section 5.1. most of the use cases in Section 5.1.
This proposal is a work-in-progress, and is available to TCG members This proposal is available as
only. The goal is to be multi-vendor, scalable and extensible. The [I-D.fedorkow-rats-network-device-attestation]. The goal is to be
proposal intentionally limits itself to: multi-vendor, scalable and extensible. The proposal intentionally
limits itself to:
o "non-privacy-preserving applications (i.e., networking, Industrial o "non-privacy-preserving applications (i.e., networking, Industrial
IoT )", IoT )",
o the firmware is provided by the device manufacturer o the firmware is provided by the device manufacturer
o there is a manufacturer installed hardware root of trust (such as o there is a manufacturer installed hardware root of trust (such as
a TPM and boot room) a TPM and boot ROM)
Service providers and enterprises deploy hundreds of routers, many of Service providers and enterprises deploy hundreds of routers, many of
them in remote locations where they're difficult to access or secure. them in remote locations where they're difficult to access or secure.
The point of remote attestation is to: The point of remote attestation is to:
o identify a remote box in a way that's hard to spoof o identify a remote box in a way that's hard to spoof
o report the inventory of software was launched on the box in a way o report the inventory of software was launched on the box in a way
that can not be spoofed that cannot be spoofed, that is undetectably altered by a "Lying
Endpoint"
The use case described is to be able to monitor the authenticity of The use case described is to be able to monitor the authenticity of
software versions and configurations running on each device. This software versions and configurations running on each device. This
allows owners and auditors to detect deviation from approved software allows owners and auditors to detect deviation from approved software
and firmware versions and configurations, potentially identifying and firmware versions and configurations, potentially identifying
infected devices. [RFC5209] infected devices. [RFC5209]
Attestation may be performed by network management systems. Attestation may be performed by network management systems.
Networking Equipment is often highly interconnected, so it's also Networking Equipment is often highly interconnected, so it's also
possible that attestation could be performed by neighboring devices. possible that attestation could be performed by neighboring devices.
Specifically listed to be out of scope for the first generation Specifically listed to be out of scope for the first generation
includes: Linux processes, assemblies of hardware/software created by includes: Linux processes, composite assemblies of hardware/software
end-customers, and equipment that is sleepy. There is an intention created by end-customers, and equipment that uses Sleep or Hibernate
to cover some of these are topics in future versions of the modes. There is an intention to cover some of these are topics in
documents. future versions of the documents.
The TCG Attestation leverages the TPM to make a series of The TCG-RIV Attestation leverages the TPM to make a series of
measurements during the boot process, and to have the TPM sign those measurements during the boot process, and to have the TPM sign those
measurements. The resulting "PCG" hashes are then available to an measurements. The resulting "PCR" hashes are then available to an
external verifier. external verifier.
A critical component of the RIV is compatibility with existing TPM
practice for attestation proceedures, as spelled out in the TCG TAP
Informational Model [tapinfomodel] and TPM architecture
specifications [tpmarchspec].
The TCG uses the following terminology: The TCG uses the following terminology:
o Device Manufacturer o Device Manufacturer
o Attester ("device under attestation") o Attester ("device under attestation")
o Verifier (Network Management Station) o Verifier (Network Management Station)
o "Explicit Attestation" is the TCG term for a static (platform) o "Explicit Attestation" is the TCG term for a static (platform)
attestation attestation
skipping to change at page 11, line 45 skipping to change at page 20, line 4
o "Explicit Attestation" is the TCG term for a static (platform) o "Explicit Attestation" is the TCG term for a static (platform)
attestation attestation
o "Implicit Attestation" is the TCG term for a session attestation o "Implicit Attestation" is the TCG term for a session attestation
o Reference Integrity Measurements (RIM), which are signed my device o Reference Integrity Measurements (RIM), which are signed my device
manufacturer and integrated into firmware. manufacturer and integrated into firmware.
o Quotes: measured values (having been signed), and RIMs o Quotes: measured values (having been signed), and RIMs
o Reference Integrity Values (RIV) o Reference Integrity Values (RIV)
o devices have a Initial Attestation Key (IAK), which is provisioned o devices have a Initial Attestation Key (IAK), which is provisioned
at the same time as the IDevID [ieee802-1AR] at the same time as the IDevID [ieee802-1AR]
o PCR - Platform Configuration Registry (deals with hash chains) o PCR - Platform Configuration Registry (deals with hash chains)
The TCG document builds upon a number of IETF technologies: SNMP The TCG document builds upon a number of IETF technologies: SNMP
(Attestation MIB), YANG, XML, JSON, CBOR, NETCONF, RESTCONF, CoAP, (Attestation MIB), YANG, XML, JSON, CBOR, NETCONF, RESTCONF, CoAP,
TLS and SSH. The TCG document leverages the 802.1AR IDevID and TLS and SSH. The TCG document leverages the 802.1AR IDevID and
LDevID processes. LDevID processes.
6.2. Android Keystore system 6.2. Android Keystore system
[keystore] describes a system used in smart phones that run the [keystore] describes a system used in smart phones that run the
Android operation system. The system is primarily a software Android operation system. The system is primarily a software
container to contain and control access to cryptographic keys, and container to contain and control access to cryptographic keys, and
therefore provides many of the same functions that a hardware Trusted therefore provides many of the same functions that a hardware Trusted
Platform Module might provide. Platform Module might provide.
The uses described in section Section 5.6 are the primary focus. The uses described in section Section 5.7 are the primary focus.
On hardware which is supported, the Android Keystore will make use of On hardware which is supported, the Android Keystore will make use of
whatever trusted hardware is available, including use of a Trusted whatever trusted hardware is available, including use of a Trusted
Execution Environment (TEE) or Secure Element (SE). The Keystore Execution Environment (TEE) or Secure Element (SE). The Keystore
therefore abstracts the hardware, and guarantees to applications that therefore abstracts the hardware, and guarantees to applications that
the same APIs can be used on both more and less capable devices. the same APIs can be used on both more and less capable devices.
A great deal of focus from the Android Keystore seems to be on A great deal of focus from the Android Keystore seems to be on
providing fine-grained authorization of what keys can be used by providing fine-grained authorization of what keys can be used by
which applications. which applications.
skipping to change at page 13, line 7 skipping to change at page 21, line 15
integrity integrity
6.3. Fast IDentity Online (FIDO) Alliance 6.3. Fast IDentity Online (FIDO) Alliance
The FIDO Alliance [fido] has a number of specifications aimed The FIDO Alliance [fido] has a number of specifications aimed
primarily at eliminating the need for passwords for authentication to primarily at eliminating the need for passwords for authentication to
online services. The goal is to leverage asymmetric cryptographic online services. The goal is to leverage asymmetric cryptographic
operations in common browser and smart-phone platforms so that users operations in common browser and smart-phone platforms so that users
can easily authentication. can easily authentication.
The use cases of Section 5.6 are primary. The use cases of Section 5.7 are primary.
FIDO specifications extend to various hardware second factor FIDO specifications extend to various hardware second factor
authentication devices. authentication devices.
Terminology includes: Terminology includes:
o "relying party" validates a claim o "relying party" validates a claim
o "relying party application" makes FIDO Authn calls o "relying party application" makes FIDO Authn calls
skipping to change at page 14, line 21 skipping to change at page 23, line 5
Android Keystore attestations take the form of X.509 certificates. Android Keystore attestations take the form of X.509 certificates.
The examples below package the attestation certificate along with The examples below package the attestation certificate along with
intermediate CA certificates required to validate the attestation as intermediate CA certificates required to validate the attestation as
a certificates-only SignedData message [RFC5652]. The trust anchor a certificates-only SignedData message [RFC5652]. The trust anchor
is available here: [keystore_attestation]. is available here: [keystore_attestation].
The attestations below were generated using the generateKeyPair The attestations below were generated using the generateKeyPair
method from the DevicePolicyManager class using code similar to the method from the DevicePolicyManager class using code similar to the
following. following.
``` KeyGenParameterSpec.Builder builder = null; if(hasStrongBox) { KeyGenParameterSpec.Builder builder = null;
builder = new KeyGenParameterSpec.Builder( m_alias, if(hasStrongBox) {
KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY | builder = new KeyGenParameterSpec.Builder(
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT) m_alias,
.setKeySize(2048) .setDigests(KeyProperties.DIGEST_NONE, KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY | KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
KeyProperties.DIGEST_SHA256) .setKeySize(2048)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC, .setDigests(KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_SHA256)
KeyProperties.BLOCK_MODE_GCM) .setBlockModes(KeyProperties.BLOCK_MODE_CBC, KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1, .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1, KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
KeyProperties.ENCRYPTION_PADDING_RSA_OAEP) .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PSS, KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PSS, .setUserAuthenticationRequired(false)
KeyProperties.SIGNATURE_PADDING_RSA_PKCS1) .setIsStrongBoxBacked(true)
.setUserAuthenticationRequired(false) .setIsStrongBoxBacked(true) .setUnlockedDeviceRequired(true);
.setUnlockedDeviceRequired(true); } else { builder = new }
KeyGenParameterSpec.Builder( m_alias, KeyProperties.PURPOSE_SIGN | else {
KeyProperties.PURPOSE_VERIFY | KeyProperties.PURPOSE_ENCRYPT | builder = new KeyGenParameterSpec.Builder(
KeyProperties.PURPOSE_DECRYPT) .setKeySize(2048) m_alias,
.setDigests(KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_SHA256, KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY | KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512) .setKeySize(2048)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC, .setDigests(KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512)
KeyProperties.BLOCK_MODE_CTR,KeyProperties.BLOCK_MODE_GCM) .setBlockModes(KeyProperties.BLOCK_MODE_CBC, KeyProperties.BLOCK_MODE_CTR,KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1, .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1, KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
KeyProperties.ENCRYPTION_PADDING_RSA_OAEP) .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PSS, KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PSS, .setUserAuthenticationRequired(false)
KeyProperties.SIGNATURE_PADDING_RSA_PKCS1) .setIsStrongBoxBacked(false)
.setUserAuthenticationRequired(false) .setIsStrongBoxBacked(false) .setUnlockedDeviceRequired(true);
.setUnlockedDeviceRequired(true); } }
builder.setAttestationChallenge(challenge_bytes); builder.setAttestationChallenge(challenge_bytes);
KeyGenParameterSpec keySpec = builder.build(); AttestedKeyPair akp = KeyGenParameterSpec keySpec = builder.build();
dpm.generateKeyPair(componentName, algorithm, keySpec, AttestedKeyPair akp = dpm.generateKeyPair(componentName, algorithm, keySpec, idAttestationFlags);
idAttestationFlags);
```
7.1.1. TEE 7.1.1. TEE
Annotations included below are delimited by ASN.1 comments, i.e., -. Annotations included below are delimited by ASN.1 comments, i.e., -.
Annotations should be consistent with structures described here: Annotations should be consistent with structures described here:
[keystore_attestation]. [keystore_attestation].
"0 1172: SEQUENCE { 4 764: SEQUENCE { 8 3: [0] { 10 1: INTEGER 2 : } 0 1172: SEQUENCE {
13 1: INTEGER 1 16 13: SEQUENCE { 18 9: OBJECT IDENTIFIER : 4 764: SEQUENCE {
sha256WithRSAEncryption (1 2 840 113549 1 1 11) 29 0: NULL : } 31 27: 8 3: [0] {
SEQUENCE { 33 25: SET { 35 23: SEQUENCE { 37 3: OBJECT IDENTIFIER 10 1: INTEGER 2
serialNumber (2 5 4 5) 42 16: PrintableString 'c6047571d8f0d17c' : } : }
: } : } 60 32: SEQUENCE { 62 13: UTCTime 01/01/1970 00:00:00 GMT 77 13 1: INTEGER 1
15: GeneralizedTime 07/02/2106 06:28:15 GMT : } 94 31: SEQUENCE { 96 16 13: SEQUENCE {
29: SET { 98 27: SEQUENCE { 100 3: OBJECT IDENTIFIER commonName (2 5 18 9: OBJECT IDENTIFIER
4 3) 105 20: UTF8String 'Android Keystore Key' : } : } : } 127 290: : sha256WithRSAEncryption (1 2 840 113549 1 1 11)
SEQUENCE { 131 13: SEQUENCE { 133 9: OBJECT IDENTIFIER rsaEncryption
(1 2 840 113549 1 1 1) 144 0: NULL : } 146 271: BIT STRING,
encapsulates { 151 266: SEQUENCE { 155 257: INTEGER : 00 B5 3A 83 61
A2 85 CC D2 D6 25 7F 07 0B B4 A0 : F6 FE 05 01 C9 55 CB 0D 18 D2 C6
79 BA 82 12 67 : 75 8D 5B F3 24 D3 F8 EA 99 82 7D 1F 5E CD 77 D6 : 99
11 13 FF 18 C9 3D 4D 01 C5 8E E9 04 E7 17 E2 : 88 12 2B B9 A1 77 2F
C2 4F 57 78 98 4E E3 DE 7A : 1B 18 BE D3 ED C9 59 A0 24 50 E1 FA AC
81 B6 DA : 80 B0 BD 48 AD 26 9C 4A 4E CE 54 17 58 C1 F4 F8 : 7F 3C 5D
8F C8 2C 2A 7B 18 95 B3 D4 E0 3A C8 9D : [ Another 129 bytes skipped
] 416 3: INTEGER 65537 : } : } : } 421 347: [3] { 425 343: SEQUENCE {
429 14: SEQUENCE { 431 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 436
1: BOOLEAN TRUE 439 4: OCTET STRING, encapsulates { 441 2: BIT STRING
4 unused bits : '1100'B : } : } 445 323: SEQUENCE { 449 10: OBJECT
IDENTIFIER '1 3 6 1 4 1 11129 2 1 17' 461 307: OCTET STRING,
encapsulates { -- Attestation Extension 465 303: SEQUENCE { --
KeyDescription 469 1: INTEGER 2 -- attestationVersion (KM3) 472 1:
ENUMERATED 1 -- attestationSecurityLevel (TrustedEnv.) 475 1: INTEGER
3 -- keymasterVersion 478 1: ENUMERATED 1 -- keymasterSecurityLevel
(TrustedEnv.) 481 9: OCTET STRING 'challenge' -- attestationChallenge
492 0: OCTET STRING -- reserved : Error: Object has zero length. 494
44: SEQUENCE { -- softwareEnforced 496 8: [701] { -- creationDateTime
500 6: INTEGER 01 64 47 2A 4B 64 : } 508 28: [709] { --
attestationApplicationId 512 26: OCTET STRING, encapsulates { 514 24:
SEQUENCE { -- AttestationApplicationId 516 20: SET { -- package_infos
518 18: SEQUENCE { -- AttestationPackageInfo 520 13: OCTET STRING
'AndroidSystem' -- package_name 535 1: INTEGER 1 -- version : } : }
538 0: SET {} -- signature_digests : } : } : } : } 540 229: SEQUENCE
{ -- hardwareEnforced 543 14: [1] { -- purpose 545 12: SET { 547 1:
INTEGER 0 -- KeyPurpose.ENCRYPT 550 1: INTEGER 1 --
KeyPurpose.DECRYPT 553 1: INTEGER 2 -- KeyPurpose.SIGN 556 1: INTEGER
3 -- KeyPurpose.VERIFY : } : } 559 3: [2] { -- algorithm 561 1:
INTEGER 1 -- Algorithm.RSA : } 564 4: [3] { -- keySize 566 2: INTEGER 29 0: NULL
2048 : } 570 11: [5] { -- digest 572 9: SET { 574 1: INTEGER 4 -- : }
Digest.SHA256 577 1: INTEGER 5 -- Digest.SHA384 580 1: INTEGER 6 -- 31 27: SEQUENCE {
Digest.SHA512 : } : } 583 14: [6] { -- padding 585 12: SET { 587 1: 33 25: SET {
INTEGER 4 -- PaddingMode.RSA_PKCS1_1_5_ENCRYPT 590 1: INTEGER 2 -- 35 23: SEQUENCE {
PaddingMode.RSA_OAEP 593 1: INTEGER 3 -- 37 3: OBJECT IDENTIFIER serialNumber (2 5 4 5)
PaddingMode.RSA_PKCS1_1_5_SIGN 596 1: INTEGER 5 -- 42 16: PrintableString 'c6047571d8f0d17c'
PaddingMode.RSA_PSS : } : } 599 5: [200] { -- rsaPublicExponent 603 : }
3: INTEGER 65537 : } 608 2: [503] { -- noAuthRequired 612 0: NULL -- : }
documentation indicates this is a Boolean : } 614 3: [702] { -- : }
origin 618 1: INTEGER 0 -- KeyOrigin.GENERATED : } 621 2: [703] { -- 60 32: SEQUENCE {
rollbackResistant 625 0: NULL -- documentation indicates this is a 62 13: UTCTime 01/01/1970 00:00:00 GMT
Boolean : } 627 42: [704] { -- rootOfTrust 631 40: SEQUENCE { -- 77 15: GeneralizedTime 07/02/2106 06:28:15 GMT
verifiedBootKey 633 32: OCTET STRING : 19 62 B0 53 85 79 FF CE 9A C9 : }
F5 07 C4 6A FE 3B : 92 05 5B AC 71 46 46 22 83 C8 5C 50 0B E7 8D 82 94 31: SEQUENCE {
667 1: BOOLEAN TRUE -- deviceLocked 670 1: ENUMERATED 0 -- 96 29: SET {
verifiedBootState (verified) : } : } 673 5: [705] { -- osVersion 677 98 27: SEQUENCE {
3: INTEGER 90000 -- Android P : } 682 5: [706] { -- osPatchLevel 686 100 3: OBJECT IDENTIFIER commonName (2 5 4 3)
3: INTEGER 201806 -- June 2018 : } 691 8: [710] { -- 105 20: UTF8String 'Android Keystore Key'
attestationIdBrand 695 6: OCTET STRING 'google' : } 703 9: [711] { -- : }
attestationIdDevice 707 7: OCTET STRING 'walleye' : } 716 9: [712] { : }
-- attestationIdProduct 720 7: OCTET STRING 'walleye' : } 729 14: : }
[713] { -- attestationIdSerial 733 12: OCTET STRING 'HT83K1A03849' : 127 290: SEQUENCE {
} 747 8: [716] { -- attestationIdManufacturer 751 6: OCTET STRING 131 13: SEQUENCE {
'Google' : } 759 9: [717] { -- attestationIdModel 763 7: OCTET STRING 133 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
'Pixel 2' : } : } : } : } : } : } : } : } 772 13: SEQUENCE { 774 9: 144 0: NULL
OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840 113549 1 1 11) 785 : }
0: NULL : } 787 385: BIT STRING : 05 41 B9 13 11 53 93 A2 02 62 1F 15 146 271: BIT STRING, encapsulates {
35 8E D9 7C : A1 D5 2E ED 13 AC 24 26 B2 A1 2F EE B4 0C 4D 71 : DC 9F 151 266: SEQUENCE {
55 EC A1 F6 64 62 F2 73 A8 7E FC 48 63 29 : 1E F5 0D 48 F3 73 43 0C 155 257: INTEGER
00 E0 D4 07 86 A6 A4 38 : 0E A8 47 0F 27 01 01 31 52 F6 62 8A 4B 80 : 00 B5 3A 83 61 A2 85 CC D2 D6 25 7F 07 0B B4 A0
BE 72 : FB 02 E7 56 84 CA CA 4D C3 6C 7C B2 BA C7 D7 9B : C5 9D 90 65 : F6 FE 05 01 C9 55 CB 0D 18 D2 C6 79 BA 82 12 67
4E F5 54 8F 25 CC 11 7F 8E 77 10 6A : 6E 9F 80 89 48 8B 1D 51 AA 3B : 75 8D 5B F3 24 D3 F8 EA 99 82 7D 1F 5E CD 77 D6
B7 C5 24 3C 28 B1 : [ Another 256 bytes skipped ] : } 0 1304: : 99 11 13 FF 18 C9 3D 4D 01 C5 8E E9 04 E7 17 E2
SEQUENCE { 4 768: SEQUENCE { 8 3: [0] { 10 1: INTEGER 2 : } 13 10: : 88 12 2B B9 A1 77 2F C2 4F 57 78 98 4E E3 DE 7A
INTEGER 10 34 53 32 94 08 68 79 38 72 25 13: SEQUENCE { 27 9: OBJECT : 1B 18 BE D3 ED C9 59 A0 24 50 E1 FA AC 81 B6 DA
IDENTIFIER : sha256WithRSAEncryption (1 2 840 113549 1 1 11) 38 0: : 80 B0 BD 48 AD 26 9C 4A 4E CE 54 17 58 C1 F4 F8
NULL : } 40 27: SEQUENCE { 42 25: SET { 44 23: SEQUENCE { 46 3: : 7F 3C 5D 8F C8 2C 2A 7B 18 95 B3 D4 E0 3A C8 9D
OBJECT IDENTIFIER serialNumber (2 5 4 5) 51 16: PrintableString : [ Another 129 bytes skipped ]
'87f4514475ba0a2b' : } : } : } 69 30: SEQUENCE { 71 13: UTCTime 416 3: INTEGER 65537
26/05/2016 17:14:51 GMT 86 13: UTCTime 24/05/2026 17:14:51 GMT : } : }
101 27: SEQUENCE { 103 25: SET { 105 23: SEQUENCE { 107 3: OBJECT : }
IDENTIFIER serialNumber (2 5 4 5) 112 16: PrintableString : }
'c6047571d8f0d17c' : } : } : } 130 418: SEQUENCE { 134 13: SEQUENCE { 421 347: [3] {
136 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) 147 0: 425 343: SEQUENCE {
NULL : } 149 399: BIT STRING, encapsulates { 154 394: SEQUENCE { 158 429 14: SEQUENCE {
385: INTEGER : 00 B3 01 0D 78 BC 06 33 25 CA D6 A7 2C EF 49 05 : 4C 431 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
C1 77 36 F2 E5 7B E8 4C 0A 87 8F 77 6A 09 45 : 9B AC E8 72 DA E2 0E 436 1: BOOLEAN TRUE
20 3D 68 30 A5 86 26 14 77 : AD 7E 93 F5 1D 38 A9 DB 5B FE B2 B8 1A 439 4: OCTET STRING, encapsulates {
7B CD 22 : 3B 17 98 FC 1F 4F 77 2D 92 E9 DE 5F 6B 02 09 4E : 99 86 53 441 2: BIT STRING 4 unused bits
98 1C 5E 23 B6 A4 61 53 A5 FB D1 37 09 : DB C0 0A 40 E9 28 E6 BE E2 : '1100'B
8E 57 94 A9 F2 13 3A : 11 40 D2 34 99 A6 B4 F3 99 F2 5D 4A 5D 6A 6C : }
4B : [ Another 257 bytes skipped ] 547 3: INTEGER 65537 : } : } : } : }
552 221: [3] { 555 218: SEQUENCE { 558 29: SEQUENCE { 560 3: OBJECT 445 323: SEQUENCE {
IDENTIFIER subjectKeyIdentifier (2 5 29 14) 565 22: OCTET STRING, 449 10: OBJECT IDENTIFIER '1 3 6 1 4 1 11129 2 1 17'
encapsulates { 567 20: OCTET STRING : 7B 7B F8 43 CA 1F 0F 96 27 0F 461 307: OCTET STRING, encapsulates { -- Attestation Extension
10 6F 7D 0C 23 14 : 72 8F 1D 80 : } : } 589 31: SEQUENCE { 591 3: 465 303: SEQUENCE { -- KeyDescription
OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35) 596 24: OCTET 469 1: INTEGER 2 -- attestationVersion (KM3)
STRING, encapsulates { 598 22: SEQUENCE { 600 20: [0] : 0E 55 6F 46 472 1: ENUMERATED 1 -- attestationSecurityLevel (TrustedEnv.)
F5 3B 77 67 E1 B9 73 DC 55 E6 AE EA : B4 FD 27 DD : } : } : } 622 12: 475 1: INTEGER 3 -- keymasterVersion
SEQUENCE { 624 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 629 478 1: ENUMERATED 1 -- keymasterSecurityLevel (TrustedEnv.)
1: BOOLEAN TRUE 632 2: OCTET STRING, encapsulates { 634 0: SEQUENCE 481 9: OCTET STRING 'challenge' -- attestationChallenge
{} : } : } 636 14: SEQUENCE { 638 3: OBJECT IDENTIFIER keyUsage (2 5 492 0: OCTET STRING -- reserved
29 15) 643 1: BOOLEAN TRUE 646 4: OCTET STRING, encapsulates { 648 2: : Error: Object has zero length.
BIT STRING 7 unused bits : '1'B (bit 0) : } : } 652 36: SEQUENCE { 494 44: SEQUENCE { -- softwareEnforced
654 3: OBJECT IDENTIFIER nameConstraints (2 5 29 30) 659 29: OCTET 496 8: [701] { -- creationDateTime
STRING, encapsulates { 661 27: SEQUENCE { 663 25: [0] { 665 23: 500 6: INTEGER 01 64 47 2A 4B 64
SEQUENCE { 667 21: [2] 'invalid;email:invalid' : } : } : } : } : } : }
690 84: SEQUENCE { 692 3: OBJECT IDENTIFIER cRLDistributionPoints (2 508 28: [709] { -- attestationApplicationId
5 29 31) 697 77: OCTET STRING, encapsulates { 699 75: SEQUENCE { 701 512 26: OCTET STRING, encapsulates {
73: SEQUENCE { 703 71: [0] { 705 69: [0] { 707 67: [6] : 514 24: SEQUENCE { -- AttestationApplicationId
'https://android.googleapis.com/attestation/crl/1' : 516 20: SET { -- package_infos
'0345332940868793872' : } : } : } : } : } : } : } : } : } 776 13: 518 18: SEQUENCE { -- AttestationPackageInfo
SEQUENCE { 778 9: OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840 520 13: OCTET STRING 'AndroidSystem' -- package_name
113549 1 1 11) 789 0: NULL : } 791 513: BIT STRING : 69 13 A7 56 B3 535 1: INTEGER 1 -- version
9F E1 2B CE A2 09 89 E5 DC 03 B4 : B6 FF F6 1E 96 C7 62 C2 31 D1 B3 : }
D6 1A 9E 36 CF : C2 FC 0E 06 FA 0E CF B5 2D F8 19 D6 13 96 0B 56 : B0 : }
EE 86 3B B1 B8 38 70 4E 57 EB D9 60 DC 58 74 : FE C8 EB A5 78 9F B7 538 0: SET {} -- signature_digests
19 5C F0 80 CF 29 16 6B 04 : 3A 5D 7C 2E 5F 11 12 36 BE 46 29 45 04 : }
41 8F B5 : AB C6 31 5F 23 28 0C F2 7C 48 4A F6 43 AA 50 D0 : 53 96 1E : }
AD 7C A3 89 96 BB 8B BF 2D 9A 0C 16 35 : [ Another 384 bytes skipped : }
] : } 0 1393: SEQUENCE { 4 857: SEQUENCE { 8 3: [0] { 10 1: INTEGER 2 : }
: } 13 10: INTEGER 03 88 26 67 60 65 89 96 85 74 25 13: SEQUENCE { 27 540 229: SEQUENCE { -- hardwareEnforced
9: OBJECT IDENTIFIER : sha256WithRSAEncryption (1 2 840 113549 1 1 543 14: [1] { -- purpose
11) 38 0: NULL : } 40 27: SEQUENCE { 42 25: SET { 44 23: SEQUENCE { 545 12: SET {
46 3: OBJECT IDENTIFIER serialNumber (2 5 4 5) 51 16: PrintableString 547 1: INTEGER 0 -- KeyPurpose.ENCRYPT
'f92009e853b6b045' : } : } : } 69 30: SEQUENCE { 71 13: UTCTime 550 1: INTEGER 1 -- KeyPurpose.DECRYPT
26/05/2016 17:01:32 GMT 86 13: UTCTime 24/05/2026 17:01:32 GMT : } 553 1: INTEGER 2 -- KeyPurpose.SIGN
101 27: SEQUENCE { 103 25: SET { 105 23: SEQUENCE { 107 3: OBJECT 556 1: INTEGER 3 -- KeyPurpose.VERIFY
IDENTIFIER serialNumber (2 5 4 5) 112 16: PrintableString : }
'87f4514475ba0a2b' : } : } : } 130 546: SEQUENCE { 134 13: SEQUENCE { : }
136 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) 147 0: 559 3: [2] { -- algorithm
NULL : } 149 527: BIT STRING, encapsulates { 154 522: SEQUENCE { 158 561 1: INTEGER 1 -- Algorithm.RSA
513: INTEGER : 00 D2 60 D6 45 85 E3 E2 23 79 5A DA 45 57 A7 D8 : 5B : }
AF BD 9A 37 CB FA 97 C0 65 44 9D 3A C6 47 F6 : 0D 0B A2 74 12 CA F7 564 4: [3] { -- keySize
4B B9 5F FB B4 EC 5A 2B D0 : 16 01 DE BE E2 FE D2 76 0D 75 C4 B1 6A 566 2: INTEGER 2048
CB 3A 67 : 07 21 E0 D5 19 68 C8 1B 01 A2 24 02 FE AD 40 D6 : A7 98 16 : }
0F A2 98 2E A7 AD 75 34 84 6F F8 CF 8A : A1 0E 90 33 40 9E D0 86 26 570 11: [5] { -- digest
57 71 CE FF CF 52 E1 : F0 F9 2B 7E 68 62 03 D8 FD FD 02 53 03 19 AC 572 9: SET {
28 : [ Another 385 bytes skipped ] 675 3: INTEGER 65537 : } : } : } 574 1: INTEGER 4 -- Digest.SHA256
680 182: [3] { 683 179: SEQUENCE { 686 29: SEQUENCE { 688 3: OBJECT 577 1: INTEGER 5 -- Digest.SHA384
IDENTIFIER subjectKeyIdentifier (2 5 29 14) 693 22: OCTET STRING, 580 1: INTEGER 6 -- Digest.SHA512
encapsulates { 695 20: OCTET STRING : 0E 55 6F 46 F5 3B 77 67 E1 B9 : }
73 DC 55 E6 AE EA : B4 FD 27 DD : } : } 717 31: SEQUENCE { 719 3: : }
OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35) 724 24: OCTET 583 14: [6] { -- padding
STRING, encapsulates { 726 22: SEQUENCE { 728 20: [0] : 36 61 E1 00 585 12: SET {
7C 88 05 09 51 8B 44 6C 47 FF 1A 4C : C9 EA 4F 12 : } : } : } 750 15: 587 1: INTEGER 4 -- PaddingMode.RSA_PKCS1_1_5_ENCRYPT
SEQUENCE { 752 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 757 590 1: INTEGER 2 -- PaddingMode.RSA_OAEP
1: BOOLEAN TRUE 760 5: OCTET STRING, encapsulates { 762 3: SEQUENCE { 593 1: INTEGER 3 -- PaddingMode.RSA_PKCS1_1_5_SIGN
764 1: BOOLEAN TRUE : } : } : } 767 14: SEQUENCE { 769 3: OBJECT 596 1: INTEGER 5 -- PaddingMode.RSA_PSS
IDENTIFIER keyUsage (2 5 29 15) 774 1: BOOLEAN TRUE 777 4: OCTET : }
STRING, encapsulates { 779 2: BIT STRING 1 unused bit : '1100001'B : : }
} : } 783 80: SEQUENCE { 785 3: OBJECT IDENTIFIER 599 5: [200] { -- rsaPublicExponent
cRLDistributionPoints (2 5 29 31) 790 73: OCTET STRING, encapsulates 603 3: INTEGER 65537
{ 792 71: SEQUENCE { 794 69: SEQUENCE { 796 67: [0] { 798 65: [0] { : }
800 63: [6] : 'https://android.googleapis.com/attestation/crl/E' : 608 2: [503] { -- noAuthRequired
'8FA196314D2FA18' : } : } : } : } : } : } : } : } : } 865 13: 612 0: NULL -- documentation indicates this is a Boolean
SEQUENCE { 867 9: OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840 : }
113549 1 1 11) 878 0: NULL : } 880 513: BIT STRING : 0E 0D 71 4A 88 614 3: [702] { -- origin
0A 58 53 B6 31 14 7D DA 22 31 C6 : 06 D6 EF 3B 22 4D D7 A5 C0 3F BF 618 1: INTEGER 0 -- KeyOrigin.GENERATED
C6 B4 64 A3 FB : 92 C2 CC 67 F4 6C 24 25 49 6E F6 CB 08 D6 A8 0D : 94 : }
06 7F 8C 8C 3C B1 77 CD C2 3F C7 5E A3 85 6D : F7 A5 94 13 CD 5A 5C 621 2: [703] { -- rollbackResistant
F3 9B 0A 0D E1 82 42 F4 C9 : 3F AD FC FB 7C AA 27 04 CC 1C 12 45 15 625 0: NULL -- documentation indicates this is a Boolean
EB E6 70 : A0 6C DE 77 77 54 9B 1F 02 05 76 03 A4 FC 6C 07 : F4 CB BB : }
59 F5 CB ED 58 D8 30 9B 6E 3C F7 76 C1 : [ Another 384 bytes skipped 627 42: [704] { -- rootOfTrust
] : } 0 1376: SEQUENCE { 4 840: SEQUENCE { 8 3: [0] { 10 1: INTEGER 2 631 40: SEQUENCE { -- verifiedBootKey
: } 13 9: INTEGER 00 E8 FA 19 63 14 D2 FA 18 24 13: SEQUENCE { 26 9: 633 32: OCTET STRING
OBJECT IDENTIFIER : sha256WithRSAEncryption (1 2 840 113549 1 1 11) : 19 62 B0 53 85 79 FF CE 9A C9 F5 07 C4 6A FE 3B
37 0: NULL : } 39 27: SEQUENCE { 41 25: SET { 43 23: SEQUENCE { 45 3: : 92 05 5B AC 71 46 46 22 83 C8 5C 50 0B E7 8D 82
OBJECT IDENTIFIER serialNumber (2 5 4 5) 50 16: PrintableString 667 1: BOOLEAN TRUE -- deviceLocked
'f92009e853b6b045' : } : } : } 68 30: SEQUENCE { 70 13: UTCTime 670 1: ENUMERATED 0 -- verifiedBootState (verified)
26/05/2016 16:28:52 GMT 85 13: UTCTime 24/05/2026 16:28:52 GMT : } : }
100 27: SEQUENCE { 102 25: SET { 104 23: SEQUENCE { 106 3: OBJECT : }
IDENTIFIER serialNumber (2 5 4 5) 111 16: PrintableString 673 5: [705] { -- osVersion
'f92009e853b6b045' : } : } : } 129 546: SEQUENCE { 133 13: SEQUENCE { 677 3: INTEGER 90000 -- Android P
135 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) 146 0: : }
NULL : } 148 527: BIT STRING, encapsulates { 153 522: SEQUENCE { 157 682 5: [706] { -- osPatchLevel
513: INTEGER : 00 AF B6 C7 82 2B B1 A7 01 EC 2B B4 2E 8B CC 54 : 16 686 3: INTEGER 201806 -- June 2018
63 AB EF 98 2F 32 C7 7F 75 31 03 0C 97 52 4B : 1B 5F E8 09 FB C7 2A : }
A9 45 1F 74 3C BD 9A 6F 13 : 35 74 4A A5 5E 77 F6 B6 AC 35 35 EE 17 691 8: [710] { -- attestationIdBrand
C2 5E 63 : 95 17 DD 9C 92 E6 37 4A 53 CB FE 25 8F 8F FB B6 : FD 12 93 695 6: OCTET STRING 'google'
78 A2 2A 4C A9 9C 45 2D 47 A5 9F 32 01 : F4 41 97 CA 1C CD 7E 76 2F : }
B2 F5 31 51 B6 FE B2 : FF FD 2B 6F E4 FE 5B C6 BD 9E C3 4B FE 08 23 703 9: [711] { -- attestationIdDevice
9D : [ Another 385 bytes skipped ] 674 3: INTEGER 65537 : } : } : } 707 7: OCTET STRING 'walleye'
679 166: [3] { 682 163: SEQUENCE { 685 29: SEQUENCE { 687 3: OBJECT : }
IDENTIFIER subjectKeyIdentifier (2 5 29 14) 692 22: OCTET STRING, 716 9: [712] { -- attestationIdProduct
encapsulates { 694 20: OCTET STRING : 36 61 E1 00 7C 88 05 09 51 8B 720 7: OCTET STRING 'walleye'
44 6C 47 FF 1A 4C : C9 EA 4F 12 : } : } 716 31: SEQUENCE { 718 3: : }
OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35) 723 24: OCTET 729 14: [713] { -- attestationIdSerial
STRING, encapsulates { 725 22: SEQUENCE { 727 20: [0] : 36 61 E1 00 733 12: OCTET STRING 'HT83K1A03849'
7C 88 05 09 51 8B 44 6C 47 FF 1A 4C : C9 EA 4F 12 : } : } : } 749 15: : }
SEQUENCE { 751 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 756 747 8: [716] { -- attestationIdManufacturer
1: BOOLEAN TRUE 759 5: OCTET STRING, encapsulates { 761 3: SEQUENCE { 751 6: OCTET STRING 'Google'
763 1: BOOLEAN TRUE : } : } : } 766 14: SEQUENCE { 768 3: OBJECT : }
IDENTIFIER keyUsage (2 5 29 15) 773 1: BOOLEAN TRUE 776 4: OCTET 759 9: [717] { -- attestationIdModel
STRING, encapsulates { 778 2: BIT STRING 1 unused bit : '1100001'B : 763 7: OCTET STRING 'Pixel 2'
} : } 782 64: SEQUENCE { 784 3: OBJECT IDENTIFIER : }
cRLDistributionPoints (2 5 29 31) 789 57: OCTET STRING, encapsulates : }
{ 791 55: SEQUENCE { 793 53: SEQUENCE { 795 51: [0] { 797 49: [0] { : }
799 47: [6] : 'https://android.googleapis.com/attestation/crl/' : } : : }
} : } : } : } : } : } : } : } 848 13: SEQUENCE { 850 9: OBJECT : }
IDENTIFIER sha256WithRSAEncryption (1 2 840 113549 1 1 11) 861 0: : }
NULL : } 863 513: BIT STRING : 20 C8 C3 8D 4B DC A9 57 1B 46 8C 89 2F : }
FF 72 AA : C6 F8 44 A1 1D 41 A8 F0 73 6C C3 7D 16 D6 42 6D : 8E 7E 94 : }
07 04 4C EA 39 E6 8B 07 C1 3D BF 15 03 : DD 5C 85 BD AF B2 C0 2D 5F 772 13: SEQUENCE {
6C DB 4E FA 81 27 DF : 8B 04 F1 82 77 0F C4 E7 74 5B 7F CE AA 87 12 774 9: OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840 113549 1 1 11)
9A : 88 01 CE 8E 9B C0 CB 96 37 9B 4D 26 A8 2D 30 FD : 9C 2F 8E ED 6D 785 0: NULL
C1 BE 2F 84 B6 89 E4 D9 14 25 8B : 14 4B BA E6 24 A1 C7 06 71 13 2E : }
2F 06 16 A8 84 : [ Another 384 bytes skipped ] : } " 787 385: BIT STRING
: 05 41 B9 13 11 53 93 A2 02 62 1F 15 35 8E D9 7C
: A1 D5 2E ED 13 AC 24 26 B2 A1 2F EE B4 0C 4D 71
: DC 9F 55 EC A1 F6 64 62 F2 73 A8 7E FC 48 63 29
: 1E F5 0D 48 F3 73 43 0C 00 E0 D4 07 86 A6 A4 38
: 0E A8 47 0F 27 01 01 31 52 F6 62 8A 4B 80 BE 72
: FB 02 E7 56 84 CA CA 4D C3 6C 7C B2 BA C7 D7 9B
: C5 9D 90 65 4E F5 54 8F 25 CC 11 7F 8E 77 10 6A
: 6E 9F 80 89 48 8B 1D 51 AA 3B B7 C5 24 3C 28 B1
: [ Another 256 bytes skipped ]
: }
0 1304: SEQUENCE {
4 768: SEQUENCE {
8 3: [0] {
10 1: INTEGER 2
: }
13 10: INTEGER 10 34 53 32 94 08 68 79 38 72
25 13: SEQUENCE {
27 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
38 0: NULL
: }
40 27: SEQUENCE {
42 25: SET {
44 23: SEQUENCE {
46 3: OBJECT IDENTIFIER serialNumber (2 5 4 5)
51 16: PrintableString '87f4514475ba0a2b'
: }
: }
: }
69 30: SEQUENCE {
71 13: UTCTime 26/05/2016 17:14:51 GMT
86 13: UTCTime 24/05/2026 17:14:51 GMT
: }
101 27: SEQUENCE {
103 25: SET {
105 23: SEQUENCE {
107 3: OBJECT IDENTIFIER serialNumber (2 5 4 5)
112 16: PrintableString 'c6047571d8f0d17c'
: }
: }
: }
130 418: SEQUENCE {
134 13: SEQUENCE {
136 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
147 0: NULL
: }
149 399: BIT STRING, encapsulates {
154 394: SEQUENCE {
158 385: INTEGER
: 00 B3 01 0D 78 BC 06 33 25 CA D6 A7 2C EF 49 05
: 4C C1 77 36 F2 E5 7B E8 4C 0A 87 8F 77 6A 09 45
: 9B AC E8 72 DA E2 0E 20 3D 68 30 A5 86 26 14 77
: AD 7E 93 F5 1D 38 A9 DB 5B FE B2 B8 1A 7B CD 22
: 3B 17 98 FC 1F 4F 77 2D 92 E9 DE 5F 6B 02 09 4E
: 99 86 53 98 1C 5E 23 B6 A4 61 53 A5 FB D1 37 09
: DB C0 0A 40 E9 28 E6 BE E2 8E 57 94 A9 F2 13 3A
: 11 40 D2 34 99 A6 B4 F3 99 F2 5D 4A 5D 6A 6C 4B
: [ Another 257 bytes skipped ]
547 3: INTEGER 65537
: }
: }
: }
552 221: [3] {
555 218: SEQUENCE {
558 29: SEQUENCE {
560 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
565 22: OCTET STRING, encapsulates {
567 20: OCTET STRING
: 7B 7B F8 43 CA 1F 0F 96 27 0F 10 6F 7D 0C 23 14
: 72 8F 1D 80
: }
: }
589 31: SEQUENCE {
591 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
596 24: OCTET STRING, encapsulates {
598 22: SEQUENCE {
600 20: [0]
: 0E 55 6F 46 F5 3B 77 67 E1 B9 73 DC 55 E6 AE EA
: B4 FD 27 DD
: }
: }
: }
622 12: SEQUENCE {
624 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
629 1: BOOLEAN TRUE
632 2: OCTET STRING, encapsulates {
634 0: SEQUENCE {}
: }
: }
636 14: SEQUENCE {
638 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
643 1: BOOLEAN TRUE
646 4: OCTET STRING, encapsulates {
648 2: BIT STRING 7 unused bits
: '1'B (bit 0)
: }
: }
652 36: SEQUENCE {
654 3: OBJECT IDENTIFIER nameConstraints (2 5 29 30)
659 29: OCTET STRING, encapsulates {
661 27: SEQUENCE {
663 25: [0] {
665 23: SEQUENCE {
667 21: [2] 'invalid;email:invalid'
: }
: }
: }
: }
: }
690 84: SEQUENCE {
692 3: OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
697 77: OCTET STRING, encapsulates {
699 75: SEQUENCE {
701 73: SEQUENCE {
703 71: [0] {
705 69: [0] {
707 67: [6]
: 'https://android.googleapis.com/attestation/crl/1'
: '0345332940868793872'
: }
: }
: }
: }
: }
: }
: }
: }
: }
776 13: SEQUENCE {
778 9: OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840 113549 1 1 11)
789 0: NULL
: }
791 513: BIT STRING
: 69 13 A7 56 B3 9F E1 2B CE A2 09 89 E5 DC 03 B4
: B6 FF F6 1E 96 C7 62 C2 31 D1 B3 D6 1A 9E 36 CF
: C2 FC 0E 06 FA 0E CF B5 2D F8 19 D6 13 96 0B 56
: B0 EE 86 3B B1 B8 38 70 4E 57 EB D9 60 DC 58 74
: FE C8 EB A5 78 9F B7 19 5C F0 80 CF 29 16 6B 04
: 3A 5D 7C 2E 5F 11 12 36 BE 46 29 45 04 41 8F B5
: AB C6 31 5F 23 28 0C F2 7C 48 4A F6 43 AA 50 D0
: 53 96 1E AD 7C A3 89 96 BB 8B BF 2D 9A 0C 16 35
: [ Another 384 bytes skipped ]
: }
0 1393: SEQUENCE {
4 857: SEQUENCE {
8 3: [0] {
10 1: INTEGER 2
: }
13 10: INTEGER 03 88 26 67 60 65 89 96 85 74
25 13: SEQUENCE {
27 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
38 0: NULL
: }
40 27: SEQUENCE {
42 25: SET {
44 23: SEQUENCE {
46 3: OBJECT IDENTIFIER serialNumber (2 5 4 5)
51 16: PrintableString 'f92009e853b6b045'
: }
: }
: }
69 30: SEQUENCE {
71 13: UTCTime 26/05/2016 17:01:32 GMT
86 13: UTCTime 24/05/2026 17:01:32 GMT
: }
101 27: SEQUENCE {
103 25: SET {
105 23: SEQUENCE {
107 3: OBJECT IDENTIFIER serialNumber (2 5 4 5)
112 16: PrintableString '87f4514475ba0a2b'
: }
: }
: }
130 546: SEQUENCE {
134 13: SEQUENCE {
136 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
147 0: NULL
: }
149 527: BIT STRING, encapsulates {
154 522: SEQUENCE {
158 513: INTEGER
: 00 D2 60 D6 45 85 E3 E2 23 79 5A DA 45 57 A7 D8
: 5B AF BD 9A 37 CB FA 97 C0 65 44 9D 3A C6 47 F6
: 0D 0B A2 74 12 CA F7 4B B9 5F FB B4 EC 5A 2B D0
: 16 01 DE BE E2 FE D2 76 0D 75 C4 B1 6A CB 3A 67
: 07 21 E0 D5 19 68 C8 1B 01 A2 24 02 FE AD 40 D6
: A7 98 16 0F A2 98 2E A7 AD 75 34 84 6F F8 CF 8A
: A1 0E 90 33 40 9E D0 86 26 57 71 CE FF CF 52 E1
: F0 F9 2B 7E 68 62 03 D8 FD FD 02 53 03 19 AC 28
: [ Another 385 bytes skipped ]
675 3: INTEGER 65537
: }
: }
: }
680 182: [3] {
683 179: SEQUENCE {
686 29: SEQUENCE {
688 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
693 22: OCTET STRING, encapsulates {
695 20: OCTET STRING
: 0E 55 6F 46 F5 3B 77 67 E1 B9 73 DC 55 E6 AE EA
: B4 FD 27 DD
: }
: }
717 31: SEQUENCE {
719 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
724 24: OCTET STRING, encapsulates {
726 22: SEQUENCE {
728 20: [0]
: 36 61 E1 00 7C 88 05 09 51 8B 44 6C 47 FF 1A 4C
: C9 EA 4F 12
: }
: }
: }
750 15: SEQUENCE {
752 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
757 1: BOOLEAN TRUE
760 5: OCTET STRING, encapsulates {
762 3: SEQUENCE {
764 1: BOOLEAN TRUE
: }
: }
: }
767 14: SEQUENCE {
769 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
774 1: BOOLEAN TRUE
777 4: OCTET STRING, encapsulates {
779 2: BIT STRING 1 unused bit
: '1100001'B
: }
: }
783 80: SEQUENCE {
785 3: OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
790 73: OCTET STRING, encapsulates {
792 71: SEQUENCE {
794 69: SEQUENCE {
796 67: [0] {
798 65: [0] {
800 63: [6]
: 'https://android.googleapis.com/attestation/crl/E'
: '8FA196314D2FA18'
: }
: }
: }
: }
: }
: }
: }
: }
: }
865 13: SEQUENCE {
867 9: OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840 113549 1 1 11)
878 0: NULL
: }
880 513: BIT STRING
: 0E 0D 71 4A 88 0A 58 53 B6 31 14 7D DA 22 31 C6
: 06 D6 EF 3B 22 4D D7 A5 C0 3F BF C6 B4 64 A3 FB
: 92 C2 CC 67 F4 6C 24 25 49 6E F6 CB 08 D6 A8 0D
: 94 06 7F 8C 8C 3C B1 77 CD C2 3F C7 5E A3 85 6D
: F7 A5 94 13 CD 5A 5C F3 9B 0A 0D E1 82 42 F4 C9
: 3F AD FC FB 7C AA 27 04 CC 1C 12 45 15 EB E6 70
: A0 6C DE 77 77 54 9B 1F 02 05 76 03 A4 FC 6C 07
: F4 CB BB 59 F5 CB ED 58 D8 30 9B 6E 3C F7 76 C1
: [ Another 384 bytes skipped ]
: }
0 1376: SEQUENCE {
4 840: SEQUENCE {
8 3: [0] {
10 1: INTEGER 2
: }
13 9: INTEGER 00 E8 FA 19 63 14 D2 FA 18
24 13: SEQUENCE {
26 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
37 0: NULL
: }
39 27: SEQUENCE {
41 25: SET {
43 23: SEQUENCE {
45 3: OBJECT IDENTIFIER serialNumber (2 5 4 5)
50 16: PrintableString 'f92009e853b6b045'
: }
: }
: }
68 30: SEQUENCE {
70 13: UTCTime 26/05/2016 16:28:52 GMT
85 13: UTCTime 24/05/2026 16:28:52 GMT
: }
100 27: SEQUENCE {
102 25: SET {
104 23: SEQUENCE {
106 3: OBJECT IDENTIFIER serialNumber (2 5 4 5)
111 16: PrintableString 'f92009e853b6b045'
: }
: }
: }
129 546: SEQUENCE {
133 13: SEQUENCE {
135 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
146 0: NULL
: }
148 527: BIT STRING, encapsulates {
153 522: SEQUENCE {
157 513: INTEGER
: 00 AF B6 C7 82 2B B1 A7 01 EC 2B B4 2E 8B CC 54
: 16 63 AB EF 98 2F 32 C7 7F 75 31 03 0C 97 52 4B
: 1B 5F E8 09 FB C7 2A A9 45 1F 74 3C BD 9A 6F 13
: 35 74 4A A5 5E 77 F6 B6 AC 35 35 EE 17 C2 5E 63
: 95 17 DD 9C 92 E6 37 4A 53 CB FE 25 8F 8F FB B6
: FD 12 93 78 A2 2A 4C A9 9C 45 2D 47 A5 9F 32 01
: F4 41 97 CA 1C CD 7E 76 2F B2 F5 31 51 B6 FE B2
: FF FD 2B 6F E4 FE 5B C6 BD 9E C3 4B FE 08 23 9D
: [ Another 385 bytes skipped ]
674 3: INTEGER 65537
: }
: }
: }
679 166: [3] {
682 163: SEQUENCE {
685 29: SEQUENCE {
687 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
692 22: OCTET STRING, encapsulates {
694 20: OCTET STRING
: 36 61 E1 00 7C 88 05 09 51 8B 44 6C 47 FF 1A 4C
: C9 EA 4F 12
: }
: }
716 31: SEQUENCE {
718 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
723 24: OCTET STRING, encapsulates {
725 22: SEQUENCE {
727 20: [0]
: 36 61 E1 00 7C 88 05 09 51 8B 44 6C 47 FF 1A 4C
: C9 EA 4F 12
: }
: }
: }
749 15: SEQUENCE {
751 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
756 1: BOOLEAN TRUE
759 5: OCTET STRING, encapsulates {
761 3: SEQUENCE {
763 1: BOOLEAN TRUE
: }
: }
: }
766 14: SEQUENCE {
768 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
773 1: BOOLEAN TRUE
776 4: OCTET STRING, encapsulates {
778 2: BIT STRING 1 unused bit
: '1100001'B
: }
: }
782 64: SEQUENCE {
784 3: OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
789 57: OCTET STRING, encapsulates {
791 55: SEQUENCE {
793 53: SEQUENCE {
795 51: [0] {
797 49: [0] {
799 47: [6]
: 'https://android.googleapis.com/attestation/crl/'
: }
: }
: }
: }
: }
: }
: }
: }
: }
848 13: SEQUENCE {
850 9: OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840 113549 1 1 11)
861 0: NULL
: }
863 513: BIT STRING
: 20 C8 C3 8D 4B DC A9 57 1B 46 8C 89 2F FF 72 AA
: C6 F8 44 A1 1D 41 A8 F0 73 6C C3 7D 16 D6 42 6D
: 8E 7E 94 07 04 4C EA 39 E6 8B 07 C1 3D BF 15 03
: DD 5C 85 BD AF B2 C0 2D 5F 6C DB 4E FA 81 27 DF
: 8B 04 F1 82 77 0F C4 E7 74 5B 7F CE AA 87 12 9A
: 88 01 CE 8E 9B C0 CB 96 37 9B 4D 26 A8 2D 30 FD
: 9C 2F 8E ED 6D C1 BE 2F 84 B6 89 E4 D9 14 25 8B
: 14 4B BA E6 24 A1 C7 06 71 13 2E 2F 06 16 A8 84
: [ Another 384 bytes skipped ]
: }
7.1.2. Secure Element 7.1.2. Secure Element
The structures below are not annotated except where the difference is The structures below are not annotated except where the difference is
specific to the difference between the TEE structure shown above and specific to the difference between the TEE structure shown above and
artifacts emitted by StrongBox. artifacts emitted by StrongBox.
``` 0 5143: SEQUENCE { 4 9: OBJECT IDENTIFIER signedData (1 2 840 0 5143: SEQUENCE {
113549 1 7 2) 15 5128: [0] { 19 5124: SEQUENCE { 23 1: INTEGER 1 26 4 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
0: SET {} 28 11: SEQUENCE { 30 9: OBJECT IDENTIFIER data (1 2 840 15 5128: [0] {
113549 1 7 1) : } 41 5100: [0] { 45 1114: SEQUENCE { 49 834: SEQUENCE 19 5124: SEQUENCE {
{ 53 3: [0] { 55 1: INTEGER 2 : } 58 1: INTEGER 1 61 13: SEQUENCE { 23 1: INTEGER 1
63 9: OBJECT IDENTIFIER : sha256WithRSAEncryption (1 2 840 113549 1 1 26 0: SET {}
11) 74 0: NULL : } 76 47: SEQUENCE { 78 25: SET { 80 23: SEQUENCE { 28 11: SEQUENCE {
82 3: OBJECT IDENTIFIER serialNumber (2 5 4 5) 87 16: PrintableString 30 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
'90e8da3cadfc7820' : } : } 105 18: SET { 107 16: SEQUENCE { 109 3: : }
OBJECT IDENTIFIER title (2 5 4 12) 114 9: UTF8String 'StrongBox' : } 41 5100: [0] {
: } : } 125 30: SEQUENCE { 127 13: UTCTime 01/01/1970 00:00:00 GMT 45 1114: SEQUENCE {
142 13: UTCTime 23/05/2028 23:59:59 GMT : } 157 31: SEQUENCE { 159 49 834: SEQUENCE {
29: SET { 161 27: SEQUENCE { 163 3: OBJECT IDENTIFIER commonName (2 5 53 3: [0] {
4 3) 168 20: UTF8String 'Android Keystore Key' : } : } : } 190 290: 55 1: INTEGER 2
SEQUENCE { 194 13: SEQUENCE { 196 9: OBJECT IDENTIFIER : : }
rsaEncryption (1 2 840 113549 1 1 1) 207 0: NULL : } 209 271: BIT 58 1: INTEGER 1
STRING, encapsulates { 214 266: SEQUENCE { 218 257: INTEGER : 00 DE 61 13: SEQUENCE {
98 94 D5 E5 05 98 E8 FC 73 4D 26 FB 48 6A : CA 06 A0 24 FA 05 D1 D2 63 9: OBJECT IDENTIFIER
32 10 46 F8 50 DD 3E 0D : DF 4F 95 53 D2 CB 10 1F 00 B2 62 15 1E 21 : sha256WithRSAEncryption (1 2 840 113549 1 1 11)
7E 05 : C6 10 AC EE 7A D8 69 F1 1F 32 C3 17 CA D7 07 BE : 3B 2B 83 0F 74 0: NULL
B4 9C 3D C7 13 0B 9C 59 2F 1A 38 CE : A5 1D 95 A7 3C EE 70 6A CF 41 : }
FF 55 3F E0 9C 69 : E5 A0 C1 19 EF 40 E9 40 FC 74 D3 3B 96 D9 0E C1 : 76 47: SEQUENCE {
C3 9D 14 10 0C A6 95 19 49 88 F4 AB 74 FC 86 A6 : [ Another 129 bytes 78 25: SET {
skipped ] 479 3: INTEGER 65537 : } : } : } 484 399: [3] { 488 395: 80 23: SEQUENCE {
SEQUENCE { 492 14: SEQUENCE { 494 3: OBJECT IDENTIFIER keyUsage (2 5 82 3: OBJECT IDENTIFIER serialNumber (2 5 4 5)
29 15) 499 1: BOOLEAN TRUE 502 4: OCTET STRING, encapsulates { 504 2: 87 16: PrintableString '90e8da3cadfc7820'
BIT STRING 7 unused bits : '1'B (bit 0) : } : } 508 375: SEQUENCE { : }
512 10: OBJECT IDENTIFIER '1 3 6 1 4 1 11129 2 1 17' 524 359: OCTET : }
STRING, encapsulates { 528 355: SEQUENCE { 532 1: INTEGER 3 535 1: 105 18: SET {
ENUMERATED 2 - attestationSecurityLevel (StrongBox) 538 1: INTEGER 4 107 16: SEQUENCE {
541 1: ENUMERATED 2 - attestationSecurityLevel (StrongBox) 544 9: 109 3: OBJECT IDENTIFIER title (2 5 4 12)
OCTET STRING 'challenge' 555 0: OCTET STRING : Error: Object has zero 114 9: UTF8String 'StrongBox'
length. 557 53: SEQUENCE { 559 2: [509] { 563 0: NULL : } 565 11: : }
[701] { 569 9: INTEGER 00 FF FF FF FF FF E5 99 78 : } 580 28: [709] { : }
584 26: OCTET STRING, encapsulates { 586 24: SEQUENCE { 588 20: SET { : }
590 18: SEQUENCE { 592 13: OCTET STRING 'AndroidSystem' 607 1: 125 30: SEQUENCE {
INTEGER 1 : } : } 610 0: SET {} : } : } : } : } 612 271: SEQUENCE { 127 13: UTCTime 01/01/1970 00:00:00 GMT
616 14: [1] { 618 12: SET { 620 1: INTEGER 0 623 1: INTEGER 1 626 1: 142 13: UTCTime 23/05/2028 23:59:59 GMT
INTEGER 2 629 1: INTEGER 3 : } : } 632 3: [2] { 634 1: INTEGER 1 : } : }
637 4: [3] { 639 2: INTEGER 2048 : } 643 8: [4] { 645 6: SET { 647 1: 157 31: SEQUENCE {
INTEGER 2 650 1: INTEGER 32 : } : } 653 8: [5] { 655 6: SET { 657 1: 159 29: SET {
INTEGER 0 660 1: INTEGER 4 : } : } 663 14: [6] { 665 12: SET { 667 1: 161 27: SEQUENCE {
INTEGER 2 670 1: INTEGER 3 673 1: INTEGER 4 676 1: INTEGER 5 : } : } 163 3: OBJECT IDENTIFIER commonName (2 5 4 3)
679 2: [503] { 683 0: NULL : } 685 3: [702] { 689 1: INTEGER 0 : } 168 20: UTF8String 'Android Keystore Key'
692 76: [704] { 696 74: SEQUENCE { 698 32: OCTET STRING : 61 FD A1 2B : }
32 ED 84 21 4A 9C F1 3D 1A FF B7 AA : 80 BD 8A 26 8A 86 1E D4 BB 7A : }
15 17 0F 1A B0 0C 732 1: BOOLEAN TRUE 735 1: ENUMERATED 0 738 32: : }
OCTET STRING : 77 96 C5 3D 0E 09 46 2B BA BB FB 7B 8A 65 F6 8D : EF 190 290: SEQUENCE {
5C 46 88 BF 99 C4 1E 88 42 01 4D 1F 01 2D C5 : } : } 772 3: [705] { 194 13: SEQUENCE {
776 1: INTEGER 0 : } 779 5: [706] { 783 3: INTEGER 201903 : } 788 8: 196 9: OBJECT IDENTIFIER
[710] { 792 6: OCTET STRING 'google' : } 800 10: [711] { 804 8: OCTET : rsaEncryption (1 2 840 113549 1 1 1)
STRING 'blueline' : } 814 10: [712] { 818 8: OCTET STRING 'blueline' 207 0: NULL
: } 828 11: [713] { 832 9: OCTET STRING '8A2X0KLUU' : } 843 8: [716] : }
{ 847 6: OCTET STRING 'Google' : } 855 9: [717] { 859 7: OCTET STRING 209 271: BIT STRING, encapsulates {
'Pixel 3' : } 868 6: [718] { 872 4: INTEGER 20180905 : } 878 5: [719] 214 266: SEQUENCE {
{ 882 3: INTEGER 201903 : } : } : } : } : } : } : } : } 887 13: 218 257: INTEGER
SEQUENCE { 889 9: OBJECT IDENTIFIER : sha256WithRSAEncryption (1 2 : 00 DE 98 94 D5 E5 05 98 E8 FC 73 4D 26 FB 48 6A
840 113549 1 1 11) 900 0: NULL : } 902 257: BIT STRING : 83 EA 59 8D : CA 06 A0 24 FA 05 D1 D2 32 10 46 F8 50 DD 3E 0D
BE 37 4A D5 C0 FC F8 FB AC 8B 72 1E : A5 C2 3B 0C C0 04 1B C0 5A 18 : DF 4F 95 53 D2 CB 10 1F 00 B2 62 15 1E 21 7E 05
A5 DF D4 67 1D B9 : 08 42 4B E2 2C AC 07 0F D8 0E 24 97 56 9E 14 F2 : : C6 10 AC EE 7A D8 69 F1 1F 32 C3 17 CA D7 07 BE
D0 AC DD 1E FC DD 68 20 11 DF 88 B8 B6 22 AD 2B : DB 9C 2E 5C 3F AF : 3B 2B 83 0F B4 9C 3D C7 13 0B 9C 59 2F 1A 38 CE
0B 8F 02 68 AA 34 4B 5E C8 75 : B1 1A 09 D2 19 41 24 61 65 97 2C 0D : A5 1D 95 A7 3C EE 70 6A CF 41 FF 55 3F E0 9C 69
A4 78 43 A7 : 9A 27 B2 4E 24 11 4F FF E2 D8 04 56 39 75 B2 34 : D8 18 : E5 A0 C1 19 EF 40 E9 40 FC 74 D3 3B 96 D9 0E C1
C7 25 F3 3F C0 6A 37 AB 49 B6 96 51 61 72 : [ Another 128 bytes : C3 9D 14 10 0C A6 95 19 49 88 F4 AB 74 FC 86 A6
skipped ] : } 1163 1181: SEQUENCE { 1167 645: SEQUENCE { 1171 3: [0] : [ Another 129 bytes skipped ]
{ 1173 1: INTEGER 2 : } 1176 10: INTEGER 17 10 24 68 40 71 02 97 78 479 3: INTEGER 65537
50 1188 13: SEQUENCE { 1190 9: OBJECT IDENTIFIER : : }
sha256WithRSAEncryption (1 2 840 113549 1 1 11) 1201 0: NULL : } 1203 : }
47: SEQUENCE { 1205 25: SET { 1207 23: SEQUENCE { 1209 3: OBJECT : }
IDENTIFIER serialNumber (2 5 4 5) 1214 16: PrintableString 484 399: [3] {
'ccd18b9b608d658e' : } : } 1232 18: SET { 1234 16: SEQUENCE { 1236 3: 488 395: SEQUENCE {
OBJECT IDENTIFIER title (2 5 4 12) 1241 9: UTF8String 'StrongBox' : } 492 14: SEQUENCE {
: } : } 1252 30: SEQUENCE { 1254 13: UTCTime 25/05/2018 23:28:47 GMT 494 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
1269 13: UTCTime 22/05/2028 23:28:47 GMT : } 1284 47: SEQUENCE { 1286 499 1: BOOLEAN TRUE
25: SET { 1288 23: SEQUENCE { 1290 3: OBJECT IDENTIFIER serialNumber 502 4: OCTET STRING, encapsulates {
(2 5 4 5) 1295 16: PrintableString '90e8da3cadfc7820' : } : } 1313 504 2: BIT STRING 7 unused bits
18: SET { 1315 16: SEQUENCE { 1317 3: OBJECT IDENTIFIER title (2 5 4 : '1'B (bit 0)
12) 1322 9: UTF8String 'StrongBox' : } : } : } 1333 290: SEQUENCE { : }
1337 13: SEQUENCE { 1339 9: OBJECT IDENTIFIER : rsaEncryption (1 2 : }
840 113549 1 1 1) 1350 0: NULL : } 1352 271: BIT STRING, encapsulates 508 375: SEQUENCE {
{ 1357 266: SEQUENCE { 1361 257: INTEGER : 00 A5 09 D4 09 D2 30 19 36 512 10: OBJECT IDENTIFIER '1 3 6 1 4 1 11129 2 1 17'
34 71 FD 7D 41 89 E6 : 2C A5 9D 10 1B 4F 40 6A B0 5F 56 34 16 E6 EB 524 359: OCTET STRING, encapsulates {
D7 : F3 E9 C5 DC 20 F3 86 D1 77 19 D7 15 1F E7 EC 62 : DC 0A BC 64 E9 528 355: SEQUENCE {
18 52 B0 AA B8 FF 58 6A E0 0F B8 : 56 AF 77 D3 CE 3C DC 48 52 DD B2 532 1: INTEGER 3
86 0D 76 17 7C : FD EE B4 E6 6E 0A 08 9E 06 CA 0F EC 4B B0 7C AF : EA 535 1: ENUMERATED 2 -- attestationSecurityLevel (StrongBox)
82 27 A8 C9 A7 63 DA 89 F6 30 BA 3C 3A E5 C6 : EF 11 06 42 8A 2E FE 538 1: INTEGER 4
19 BE F2 C7 3B 34 16 B2 E2 : [ Another 129 bytes skipped ] 1622 3: 541 1: ENUMERATED 2 -- attestationSecurityLevel (StrongBox)
INTEGER 65537 : } : } : } 1627 186: [3] { 1630 183: SEQUENCE { 1633 544 9: OCTET STRING 'challenge'
29: SEQUENCE { 1635 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 555 0: OCTET STRING
14) 1640 22: OCTET STRING, encapsulates { 1642 20: OCTET STRING : 77 : Error: Object has zero length.
A4 AD DF 1D 29 89 CA 92 E3 BA DE 27 3C 70 DF : 36 03 7C 0C : } : } 557 53: SEQUENCE {
1664 31: SEQUENCE { 1666 3: OBJECT IDENTIFIER : 559 2: [509] {
authorityKeyIdentifier (2 5 29 35) 1671 24: OCTET STRING, 563 0: NULL
encapsulates { 1673 22: SEQUENCE { 1675 20: [0] : 1B 17 70 C6 97 DC : }
84 54 75 7C 3C 98 5C E6 1D 1D : 08 59 5D 53 : } : } : } 1697 15: 565 11: [701] {
SEQUENCE { 1699 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 569 9: INTEGER 00 FF FF FF FF FF E5 99 78
1704 1: BOOLEAN TRUE 1707 5: OCTET STRING, encapsulates { 1709 3: : }
SEQUENCE { 1711 1: BOOLEAN TRUE : } : } : } 1714 14: SEQUENCE { 1716 580 28: [709] {
3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 1721 1: BOOLEAN TRUE 1724 584 26: OCTET STRING, encapsulates {
4: OCTET STRING, encapsulates { 1726 2: BIT STRING 2 unused bits : 586 24: SEQUENCE {
'100000'B (bit 5) : } : } 1730 84: SEQUENCE { 1732 3: OBJECT 588 20: SET {
IDENTIFIER cRLDistributionPoints (2 5 29 31) 1737 77: OCTET STRING, 590 18: SEQUENCE {
encapsulates { 1739 75: SEQUENCE { 1741 73: SEQUENCE { 1743 71: [0] { 592 13: OCTET STRING 'AndroidSystem'
1745 69: [0] { 1747 67: [6] : 607 1: INTEGER 1
'https://android.googleapis.com/attestation/crl/1' : : }
'7102468407102977850' : } : } : } : } : } : } : } : } : } 1816 13: : }
SEQUENCE { 1818 9: OBJECT IDENTIFIER : sha256WithRSAEncryption (1 2 610 0: SET {}
840 113549 1 1 11) 1829 0: NULL : } 1831 513: BIT STRING : 13 22 DA : }
F2 92 93 CE C0 9F 70 40 C9 DA 85 6B 61 : 6F 8F BE E0 A4 04 55 C1 63 : }
84 61 37 F5 4B 71 6D : 62 AA 6F BF 6C E8 48 03 AD 28 85 21 9E 3C 1C : }
91 : 48 EE 65 28 65 70 D0 BD 5B CC DB CE B1 F5 B5 C3 : CA 7A A9 C8 8A : }
68 12 8A CA 6A 85 A6 BC DA 36 E9 : B9 94 35 82 5B CA BC B6 9F 83 03 612 271: SEQUENCE {
7F 21 6C EE 82 : C1 3F BD C1 41 4B DD 1A 6F 6C AF 4A 52 FC 19 19 : 17 616 14: [1] {
AC 29 0C 5E D7 57 90 D5 B1 2B 36 29 1F 45 33 : [ Another 384 bytes 618 12: SET {
skipped ] : } 2348 1376: SEQUENCE { 2352 840: SEQUENCE { 2356 3: [0] 620 1: INTEGER 0
{ 2358 1: INTEGER 2 : } 2361 9: INTEGER 00 E8 FA 19 63 14 D2 FA 18 623 1: INTEGER 1
2372 13: SEQUENCE { 2374 9: OBJECT IDENTIFIER : 626 1: INTEGER 2
sha256WithRSAEncryption (1 2 840 113549 1 1 11) 2385 0: NULL : } 2387 629 1: INTEGER 3
27: SEQUENCE { 2389 25: SET { 2391 23: SEQUENCE { 2393 3: OBJECT : }
IDENTIFIER serialNumber (2 5 4 5) 2398 16: PrintableString : }
'f92009e853b6b045' : } : } : } 2416 30: SEQUENCE { 2418 13: UTCTime 632 3: [2] {
26/05/2016 16:28:52 GMT 2433 13: UTCTime 24/05/2026 16:28:52 GMT : } 634 1: INTEGER 1
2448 27: SEQUENCE { 2450 25: SET { 2452 23: SEQUENCE { 2454 3: OBJECT : }
IDENTIFIER serialNumber (2 5 4 5) 2459 16: PrintableString 637 4: [3] {
'f92009e853b6b045' : } : } : } 2477 546: SEQUENCE { 2481 13: SEQUENCE 639 2: INTEGER 2048
{ 2483 9: OBJECT IDENTIFIER : rsaEncryption (1 2 840 113549 1 1 1) : }
2494 0: NULL : } 2496 527: BIT STRING, encapsulates { 2501 522: 643 8: [4] {
SEQUENCE { 2505 513: INTEGER : 00 AF B6 C7 82 2B B1 A7 01 EC 2B B4 2E 645 6: SET {
8B CC 54 : 16 63 AB EF 98 2F 32 C7 7F 75 31 03 0C 97 52 4B : 1B 5F E8 647 1: INTEGER 2
09 FB C7 2A A9 45 1F 74 3C BD 9A 6F 13 : 35 74 4A A5 5E 77 F6 B6 AC 650 1: INTEGER 32
35 35 EE 17 C2 5E 63 : 95 17 DD 9C 92 E6 37 4A 53 CB FE 25 8F 8F FB : }
B6 : FD 12 93 78 A2 2A 4C A9 9C 45 2D 47 A5 9F 32 01 : F4 41 97 CA 1C : }
CD 7E 76 2F B2 F5 31 51 B6 FE B2 : FF FD 2B 6F E4 FE 5B C6 BD 9E C3 653 8: [5] {
4B FE 08 23 9D : [ Another 385 bytes skipped ] 3022 3: INTEGER 65537 655 6: SET {
: } : } : } 3027 166: [3] { 3030 163: SEQUENCE { 3033 29: SEQUENCE { 657 1: INTEGER 0
3035 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14) 3040 22: 660 1: INTEGER 4
OCTET STRING, encapsulates { 3042 20: OCTET STRING : 36 61 E1 00 7C : }
88 05 09 51 8B 44 6C 47 FF 1A 4C : C9 EA 4F 12 : } : } 3064 31: : }
SEQUENCE { 3066 3: OBJECT IDENTIFIER : authorityKeyIdentifier (2 5 29 663 14: [6] {
35) 3071 24: OCTET STRING, encapsulates { 3073 22: SEQUENCE { 3075 665 12: SET {
20: [0] : 36 61 E1 00 7C 88 05 09 51 8B 44 6C 47 FF 1A 4C : C9 EA 4F 667 1: INTEGER 2
12 : } : } : } 3097 15: SEQUENCE { 3099 3: OBJECT IDENTIFIER 670 1: INTEGER 3
basicConstraints (2 5 29 19) 3104 1: BOOLEAN TRUE 3107 5: OCTET 673 1: INTEGER 4
STRING, encapsulates { 3109 3: SEQUENCE { 3111 1: BOOLEAN TRUE : } : 676 1: INTEGER 5
} : } 3114 14: SEQUENCE { 3116 3: OBJECT IDENTIFIER keyUsage (2 5 29 : }
15) 3121 1: BOOLEAN TRUE 3124 4: OCTET STRING, encapsulates { 3126 2: : }
BIT STRING 1 unused bit : '1100001'B : } : } 3130 64: SEQUENCE { 3132 679 2: [503] {
3: OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31) 3137 57: OCTET 683 0: NULL
STRING, encapsulates { 3139 55: SEQUENCE { 3141 53: SEQUENCE { 3143 : }
51: [0] { 3145 49: [0] { 3147 47: [6] : 685 3: [702] {
'https://android.googleapis.com/attestation/crl/' : } : } : } : } : } 689 1: INTEGER 0
: } : } : } : } 3196 13: SEQUENCE { 3198 9: OBJECT IDENTIFIER : : }
sha256WithRSAEncryption (1 2 840 113549 1 1 11) 3209 0: NULL : } 3211 692 76: [704] {
513: BIT STRING : 20 C8 C3 8D 4B DC A9 57 1B 46 8C 89 2F FF 72 AA : 696 74: SEQUENCE {
C6 F8 44 A1 1D 41 A8 F0 73 6C C3 7D 16 D6 42 6D : 8E 7E 94 07 04 4C 698 32: OCTET STRING
EA 39 E6 8B 07 C1 3D BF 15 03 : DD 5C 85 BD AF B2 C0 2D 5F 6C DB 4E : 61 FD A1 2B 32 ED 84 21 4A 9C F1 3D 1A FF B7 AA
FA 81 27 DF : 8B 04 F1 82 77 0F C4 E7 74 5B 7F CE AA 87 12 9A : 88 01 : 80 BD 8A 26 8A 86 1E D4 BB 7A 15 17 0F 1A B0 0C
CE 8E 9B C0 CB 96 37 9B 4D 26 A8 2D 30 FD : 9C 2F 8E ED 6D C1 BE 2F 732 1: BOOLEAN TRUE
84 B6 89 E4 D9 14 25 8B : 14 4B BA E6 24 A1 C7 06 71 13 2E 2F 06 16 735 1: ENUMERATED 0
A8 84 : [ Another 384 bytes skipped ] : } 3728 1413: SEQUENCE { 3732 738 32: OCTET STRING
877: SEQUENCE { 3736 3: [0] { 3738 1: INTEGER 2 : } 3741 10: INTEGER : 77 96 C5 3D 0E 09 46 2B BA BB FB 7B 8A 65 F6 8D
03 88 26 67 60 65 89 96 85 99 3753 13: SEQUENCE { 3755 9: OBJECT : EF 5C 46 88 BF 99 C4 1E 88 42 01 4D 1F 01 2D C5
IDENTIFIER : sha256WithRSAEncryption (1 2 840 113549 1 1 11) 3766 0: : }
NULL : } 3768 27: SEQUENCE { 3770 25: SET { 3772 23: SEQUENCE { 3774 : }
3: OBJECT IDENTIFIER serialNumber (2 5 4 5) 3779 16: PrintableString 772 3: [705] {
'f92009e853b6b045' : } : } : } 3797 30: SEQUENCE { 3799 13: UTCTime 776 1: INTEGER 0
20/06/2018 22:47:35 GMT 3814 13: UTCTime 17/06/2028 22:47:35 GMT : } : }
3829 47: SEQUENCE { 3831 25: SET { 3833 23: SEQUENCE { 3835 3: OBJECT 779 5: [706] {
IDENTIFIER serialNumber (2 5 4 5) 3840 16: PrintableString 783 3: INTEGER 201903
'ccd18b9b608d658e' : } : } 3858 18: SET { 3860 16: SEQUENCE { 3862 3: : }
OBJECT IDENTIFIER title (2 5 4 12) 3867 9: UTF8String 'StrongBox' : } 788 8: [710] {
: } : } 3878 546: SEQUENCE { 3882 13: SEQUENCE { 3884 9: OBJECT 792 6: OCTET STRING 'google'
IDENTIFIER : rsaEncryption (1 2 840 113549 1 1 1) 3895 0: NULL : } : }
3897 527: BIT STRING, encapsulates { 3902 522: SEQUENCE { 3906 513: 800 10: [711] {
INTEGER : 00 E8 22 0B F1 72 A6 01 63 D3 3C 44 9D DB 7A 87 : D6 3D 6F 804 8: OCTET STRING 'blueline'
6D 92 B7 C9 4A 70 96 5D 29 7A 8E 96 3E : FE F3 10 53 B2 19 A5 BF 6E : }
54 AD D0 0A A2 8E 54 : E0 D4 B4 2E A6 E0 D4 30 F8 5A 47 CC 09 00 56 814 10: [712] {
45 : BE DA 5A 84 59 90 18 CE 29 6C 8E 9E E6 90 98 BD : D4 D8 F8 38 82 818 8: OCTET STRING 'blueline'
90 C9 79 DB 31 D3 7A A1 CA BA 6A : 8B 9D 15 91 E2 6C 41 A3 2B 25 DA : }
4F E4 B3 14 E5 : 4B EC B7 89 06 44 18 67 C1 4C 03 35 18 D8 FD 7D : [ 828 11: [713] {
Another 385 bytes skipped ] 4423 3: INTEGER 65537 : } : } : } 4428 832 9: OCTET STRING '8A2X0KLUU'
182: [3] { 4431 179: SEQUENCE { 4434 29: SEQUENCE { 4436 3: OBJECT : }
IDENTIFIER subjectKeyIdentifier (2 5 29 14) 4441 22: OCTET STRING, 843 8: [716] {
encapsulates { 4443 20: OCTET STRING : 1B 17 70 C6 97 DC 84 54 75 7C 847 6: OCTET STRING 'Google'
3C 98 5C E6 1D 1D : 08 59 5D 53 : } : } 4465 31: SEQUENCE { 4467 3: : }
OBJECT IDENTIFIER : authorityKeyIdentifier (2 5 29 35) 4472 24: OCTET 855 9: [717] {
STRING, encapsulates { 4474 22: SEQUENCE { 4476 20: [0] : 36 61 E1 00 859 7: OCTET STRING 'Pixel 3'
7C 88 05 09 51 8B 44 6C 47 FF 1A 4C : C9 EA 4F 12 : } : } : } 4498 : }
15: SEQUENCE { 4500 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 868 6: [718] {
4505 1: BOOLEAN TRUE 4508 5: OCTET STRING, encapsulates { 4510 3: 872 4: INTEGER 20180905
SEQUENCE { 4512 1: BOOLEAN TRUE : } : } : } 4515 14: SEQUENCE { 4517 : }
3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 4522 1: BOOLEAN TRUE 4525 878 5: [719] {
4: OCTET STRING, encapsulates { 4527 2: BIT STRING 2 unused bits : 882 3: INTEGER 201903
'100000'B (bit 5) : } : } 4531 80: SEQUENCE { 4533 3: OBJECT : }
IDENTIFIER cRLDistributionPoints (2 5 29 31) 4538 73: OCTET STRING, : }
encapsulates { 4540 71: SEQUENCE { 4542 69: SEQUENCE { 4544 67: [0] { : }
4546 65: [0] { 4548 63: [6] : : }
'https://android.googleapis.com/attestation/crl/8' : : }
'F6734C9FA504789' : } : } : } : } : } : } : } : } : } 4613 13: : }
SEQUENCE { 4615 9: OBJECT IDENTIFIER : sha256WithRSAEncryption (1 2 : }
840 113549 1 1 11) 4626 0: NULL : } 4628 513: BIT STRING : 9B E2 2D : }
8C 43 AC 8F 11 35 11 77 BD F9 32 B3 01 : 8C E9 97 58 08 E5 C0 DD C4 887 13: SEQUENCE {
CC A6 B1 4A A3 E5 D0 : 48 A6 18 1C 8E 5C FD 35 4A A5 12 C2 1A 82 64 889 9: OBJECT IDENTIFIER
3E : B4 CC 0C 0B 1F 5E D5 11 C0 B7 49 5B A6 E7 74 37 : 0B 7D 99 27 84 : sha256WithRSAEncryption (1 2 840 113549 1 1 11)
B7 E0 34 58 28 01 CC 03 76 50 F8 : 1A B5 3B EF CA D2 FF 7D C9 37 FE
D9 F7 30 3D 31 : 24 CA 83 FD 67 AC 38 E3 82 23 B0 70 80 48 84 D6 : A1 900 0: NULL
2E 18 BD 94 1F 9A 8E 82 CC 2F EB 97 AA 5B A3 : [ Another 384 bytes : }
skipped ] : } : } 5145 0: SET {} : } : } : } 902 257: BIT STRING
``` : 83 EA 59 8D BE 37 4A D5 C0 FC F8 FB AC 8B 72 1E
: A5 C2 3B 0C C0 04 1B C0 5A 18 A5 DF D4 67 1D B9
: 08 42 4B E2 2C AC 07 0F D8 0E 24 97 56 9E 14 F2
: D0 AC DD 1E FC DD 68 20 11 DF 88 B8 B6 22 AD 2B
: DB 9C 2E 5C 3F AF 0B 8F 02 68 AA 34 4B 5E C8 75
: B1 1A 09 D2 19 41 24 61 65 97 2C 0D A4 78 43 A7
: 9A 27 B2 4E 24 11 4F FF E2 D8 04 56 39 75 B2 34
: D8 18 C7 25 F3 3F C0 6A 37 AB 49 B6 96 51 61 72
: [ Another 128 bytes skipped ]
: }
1163 1181: SEQUENCE {
1167 645: SEQUENCE {
1171 3: [0] {
1173 1: INTEGER 2
: }
1176 10: INTEGER 17 10 24 68 40 71 02 97 78 50
1188 13: SEQUENCE {
1190 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
1201 0: NULL
: }
1203 47: SEQUENCE {
1205 25: SET {
1207 23: SEQUENCE {
1209 3: OBJECT IDENTIFIER serialNumber (2 5 4 5)
1214 16: PrintableString 'ccd18b9b608d658e'
: }
: }
1232 18: SET {
1234 16: SEQUENCE {
1236 3: OBJECT IDENTIFIER title (2 5 4 12)
1241 9: UTF8String 'StrongBox'
: }
: }
: }
1252 30: SEQUENCE {
1254 13: UTCTime 25/05/2018 23:28:47 GMT
1269 13: UTCTime 22/05/2028 23:28:47 GMT
: }
1284 47: SEQUENCE {
1286 25: SET {
1288 23: SEQUENCE {
1290 3: OBJECT IDENTIFIER serialNumber (2 5 4 5)
1295 16: PrintableString '90e8da3cadfc7820'
: }
: }
1313 18: SET {
1315 16: SEQUENCE {
1317 3: OBJECT IDENTIFIER title (2 5 4 12)
1322 9: UTF8String 'StrongBox'
: }
: }
: }
1333 290: SEQUENCE {
1337 13: SEQUENCE {
1339 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
1350 0: NULL
: }
1352 271: BIT STRING, encapsulates {
1357 266: SEQUENCE {
1361 257: INTEGER
: 00 A5 09 D4 09 D2 30 19 36 34 71 FD 7D 41 89 E6
: 2C A5 9D 10 1B 4F 40 6A B0 5F 56 34 16 E6 EB D7
: F3 E9 C5 DC 20 F3 86 D1 77 19 D7 15 1F E7 EC 62
: DC 0A BC 64 E9 18 52 B0 AA B8 FF 58 6A E0 0F B8
: 56 AF 77 D3 CE 3C DC 48 52 DD B2 86 0D 76 17 7C
: FD EE B4 E6 6E 0A 08 9E 06 CA 0F EC 4B B0 7C AF
: EA 82 27 A8 C9 A7 63 DA 89 F6 30 BA 3C 3A E5 C6
: EF 11 06 42 8A 2E FE 19 BE F2 C7 3B 34 16 B2 E2
: [ Another 129 bytes skipped ]
1622 3: INTEGER 65537
: }
: }
: }
1627 186: [3] {
1630 183: SEQUENCE {
1633 29: SEQUENCE {
1635 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
1640 22: OCTET STRING, encapsulates {
1642 20: OCTET STRING
: 77 A4 AD DF 1D 29 89 CA 92 E3 BA DE 27 3C 70 DF
: 36 03 7C 0C
: }
: }
1664 31: SEQUENCE {
1666 3: OBJECT IDENTIFIER
: authorityKeyIdentifier (2 5 29 35)
1671 24: OCTET STRING, encapsulates {
1673 22: SEQUENCE {
1675 20: [0]
: 1B 17 70 C6 97 DC 84 54 75 7C 3C 98 5C E6 1D 1D
: 08 59 5D 53
: }
: }
: }
1697 15: SEQUENCE {
1699 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
1704 1: BOOLEAN TRUE
1707 5: OCTET STRING, encapsulates {
1709 3: SEQUENCE {
1711 1: BOOLEAN TRUE
: }
: }
: }
1714 14: SEQUENCE {
1716 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
1721 1: BOOLEAN TRUE
1724 4: OCTET STRING, encapsulates {
1726 2: BIT STRING 2 unused bits
: '100000'B (bit 5)
: }
: }
1730 84: SEQUENCE {
1732 3: OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
1737 77: OCTET STRING, encapsulates {
1739 75: SEQUENCE {
1741 73: SEQUENCE {
1743 71: [0] {
1745 69: [0] {
1747 67: [6]
: 'https://android.googleapis.com/attestation/crl/1'
: '7102468407102977850'
: }
: }
: }
: }
: }
: }
: }
: }
: }
1816 13: SEQUENCE {
1818 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
1829 0: NULL
: }
1831 513: BIT STRING
: 13 22 DA F2 92 93 CE C0 9F 70 40 C9 DA 85 6B 61
: 6F 8F BE E0 A4 04 55 C1 63 84 61 37 F5 4B 71 6D
: 62 AA 6F BF 6C E8 48 03 AD 28 85 21 9E 3C 1C 91
: 48 EE 65 28 65 70 D0 BD 5B CC DB CE B1 F5 B5 C3
: CA 7A A9 C8 8A 68 12 8A CA 6A 85 A6 BC DA 36 E9
: B9 94 35 82 5B CA BC B6 9F 83 03 7F 21 6C EE 82
: C1 3F BD C1 41 4B DD 1A 6F 6C AF 4A 52 FC 19 19
: 17 AC 29 0C 5E D7 57 90 D5 B1 2B 36 29 1F 45 33
: [ Another 384 bytes skipped ]
: }
2348 1376: SEQUENCE {
2352 840: SEQUENCE {
2356 3: [0] {
2358 1: INTEGER 2
: }
2361 9: INTEGER 00 E8 FA 19 63 14 D2 FA 18
2372 13: SEQUENCE {
2374 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
2385 0: NULL
: }
2387 27: SEQUENCE {
2389 25: SET {
2391 23: SEQUENCE {
2393 3: OBJECT IDENTIFIER serialNumber (2 5 4 5)
2398 16: PrintableString 'f92009e853b6b045'
: }
: }
: }
2416 30: SEQUENCE {
2418 13: UTCTime 26/05/2016 16:28:52 GMT
2433 13: UTCTime 24/05/2026 16:28:52 GMT
: }
2448 27: SEQUENCE {
2450 25: SET {
2452 23: SEQUENCE {
2454 3: OBJECT IDENTIFIER serialNumber (2 5 4 5)
2459 16: PrintableString 'f92009e853b6b045'
: }
: }
: }
2477 546: SEQUENCE {
2481 13: SEQUENCE {
2483 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
2494 0: NULL
: }
2496 527: BIT STRING, encapsulates {
2501 522: SEQUENCE {
2505 513: INTEGER
: 00 AF B6 C7 82 2B B1 A7 01 EC 2B B4 2E 8B CC 54
: 16 63 AB EF 98 2F 32 C7 7F 75 31 03 0C 97 52 4B
: 1B 5F E8 09 FB C7 2A A9 45 1F 74 3C BD 9A 6F 13
: 35 74 4A A5 5E 77 F6 B6 AC 35 35 EE 17 C2 5E 63
: 95 17 DD 9C 92 E6 37 4A 53 CB FE 25 8F 8F FB B6
: FD 12 93 78 A2 2A 4C A9 9C 45 2D 47 A5 9F 32 01
: F4 41 97 CA 1C CD 7E 76 2F B2 F5 31 51 B6 FE B2
: FF FD 2B 6F E4 FE 5B C6 BD 9E C3 4B FE 08 23 9D
: [ Another 385 bytes skipped ]
3022 3: INTEGER 65537
: }
: }
: }
3027 166: [3] {
3030 163: SEQUENCE {
3033 29: SEQUENCE {
3035 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
3040 22: OCTET STRING, encapsulates {
3042 20: OCTET STRING
: 36 61 E1 00 7C 88 05 09 51 8B 44 6C 47 FF 1A 4C
: C9 EA 4F 12
: }
: }
3064 31: SEQUENCE {
3066 3: OBJECT IDENTIFIER
: authorityKeyIdentifier (2 5 29 35)
3071 24: OCTET STRING, encapsulates {
3073 22: SEQUENCE {
3075 20: [0]
: 36 61 E1 00 7C 88 05 09 51 8B 44 6C 47 FF 1A 4C
: C9 EA 4F 12
: }
: }
: }
3097 15: SEQUENCE {
3099 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
3104 1: BOOLEAN TRUE
3107 5: OCTET STRING, encapsulates {
3109 3: SEQUENCE {
3111 1: BOOLEAN TRUE
: }
: }
: }
3114 14: SEQUENCE {
3116 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
3121 1: BOOLEAN TRUE
3124 4: OCTET STRING, encapsulates {
3126 2: BIT STRING 1 unused bit
: '1100001'B
: }
: }
3130 64: SEQUENCE {
3132 3: OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
3137 57: OCTET STRING, encapsulates {
3139 55: SEQUENCE {
3141 53: SEQUENCE {
3143 51: [0] {
3145 49: [0] {
3147 47: [6]
: 'https://android.googleapis.com/attestation/crl/'
: }
: }
: }
: }
: }
: }
: }
: }
: }
3196 13: SEQUENCE {
3198 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
3209 0: NULL
: }
3211 513: BIT STRING
: 20 C8 C3 8D 4B DC A9 57 1B 46 8C 89 2F FF 72 AA
: C6 F8 44 A1 1D 41 A8 F0 73 6C C3 7D 16 D6 42 6D
: 8E 7E 94 07 04 4C EA 39 E6 8B 07 C1 3D BF 15 03
: DD 5C 85 BD AF B2 C0 2D 5F 6C DB 4E FA 81 27 DF
: 8B 04 F1 82 77 0F C4 E7 74 5B 7F CE AA 87 12 9A
: 88 01 CE 8E 9B C0 CB 96 37 9B 4D 26 A8 2D 30 FD
: 9C 2F 8E ED 6D C1 BE 2F 84 B6 89 E4 D9 14 25 8B
: 14 4B BA E6 24 A1 C7 06 71 13 2E 2F 06 16 A8 84
: [ Another 384 bytes skipped ]
: }
3728 1413: SEQUENCE {
3732 877: SEQUENCE {
3736 3: [0] {
3738 1: INTEGER 2
: }
3741 10: INTEGER 03 88 26 67 60 65 89 96 85 99
3753 13: SEQUENCE {
3755 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
3766 0: NULL
: }
3768 27: SEQUENCE {
3770 25: SET {
3772 23: SEQUENCE {
3774 3: OBJECT IDENTIFIER serialNumber (2 5 4 5)
3779 16: PrintableString 'f92009e853b6b045'
: }
: }
: }
3797 30: SEQUENCE {
3799 13: UTCTime 20/06/2018 22:47:35 GMT
3814 13: UTCTime 17/06/2028 22:47:35 GMT
: }
3829 47: SEQUENCE {
3831 25: SET {
3833 23: SEQUENCE {
3835 3: OBJECT IDENTIFIER serialNumber (2 5 4 5)
3840 16: PrintableString 'ccd18b9b608d658e'
: }
: }
3858 18: SET {
3860 16: SEQUENCE {
3862 3: OBJECT IDENTIFIER title (2 5 4 12)
3867 9: UTF8String 'StrongBox'
: }
: }
: }
3878 546: SEQUENCE {
3882 13: SEQUENCE {
3884 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
3895 0: NULL
: }
3897 527: BIT STRING, encapsulates {
3902 522: SEQUENCE {
3906 513: INTEGER
: 00 E8 22 0B F1 72 A6 01 63 D3 3C 44 9D DB 7A 87
: D6 3D 6F 6D 92 B7 C9 4A 70 96 5D 29 7A 8E 96 3E
: FE F3 10 53 B2 19 A5 BF 6E 54 AD D0 0A A2 8E 54
: E0 D4 B4 2E A6 E0 D4 30 F8 5A 47 CC 09 00 56 45
: BE DA 5A 84 59 90 18 CE 29 6C 8E 9E E6 90 98 BD
: D4 D8 F8 38 82 90 C9 79 DB 31 D3 7A A1 CA BA 6A
: 8B 9D 15 91 E2 6C 41 A3 2B 25 DA 4F E4 B3 14 E5
: 4B EC B7 89 06 44 18 67 C1 4C 03 35 18 D8 FD 7D
: [ Another 385 bytes skipped ]
4423 3: INTEGER 65537
: }
: }
: }
4428 182: [3] {
4431 179: SEQUENCE {
4434 29: SEQUENCE {
4436 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
4441 22: OCTET STRING, encapsulates {
4443 20: OCTET STRING
: 1B 17 70 C6 97 DC 84 54 75 7C 3C 98 5C E6 1D 1D
: 08 59 5D 53
: }
: }
4465 31: SEQUENCE {
4467 3: OBJECT IDENTIFIER
: authorityKeyIdentifier (2 5 29 35)
4472 24: OCTET STRING, encapsulates {
4474 22: SEQUENCE {
4476 20: [0]
: 36 61 E1 00 7C 88 05 09 51 8B 44 6C 47 FF 1A 4C
: C9 EA 4F 12
: }
: }
: }
4498 15: SEQUENCE {
4500 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
4505 1: BOOLEAN TRUE
4508 5: OCTET STRING, encapsulates {
4510 3: SEQUENCE {
4512 1: BOOLEAN TRUE
: }
: }
: }
4515 14: SEQUENCE {
4517 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
4522 1: BOOLEAN TRUE
4525 4: OCTET STRING, encapsulates {
4527 2: BIT STRING 2 unused bits
: '100000'B (bit 5)
: }
: }
4531 80: SEQUENCE {
4533 3: OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
4538 73: OCTET STRING, encapsulates {
4540 71: SEQUENCE {
4542 69: SEQUENCE {
4544 67: [0] {
4546 65: [0] {
4548 63: [6]
: 'https://android.googleapis.com/attestation/crl/8'
: 'F6734C9FA504789'
: }
: }
: }
: }
: }
: }
: }
: }
: }
4613 13: SEQUENCE {
4615 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
4626 0: NULL
: }
4628 513: BIT STRING
: 9B E2 2D 8C 43 AC 8F 11 35 11 77 BD F9 32 B3 01
: 8C E9 97 58 08 E5 C0 DD C4 CC A6 B1 4A A3 E5 D0
: 48 A6 18 1C 8E 5C FD 35 4A A5 12 C2 1A 82 64 3E
: B4 CC 0C 0B 1F 5E D5 11 C0 B7 49 5B A6 E7 74 37
: 0B 7D 99 27 84 B7 E0 34 58 28 01 CC 03 76 50 F8
: 1A B5 3B EF CA D2 FF 7D C9 37 FE D9 F7 30 3D 31
: 24 CA 83 FD 67 AC 38 E3 82 23 B0 70 80 48 84 D6
: A1 2E 18 BD 94 1F 9A 8E 82 CC 2F EB 97 AA 5B A3
: [ Another 384 bytes skipped ]
: }
: }
5145 0: SET {}
: }
: }
: }
7.2. Windows 10 TPM 7.2. Windows 10 TPM
The next two sections provide two views of a CSR generated via The next two sections provide two views of a CSR generated via
invocation of the Certificate Enrollment Manager API similar to the invocation of the Certificate Enrollment Manager API similar to the
below: below:
``` CertificateRequestProperties request = new CertificateRequestProperties request = new CertificateRequestProperties();
CertificateRequestProperties(); request.FriendlyName = "Self-Signed request.FriendlyName = "Self-Signed Device Certificate";
Device Certificate";
request.KeyAlgorithmName = KeyAlgorithmNames.Rsa; request.KeyAlgorithmName = KeyAlgorithmNames.Rsa;
request.KeyStorageProviderName = "Microsoft Smart Card Key Storage request.KeyStorageProviderName = "Microsoft Smart Card Key Storage Provider";
Provider"; request.UseExistingKey = true; request.Exportable = request.UseExistingKey = true;
ExportOption.NotExportable; request.ContainerName = request.Exportable = ExportOption.NotExportable;
prj.GetContainerName(); request.ContainerName = prj.GetContainerName();
request.Subject = subject_name; request.KeyUsages = keyUsages; request.Subject = subject_name;
request.SmartcardReaderName = smartCardReaderName; request.KeyUsages = keyUsages;
request.SmartcardReaderName = smartCardReaderName;
string privacyCa = string privacyCa =
"MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEY" + "MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEY" +
"MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQ0wCwYDVQQLEwRESVNBMRwwGgYDVQQD" + "MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQ0wCwYDVQQLEwRESVNBMRwwGgYDVQQD" +
"ExNQdXJlYnJlZCBQcml2YWN5IENBMB4XDTE4MDQwMzE0NTQwMFoXDTI4MDQwMzE0" + "ExNQdXJlYnJlZCBQcml2YWN5IENBMB4XDTE4MDQwMzE0NTQwMFoXDTI4MDQwMzE0" +
"NTQwMFowVDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEN" + "NTQwMFowVDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEN" +
"MAsGA1UECxMERElTQTEcMBoGA1UEAxMTUHVyZWJyZWQgUHJpdmFjeSBDQTCCASIw" + "MAsGA1UECxMERElTQTEcMBoGA1UEAxMTUHVyZWJyZWQgUHJpdmFjeSBDQTCCASIw" +
"DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMROV8sQ707OSvjRxoX5S6MaB0r4" + "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMROV8sQ707OSvjRxoX5S6MaB0r4" +
"r5TnM97cx0RjtSVPu3O/WG9KRQdJtG9gARKKlxqgKOPJkTfTIxvUvWwKrtL9HjYs" + "r5TnM97cx0RjtSVPu3O/WG9KRQdJtG9gARKKlxqgKOPJkTfTIxvUvWwKrtL9HjYs" +
"IC2V/otsX3JKgPepud2CTIy3I1ADU7UD0/0MGqALbn+grDTaZOSi5p6cA0eo/f0X" + "IC2V/otsX3JKgPepud2CTIy3I1ADU7UD0/0MGqALbn+grDTaZOSi5p6cA0eo/f0X" +
"O7UNh5r2YWOYAhZdhIy5F9BIOZEN/7pRyvKziupf3OVTQaMjMWoiDrCQC+D0xya4" + "O7UNh5r2YWOYAhZdhIy5F9BIOZEN/7pRyvKziupf3OVTQaMjMWoiDrCQC+D0xya4" +
"8qxU/VFy4c9BmIg7uNzkHDqdaogo1Gsj5t2y0lW37IbRo6HrZ5Dl18laIX7s7n9k" + "8qxU/VFy4c9BmIg7uNzkHDqdaogo1Gsj5t2y0lW37IbRo6HrZ5Dl18laIX7s7n9k" +
"Mp7GbK4rq/1FTMvI5bBpN/Pp4syi3f+oyQbSz+FPQwfBWGLukTUzPYcDVfUCAwEA" + "Mp7GbK4rq/1FTMvI5bBpN/Pp4syi3f+oyQbSz+FPQwfBWGLukTUzPYcDVfUCAwEA" +
"AaNYMFYwHQYDVR0OBBYEFAFy9PrSM65GYyC0EVDPU91WJ0BXMAsGA1UdDwQEAwIC" + "AaNYMFYwHQYDVR0OBBYEFAFy9PrSM65GYyC0EVDPU91WJ0BXMAsGA1UdDwQEAwIC" +
"pDAoBgNVHSUEITAfBggrBgEFBQcDAgYIKwYBBQUHAwEGCSsGAQQBgjcVJDANBgkq" + "pDAoBgNVHSUEITAfBggrBgEFBQcDAgYIKwYBBQUHAwEGCSsGAQQBgjcVJDANBgkq" +
"hkiG9w0BAQsFAAOCAQEAG777BuS/EXmuoHiVctA0n58u4SZb6i9Jvw1gI3qIryGM" + "hkiG9w0BAQsFAAOCAQEAG777BuS/EXmuoHiVctA0n58u4SZb6i9Jvw1gI3qIryGM" +
"2oxDSKPr36c7R2tFmAqo4m9N97wh4xFebkkYHgZWPsp0hRFy79veE+wMCw+Z0B88" + "2oxDSKPr36c7R2tFmAqo4m9N97wh4xFebkkYHgZWPsp0hRFy79veE+wMCw+Z0B88" +
"ri4a2z/oTDmW9uf3r+BaZjRKpVoaYW9eztmz6DJA3wtvEdvUE2Nq4G1V5yXIdiSU" + "ri4a2z/oTDmW9uf3r+BaZjRKpVoaYW9eztmz6DJA3wtvEdvUE2Nq4G1V5yXIdiSU" +
"pfVd4eyEPVNy0Yp9DZDBP9vVcd5x7VfG8rzQoaDcerwrsXJ9/WLDz76A6d2/syHN" + "pfVd4eyEPVNy0Yp9DZDBP9vVcd5x7VfG8rzQoaDcerwrsXJ9/WLDz76A6d2/syHN" +
"74CRuXYGhpBb7YL1jIhgVi6Rb4Dbq3dgDIkmTqUecEknuX73Oddr/phgqMOrVWUB" + "74CRuXYGhpBb7YL1jIhgVi6Rb4Dbq3dgDIkmTqUecEknuX73Oddr/phgqMOrVWUB" +
"1XrHJbPUuC+nuPbShhJ0vPRw13TX3deqjzTsj8XEcA=="; "1XrHJbPUuC+nuPbShhJ0vPRw13TX3deqjzTsj8XEcA==";
byte[] privacyCaBytes = Convert.FromBase64String(privacyCa); IBuffer byte[] privacyCaBytes = Convert.FromBase64String(privacyCa);
buffer = privacyCaBytes.AsBuffer(); IBuffer buffer = privacyCaBytes.AsBuffer();
request.AttestationCredentialCertificate = new Certificate(buffer); ; request.AttestationCredentialCertificate = new Certificate(buffer); ;
csrToDiscard = await
CertificateEnrollmentManager.UserCertificateEnrollmentManager.\ csrToDiscard = await
CreateRequestAsync(request); ``` CertificateEnrollmentManager.UserCertificateEnrollmentManager.\
CreateRequestAsync(request);
Attestation details are described here: https://msdn.microsoft.com/ Attestation details are described here: https://msdn.microsoft.com/
en-us/library/dn366894.aspx. en-us/library/dn366894.aspx.
The structure is essentially a Full PKI Request as described in RFC The structure is essentially a Full PKI Request as described in RFC
5272. 5272.
o ContentInfo * ContentInfo
* SignedData
* SignedData * PKIData
* Empty controlSequence
+ PKIData * One TaggestRequest
* PKCS 10
- Empty controlSequence * Basic request details along with encrypted attestation extension
* Empty cmsSequence
- One TaggestRequest * Empty otherMsgSequence
* Certificates bag with two certs (one of which is revoked)
o PKCS 10
* Basic request details along with encrypted
attestation extension
- Empty cmsSequence
- Empty otherMsgSequence
+ Certificates bag with two certs (one of which is revoked)
7.2.1. Attestation statement 7.2.1. Attestation statement
This section provides an annotation attestation statement as This section provides an annotation attestation statement as
extracted from an encrypted attestation extension. The structure of extracted from an encrypted attestation extension. The structure of
the attestation statement is defined here: the attestation statement is defined here:
https://msdn.microsoft.com/en-us/library/dn408990.aspx. https://msdn.microsoft.com/en-us/library/dn408990.aspx.
``` 600 1256: SEQUENCE { 604 9: OBJECT IDENTIFIER '1 3 6 1 4 1 311 21 600 1256: SEQUENCE {
24' 615 1241: SET { 619 1237: OCTET STRING : 4B 41 53 54 01 00 00 00 604 9: OBJECT IDENTIFIER '1 3 6 1 4 1 311 21 24'
02 00 00 00 1C 00 00 00 : 00 00 00 00 B9 04 00 00 00 00 00 00 4B 41 615 1241: SET {
44 53 : 02 00 00 00 18 00 00 00 A1 00 00 00 00 01 00 00 : 00 03 00 00 619 1237: OCTET STRING
FF 54 43 47 80 17 00 22 00 0B 9A FD : AB 8A 0B E9 0B BB 3F 7F E6 B6 : 4B 41 53 54 01 00 00 00 02 00 00 00 1C 00 00 00
77 91 EF A9 15 8A : 03 B2 2B 8C BE 3F EC 56 B6 30 BF 82 73 9C 00 14 : : 00 00 00 00 B9 04 00 00 00 00 00 00 4B 41 44 53
13 6E 2F 14 DD AF 30 72 A6 E3 89 4D BF 7A 54 26 : 36 2F 10 D6 00 00 : 02 00 00 00 18 00 00 00 A1 00 00 00 00 01 00 00
00 00 51 4F CB E5 AD 8C 8C 60 : E6 C2 70 80 00 D4 2C 65 4C 6B 95 ED : 00 03 00 00 FF 54 43 47 80 17 00 22 00 0B 9A FD
95 00 22 00 : 0B 2B E6 2C AD 8D E8 9A 85 04 D7 F3 7B B7 4C F8 : 32 CD : AB 8A 0B E9 0B BB 3F 7F E6 B6 77 91 EF A9 15 8A
B4 F1 80 CA A6 35 B9 2C 39 87 B7 96 03 C3 : A3 00 22 00 0B 6C 88 60 : 03 B2 2B 8C BE 3F EC 56 B6 30 BF 82 73 9C 00 14
B2 80 E3 BE 7D 34 F2 85 : DC 26 9D 1B 72 A8 0A 17 CF 31 08 F1 55 F2 : 13 6E 2F 14 DD AF 30 72 A6 E3 89 4D BF 7A 54 26
9B 4E : 82 C8 5B 49 7B 1A F1 4B 12 A1 C5 D1 A4 C5 A4 59 : C4 0A 97 E0 : 36 2F 10 D6 00 00 00 00 51 4F CB E5 AD 8C 8C 60
88 ED 1C D3 B6 38 4A 5D 6C 27 F5 69 : 7D 17 AD F6 C0 03 27 09 5D 93 : E6 C2 70 80 00 D4 2C 65 4C 6B 95 ED 95 00 22 00
B5 13 EA 50 B5 05 : 27 7B A0 51 4D 1B 17 52 87 7D B8 A6 05 4A 4F 39 : : 0B 2B E6 2C AD 8D E8 9A 85 04 D7 F3 7B B7 4C F8
CA 36 5C A1 19 19 0B 73 B4 0E 7F D3 91 DA 91 EE : 37 C6 CE 78 AF 15 : 32 CD B4 F1 80 CA A6 35 B9 2C 39 87 B7 96 03 C3
21 5D EB 5E 5F 23 A7 08 E9 85 : D4 6B A0 95 6D D7 E0 3A D1 92 72 B7 : A3 00 22 00 0B 6C 88 60 B2 80 E3 BE 7D 34 F2 85
D4 E5 35 6A : 01 B0 7D 35 D0 99 BA A1 77 35 76 75 E3 90 A8 8B : 86 27 : DC 26 9D 1B 72 A8 0A 17 CF 31 08 F1 55 F2 9B 4E
B8 3D 47 75 2D 98 D0 23 4E 09 D8 26 6B 32 : 3C AB AC 50 A2 E8 FF 70 : 82 C8 5B 49 7B 1A F1 4B 12 A1 C5 D1 A4 C5 A4 59
21 85 C5 5E B1 F5 9C B9 : 6E 21 27 C7 2A CD 84 61 02 47 6A A0 E1 9A : C4 0A 97 E0 88 ED 1C D3 B6 38 4A 5D 6C 27 F5 69
9F AF : 02 43 08 D8 BF 9F 69 14 C4 8C 80 32 2D 5C A3 60 : 48 F5 5E 8E : 7D 17 AD F6 C0 03 27 09 5D 93 B5 13 EA 50 B5 05
65 6B 5E B5 0E A4 ED B9 8B F9 C3 D9 : A8 CE C0 64 71 F6 E3 81 F7 9D : 27 7B A0 51 4D 1B 17 52 87 7D B8 A6 05 4A 4F 39
79 E5 73 7B F3 A4 : 6E 65 8D 72 B4 0A 3E 5E 70 5F AB 2B 89 B9 5E 65 : : CA 36 5C A1 19 19 0B 73 B4 0E 7F D3 91 DA 91 EE
44 BF 44 7B FB 2E 29 39 64 36 85 63 46 62 AF 25 : A5 8B 19 30 AF 50 : 37 C6 CE 78 AF 15 21 5D EB 5E 5F 23 A7 08 E9 85
43 50 4D 38 00 00 00 02 00 00 : 00 03 00 00 00 38 01 00 00 E0 00 00 : D4 6B A0 95 6D D7 E0 3A D1 92 72 B7 D4 E5 35 6A
00 00 00 00 : 00 00 00 00 00 B0 00 00 00 00 00 00 00 00 00 00 : 00 00 : 01 B0 7D 35 D0 99 BA A1 77 35 76 75 E3 90 A8 8B
00 00 00 00 00 00 00 00 00 00 00 01 36 00 : 01 00 0B 00 06 00 72 00 : 86 27 B8 3D 47 75 2D 98 D0 23 4E 09 D8 26 6B 32
20 9D FF CB F3 6C 38 3A : E6 99 FB 98 68 DC 6D CB 89 D7 15 38 84 BE : 3C AB AC 50 A2 E8 FF 70 21 85 C5 5E B1 F5 9C B9
28 03 : 92 2C 12 41 58 BF AD 22 AE 00 10 00 10 08 00 00 : 00 00 00 01 : 6E 21 27 C7 2A CD 84 61 02 47 6A A0 E1 9A 9F AF
00 9B B1 27 B7 E3 5D 0C 10 74 52 1B : 60 59 96 5E B6 08 D4 76 26 17 : 02 43 08 D8 BF 9F 69 14 C4 8C 80 32 2D 5C A3 60
B5 92 49 39 34 CD : A4 2D 4D C9 3E 50 05 2E D8 9E 22 37 E2 05 D2 7F : : 48 F5 5E 8E 65 6B 5E B5 0E A4 ED B9 8B F9 C3 D9
3B 3E 4D 9F E0 E0 31 52 74 A0 D5 18 BE F1 9F 79 : 48 D6 24 69 35 3C : A8 CE C0 64 71 F6 E3 81 F7 9D 79 E5 73 7B F3 A4
D4 1F 55 73 75 ED 83 D6 3A E3 : 63 77 A6 5B 92 97 86 13 7C 69 3B DE : 6E 65 8D 72 B4 0A 3E 5E 70 5F AB 2B 89 B9 5E 65
AA E5 0E 9A : 39 CF 53 DF 4C 7A E0 3C A3 EC 29 DA 18 5F 86 E6 : 22 D9 : 44 BF 44 7B FB 2E 29 39 64 36 85 63 46 62 AF 25
2C A3 8E D8 E2 3E 80 9C 69 52 FA 1E 90 3F : BA 09 04 D0 91 6A 27 2B : A5 8B 19 30 AF 50 43 50 4D 38 00 00 00 02 00 00
44 8C FF E8 DE FF BD B9 : CE DD 95 67 70 FD 94 E5 3A E6 E4 EA 01 A5 : 00 03 00 00 00 38 01 00 00 E0 00 00 00 00 00 00
AC 4A : 79 5C 88 4D 07 43 C7 C0 B8 95 3E 7C 72 90 CD 35 : 99 B3 32 8A : 00 00 00 00 00 B0 00 00 00 00 00 00 00 00 00 00
C7 8C 90 63 E3 46 88 62 35 A4 5B 54 : F1 E8 61 0E CF 85 B4 41 6F 06 : 00 00 00 00 00 00 00 00 00 00 00 00 00 01 36 00
94 B6 BA 6F 4B CE : F7 8A 18 6C 5E 9A 6B 65 C3 F5 58 ED 7D 6A 3A E6 : : 01 00 0B 00 06 00 72 00 20 9D FF CB F3 6C 38 3A
24 B6 21 6F 8C EE 1C 21 60 9E 2F 86 22 D2 2B 8F : E0 3B 12 AC 6B F5 : E6 99 FB 98 68 DC 6D CB 89 D7 15 38 84 BE 28 03
FF 54 C6 E8 D4 3C 2E D3 B6 8E : 7A 30 36 29 3D 00 DE 00 20 13 F5 31 : 92 2C 12 41 58 BF AD 22 AE 00 10 00 10 08 00 00
2B 87 50 19 : D3 95 1F F2 B6 00 95 5B 0A E2 54 7A A0 CF 6A 2C : F5 4F : 00 00 00 01 00 9B B1 27 B7 E3 5D 0C 10 74 52 1B
AD 77 C6 D5 4F 52 CB 00 10 3B 41 34 BF D4 : FC 8B BE 87 14 47 81 4E : 60 59 96 5E B6 08 D4 76 26 17 B5 92 49 39 34 CD
5C 5C 23 73 44 AF D6 56 : 6F A6 6E BE E7 63 9C 43 53 C4 3C 26 33 B6 : A4 2D 4D C9 3E 50 05 2E D8 9E 22 37 E2 05 D2 7F
AD 75 : 36 AC 91 98 C1 FF E3 B2 AF E6 3F 14 C0 2E 65 D7 : C1 AD F6 22 : 3B 3E 4D 9F E0 E0 31 52 74 A0 D5 18 BE F1 9F 79
D9 59 96 B6 70 8C 30 2F DE 76 1B EB : 9D 56 C1 77 F8 1D 38 5C 7D 13 : 48 D6 24 69 35 3C D4 1F 55 73 75 ED 83 D6 3A E3
9C FD 1E 3E 00 1B : 5A 74 C4 8E 49 2B 0B B5 C5 0E E3 A7 2C 92 E2 96 : : 63 77 A6 5B 92 97 86 13 7C 69 3B DE AA E5 0E 9A
1E 9D C8 43 02 2F 8F F8 6E 66 4A FA D8 56 57 59 : 48 A4 D5 B7 7F 49 : 39 CF 53 DF 4C 7A E0 3C A3 EC 29 DA 18 5F 86 E6
52 CA FA 11 E4 AF 27 E7 64 21 : 76 79 9B 8A A3 1A A6 FA A1 03 3E CC : 22 D9 2C A3 8E D8 E2 3E 80 9C 69 52 FA 1E 90 3F
CD 41 26 3C : 0D 3C DC 81 21 21 DE 92 4D 2A EF 66 DE D6 77 FE : 41 0C : BA 09 04 D0 91 6A 27 2B 44 8C FF E8 DE FF BD B9
5D 44 1A D0 C4 D7 8B EA 6D DE 01 EE 97 DB : 61 0F FD 62 59 00 00 00 : CE DD 95 67 70 FD 94 E5 3A E6 E4 EA 01 A5 AC 4A
06 00 20 8F CD 21 69 AB : 92 69 4E 0C 63 3F 1A B7 72 84 2B 82 41 BB : 79 5C 88 4D 07 43 C7 C0 B8 95 3E 7C 72 90 CD 35
C2 02 : 88 98 1F C7 AC 1E DD C1 FD DB 0E 00 20 E5 29 F5 : D6 11 28 72 : 99 B3 32 8A C7 8C 90 63 E3 46 88 62 35 A4 5B 54
95 4E 8E D6 60 51 17 B7 57 E2 37 C6 : E1 95 13 A9 49 FE E1 F2 04 C4 : F1 E8 61 0E CF 85 B4 41 6F 06 94 B6 BA 6F 4B CE
58 02 3A 00 20 AF : 2C A5 69 69 9C 43 6A 21 00 6F 1C B8 A2 75 6C 98 : : F7 8A 18 6C 5E 9A 6B 65 C3 F5 58 ED 7D 6A 3A E6
BC 1C 76 5A 35 59 C5 FE 1C 3F 5E 72 28 A7 E7 00 : 20 C4 13 A8 47 B1 : 24 B6 21 6F 8C EE 1C 21 60 9E 2F 86 22 D2 2B 8F
11 12 B1 CB DD D4 EC A4 DA AA : 15 A1 85 2C 1C 3B BA 57 46 1D 25 76 : E0 3B 12 AC 6B F5 FF 54 C6 E8 D4 3C 2E D3 B6 8E
05 F3 D5 AF : 53 00 00 00 20 04 8E 9A 3A CE 08 58 3F 79 F3 44 : FF 78 : 7A 30 36 29 3D 00 DE 00 20 13 F5 31 2B 87 50 19
5B BE A9 F0 7A C7 FA 33 25 B3 D4 9A 21 DD : 51 94 C6 58 50 : } : D3 95 1F F2 B6 00 95 5B 0A E2 54 7A A0 CF 6A 2C
``` The format is structured as follows: : F5 4F AD 77 C6 D5 4F 52 CB 00 10 3B 41 34 BF D4
: FC 8B BE 87 14 47 81 4E 5C 5C 23 73 44 AF D6 56
: 6F A6 6E BE E7 63 9C 43 53 C4 3C 26 33 B6 AD 75
: 36 AC 91 98 C1 FF E3 B2 AF E6 3F 14 C0 2E 65 D7
: C1 AD F6 22 D9 59 96 B6 70 8C 30 2F DE 76 1B EB
: 9D 56 C1 77 F8 1D 38 5C 7D 13 9C FD 1E 3E 00 1B
: 5A 74 C4 8E 49 2B 0B B5 C5 0E E3 A7 2C 92 E2 96
: 1E 9D C8 43 02 2F 8F F8 6E 66 4A FA D8 56 57 59
: 48 A4 D5 B7 7F 49 52 CA FA 11 E4 AF 27 E7 64 21
: 76 79 9B 8A A3 1A A6 FA A1 03 3E CC CD 41 26 3C
: 0D 3C DC 81 21 21 DE 92 4D 2A EF 66 DE D6 77 FE
: 41 0C 5D 44 1A D0 C4 D7 8B EA 6D DE 01 EE 97 DB
: 61 0F FD 62 59 00 00 00 06 00 20 8F CD 21 69 AB
: 92 69 4E 0C 63 3F 1A B7 72 84 2B 82 41 BB C2 02
: 88 98 1F C7 AC 1E DD C1 FD DB 0E 00 20 E5 29 F5
: D6 11 28 72 95 4E 8E D6 60 51 17 B7 57 E2 37 C6
: E1 95 13 A9 49 FE E1 F2 04 C4 58 02 3A 00 20 AF
: 2C A5 69 69 9C 43 6A 21 00 6F 1C B8 A2 75 6C 98
: BC 1C 76 5A 35 59 C5 FE 1C 3F 5E 72 28 A7 E7 00
: 20 C4 13 A8 47 B1 11 12 B1 CB DD D4 EC A4 DA AA
: 15 A1 85 2C 1C 3B BA 57 46 1D 25 76 05 F3 D5 AF
: 53 00 00 00 20 04 8E 9A 3A CE 08 58 3F 79 F3 44
: FF 78 5B BE A9 F0 7A C7 FA 33 25 B3 D4 9A 21 DD
: 51 94 C6 58 50
: }
``` typedef struct { UINT32 Magic; UINT32 Version; UINT32 Platform; The format is structured as follows:
UINT32 HeaderSize; UINT32 cbIdBinding; UINT32 cbKeyAttestation;
UINT32 cbAIKOpaque; BYTE idBinding[cbIdBinding]; BYTE
keyAttestation[cbKeyAttestation]; BYTE aikOpaque[cbAIKOpaque]; }
KeyAttestationStatement;
4B 41 53 54 - Magic 01 00 00 00 - Version 02 00 00 00 - Platform 1C typedef struct {
00 00 00 - HeaderSize 00 00 00 00 - cbIdBinding B9 04 00 00 - UINT32 Magic;
cbKeyAttestation 00 00 00 00 - cbAIKOpaque ``` UINT32 Version;
UINT32 Platform;
UINT32 HeaderSize;
UINT32 cbIdBinding;
UINT32 cbKeyAttestation;
UINT32 cbAIKOpaque;
BYTE idBinding[cbIdBinding];
BYTE keyAttestation[cbKeyAttestation];
BYTE aikOpaque[cbAIKOpaque];
} KeyAttestationStatement;
4B 41 53 54 - Magic
01 00 00 00 - Version
02 00 00 00 - Platform
1C 00 00 00 - HeaderSize
00 00 00 00 - cbIdBinding
B9 04 00 00 - cbKeyAttestation
00 00 00 00 -- cbAIKOpaque
The remainder is the keyAttestation, which is structured as follows: The remainder is the keyAttestation, which is structured as follows:
``` typedef struct { UINT32 Magic; UINT32 Platform; UINT32 typedef struct {
HeaderSize; UINT32 cbKeyAttest; UINT32 cbSignature; UINT32 cbKeyBlob; UINT32 Magic;
BYTE keyAttest[cbKeyAttest]; BYTE signature[cbSignature]; BYTE UINT32 Platform;
keyBlob[cbKeyBlob]; } keyAttestation; UINT32 HeaderSize;
UINT32 cbKeyAttest;
UINT32 cbSignature;
UINT32 cbKeyBlob;
BYTE keyAttest[cbKeyAttest];
BYTE signature[cbSignature];
BYTE keyBlob[cbKeyBlob];
} keyAttestation;
4B 41 44 53 - Magic 02 00 00 00 - Platform 18 00 00 00 - HeaderSize 4B 41 44 53 - Magic
A1 00 00 00 - cbKeyAttest (161) 00 01 00 00 - cbSignature (256) 00 03 02 00 00 00 - Platform
00 00 - cbKeyBlob ``` 18 00 00 00 - HeaderSize
A1 00 00 00 -- cbKeyAttest (161)
00 01 00 00 -- cbSignature (256)
00 03 00 00 - cbKeyBlob
keyAttest (161 bytes) "FF 54 43 47 80 17 00 22 00 0B 9A FD AB 8A 0B keyAttest (161 bytes) ~~~~~~~~~~~ FF 54 43 47 80 17 00 22 00 0B 9A FD
E9 0B BB 3F 7F E6 B6 77 91 EF A9 15 8A 03 B2 2B 8C BE 3F EC 56 B6 30 AB 8A 0B E9 0B BB 3F 7F E6 B6 77 91 EF A9 15 8A 03 B2 2B 8C BE 3F EC
BF 82 73 9C 00 14 13 6E 2F 14 DD AF 30 72 A6 E3 89 4D BF 7A 54 26 36 56 B6 30 BF 82 73 9C 00 14 13 6E 2F 14 DD AF 30 72 A6 E3 89 4D BF 7A
2F 10 D6 00 00 00 00 51 4F CB E5 AD 8C 8C 60 E6 C2 70 80 00 D4 2C 65 54 26 36 2F 10 D6 00 00 00 00 51 4F CB E5 AD 8C 8C 60 E6 C2 70 80 00
4C 6B 95 ED 95 00 22 00 0B 2B E6 2C AD 8D E8 9A 85 04 D7 F3 7B B7 4C D4 2C 65 4C 6B 95 ED 95 00 22 00 0B 2B E6 2C AD 8D E8 9A 85 04 D7 F3
F8 32 CD B4 F1 80 CA A6 35 B9 2C 39 87 B7 96 03 C3 A3 00 22 00 0B 6C 7B B7 4C F8 32 CD B4 F1 80 CA A6 35 B9 2C 39 87 B7 96 03 C3 A3 00 22
88 60 B2 80 E3 BE 7D 34 F2 85 DC 26 9D 1B 72 A8 0A 17 CF 31 08 F1 55 00 0B 6C 88 60 B2 80 E3 BE 7D 34 F2 85 DC 26 9D 1B 72 A8 0A 17 CF 31
F2 9B 4E 82 C8 5B 49 7B " 08 F1 55 F2 9B 4E 82 C8 5B 49 7B ~~~~~~~~~~~
The keyAttest field is of type TPMS_ATTEST. The TPMS_ATTEST The keyAttest field is of type TPMS_ATTEST. The TPMS_ATTEST
structure is defined in section 10.11.8 of structure is defined in section 10.11.8 of
https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0- https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-
Part-2-Structures-00.99.pdf. ``` FF 54 43 47 - magic 80 17 - type Part-2-Structures-00.99.pdf. ~~~~~~~~~~~ FF 54 43 47 - magic 80 17 -
(TPM_ST_ATTEST_CERTIFY) 00 22 - name - TPM2B_NAME.size (34 bytes) 00 type (TPM_ST_ATTEST_CERTIFY) 00 22 - name - TPM2B_NAME.size (34
0B 9A FD AB 8A 0B E9 0B BB - TPM2B_NAME.name 3F 7F E6 B6 77 91 EF A9 bytes) 00 0B 9A FD AB 8A 0B E9 0B BB - TPM2B_NAME.name 3F 7F E6 B6 77
15 8A 03 B2 2B 8C BE 3F EC 56 B6 30 BF 82 73 9C 91 EF A9 15 8A 03 B2 2B 8C BE 3F EC 56 B6 30 BF 82 73 9C
00 14 - extraData - TPM2B_DATA.size (20 bytes) 13 6E 2F 14 DD AF 30 00 14 - extraData - TPM2B_DATA.size (20 bytes) 13 6E 2F 14 DD AF 30
72 A6 E3 - TPM2B_DATA.buffer 89 4D BF 7A 54 26 36 2F 10 D6 72 A6 E3 - TPM2B_DATA.buffer 89 4D BF 7A 54 26 36 2F 10 D6
00 00 00 00 51 4F CB E5 - clockInfo - TPMS_CLOCK_INFO.clock AD 8C 8C 00 00 00 00 51 4F CB E5 - clockInfo - TPMS_CLOCK_INFO.clock AD 8C 8C
60 - TPMS_CLOCK_INFO.resetCount E6 C2 70 80 - 60 - TPMS_CLOCK_INFO.resetCount E6 C2 70 80 -
TPMS_CLOCK_INFO.restartCount 00 - - TPMS_CLOCK_INFO.safe TPMS_CLOCK_INFO.restartCount 00 - - TPMS_CLOCK_INFO.safe
D4 2C 65 4C 6B 95 ED 95 - firmwareVersion D4 2C 65 4C 6B 95 ED 95 - firmwareVersion
00 22 - attested - TPMS_CERTIFY_INFO.name.size 00 0B 2B E6 2C AD 8D 00 22 - attested - TPMS_CERTIFY_INFO.name.size 00 0B 2B E6 2C AD 8D
E8 9A 85 - TPM2B_NAME.name 04 D7 F3 7B B7 4C F8 32 CD B4 F1 80 CA A6 E8 9A 85 - TPM2B_NAME.name 04 D7 F3 7B B7 4C F8 32 CD B4 F1 80 CA A6
35 B9 2C 39 87 B7 96 03 C3 A3 35 B9 2C 39 87 B7 96 03 C3 A3
00 22 - TPMS_CERTIFY_INFO.qualifiedName.size 00 0B 6C 88 60 B2 80 E3 00 22 - TPMS_CERTIFY_INFO.qualifiedName.size 00 0B 6C 88 60 B2 80 E3
BE 7D - TPM2B_NAME.name 34 F2 85 DC 26 9D 1B 72 A8 0A 17 CF 31 08 F1 BE 7D - TPM2B_NAME.name 34 F2 85 DC 26 9D 1B 72 A8 0A 17 CF 31 08 F1
55 F2 9B 4E 82 C8 5B 49 7B ``` 55 F2 9B 4E 82 C8 5B 49 7B ~~~~~~~~~~~
Signature (256 bytes) - generated using the AIK private key "1A F1 4B Signature (256 bytes) - generated using the AIK private key
12 A1 C5 D1 A4 C5 A4 59 C4 0A 97 E0 88 ED 1C D3 B6 38 4A 5D 6C 27 F5 ~~~~~~~~~~~ 1A F1 4B 12 A1 C5 D1 A4 C5 A4 59 C4 0A 97 E0 88 ED 1C D3
69 7D 17 AD F6 C0 03 27 09 5D 93 B5 13 EA 50 B5 05 27 7B A0 51 4D 1B B6 38 4A 5D 6C 27 F5 69 7D 17 AD F6 C0 03 27 09 5D 93 B5 13 EA 50 B5
17 52 87 7D B8 A6 05 4A 4F 39 CA 36 5C A1 19 19 0B 73 B4 0E 7F D3 91 05 27 7B A0 51 4D 1B 17 52 87 7D B8 A6 05 4A 4F 39 CA 36 5C A1 19 19
DA 91 EE 37 C6 CE 78 AF 15 21 5D EB 5E 5F 23 A7 08 E9 85 D4 6B A0 95 0B 73 B4 0E 7F D3 91 DA 91 EE 37 C6 CE 78 AF 15 21 5D EB 5E 5F 23 A7
6D D7 E0 3A D1 92 72 B7 D4 E5 35 6A 01 B0 7D 35 D0 99 BA A1 77 35 76 08 E9 85 D4 6B A0 95 6D D7 E0 3A D1 92 72 B7 D4 E5 35 6A 01 B0 7D 35
75 E3 90 A8 8B 86 27 B8 3D 47 75 2D 98 D0 23 4E 09 D8 26 6B 32 3C AB D0 99 BA A1 77 35 76 75 E3 90 A8 8B 86 27 B8 3D 47 75 2D 98 D0 23 4E
AC 50 A2 E8 FF 70 21 85 C5 5E B1 F5 9C B9 6E 21 27 C7 2A CD 84 61 02 09 D8 26 6B 32 3C AB AC 50 A2 E8 FF 70 21 85 C5 5E B1 F5 9C B9 6E 21
47 6A A0 E1 9A 9F AF 02 43 08 D8 BF 9F 69 14 C4 8C 80 32 2D 5C A3 60 27 C7 2A CD 84 61 02 47 6A A0 E1 9A 9F AF 02 43 08 D8 BF 9F 69 14 C4
48 F5 5E 8E 65 6B 5E B5 0E A4 ED B9 8B F9 C3 D9 A8 CE C0 64 71 F6 E3 8C 80 32 2D 5C A3 60 48 F5 5E 8E 65 6B 5E B5 0E A4 ED B9 8B F9 C3 D9
81 F7 9D 79 E5 73 7B F3 A4 6E 65 8D 72 B4 0A 3E 5E 70 5F AB 2B 89 B9 A8 CE C0 64 71 F6 E3 81 F7 9D 79 E5 73 7B F3 A4 6E 65 8D 72 B4 0A 3E
5E 65 44 BF 44 7B FB 2E 29 39 64 36 85 63 46 62 AF 25 A5 8B 19 30 AF 5E 70 5F AB 2B 89 B9 5E 65 44 BF 44 7B FB 2E 29 39 64 36 85 63 46 62
" AF 25 A5 8B 19 30 AF ~~~~~~~~~~~
The remainder is the keyBlob, which is defined here: The remainder is the keyBlob, which is defined here:
https://github.com/Microsoft/TSS.MSR/blob/master/PCPTool.v11/inc/ https://github.com/Microsoft/TSS.MSR/blob/master/PCPTool.v11/inc/
TpmAtt.h. TpmAtt.h.
7.3. Yubikey 7.3. Yubikey
As with the Android Keystore attestations, Yubikey attestations take As with the Android Keystore attestations, Yubikey attestations take
the form of an X.509 certificate. As above, the certificate is the form of an X.509 certificate. As above, the certificate is
presented here packaged along with an intermediate CA certificate as presented here packaged along with an intermediate CA certificate as
a certificates-only SignedData message. a certificates-only SignedData message.
The attestations below were generated using code similar to that The attestations below were generated using code similar to that
found in the yubico-piv-tool (https://github.com/Yubico/yubico-piv- found in the yubico-piv-tool (https://github.com/Yubico/yubico-piv-
tool). Details regarding attestations are here: tool). Details regarding attestations are here:
https://developers.yubico.com/PIV/Introduction/PIV_attestation.html https://developers.yubico.com/PIV/Introduction/PIV_attestation.html
7.3.1. Yubikey 4 7.3.1. Yubikey 4
"0 1576: SEQUENCE { 4 9: OBJECT IDENTIFIER signedData (1 2 840 113549 0 1576: SEQUENCE {
1 7 2) 15 1561: [0] { 19 1557: SEQUENCE { 23 1: INTEGER 1 26 0: SET 4 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
{} 28 11: SEQUENCE { 30 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 15 1561: [0] {
1) : } 41 1533: [0] { 45 742: SEQUENCE { 49 462: SEQUENCE { 53 3: [0] 19 1557: SEQUENCE {
{ 55 1: INTEGER 2 : } 58 9: INTEGER 00 A4 85 22 AA 34 AF AE 4F 69 13: 23 1: INTEGER 1
SEQUENCE { 71 9: OBJECT IDENTIFIER : sha256WithRSAEncryption (1 2 840 26 0: SET {}
113549 1 1 11) 82 0: NULL : } 84 43: SEQUENCE { 86 41: SET { 88 39: 28 11: SEQUENCE {
SEQUENCE { 90 3: OBJECT IDENTIFIER commonName (2 5 4 3) 95 32: 30 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: }
41 1533: [0] {
45 742: SEQUENCE {
49 462: SEQUENCE {
53 3: [0] {
55 1: INTEGER 2
: }
58 9: INTEGER 00 A4 85 22 AA 34 AF AE 4F
69 13: SEQUENCE {
71 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
82 0: NULL
: }
84 43: SEQUENCE {
86 41: SET {
88 39: SEQUENCE {
90 3: OBJECT IDENTIFIER commonName (2 5 4 3)
95 32: UTF8String 'Yubico PIV Root CA Serial 263751'
: }
: }
: }
129 32: SEQUENCE {
131 13: UTCTime 14/03/2016 00:00:00 GMT
146 15: GeneralizedTime 17/04/2052 00:00:00 GMT
: }
163 33: SEQUENCE {
165 31: SET {
167 29: SEQUENCE {
169 3: OBJECT IDENTIFIER commonName (2 5 4 3)
174 22: UTF8String 'Yubico PIV Attestation'
: }
: }
: }
198 290: SEQUENCE {
202 13: SEQUENCE {
204 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
215 0: NULL
: }
217 271: BIT STRING
: 30 82 01 0A 02 82 01 01 00 AB A9 0B 16 9B EF 31
: CC 3E AC 18 5A 2D 45 80 75 70 C7 58 B0 6C 3F 1B
: 59 0D 49 B9 89 E8 6F CE BB 27 6F D8 3C 60 3A 85
: 00 EF 5C BC 40 99 3D 41 EE EA C0 81 7F 76 48 E4
: A9 4C BC D5 6B E1 1F 0A 60 93 C6 FE AA D2 8D 8E
: E2 B7 CD 8B 2B F7 9B DD 5A AB 2F CF B9 0E 54 CE
: EC 8D F5 5E D7 7B 91 C3 A7 56 9C DC C1 06 86 76
: 36 44 53 FB 08 25 D8 06 B9 06 8C 81 FD 63 67 CA
: [ Another 142 bytes skipped ]
: }
492 21: [3] {
494 19: SEQUENCE {
496 17: SEQUENCE {
498 10: OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 3'
510 3: OCTET STRING 04 03 03
: }
: }
: }
: }
515 13: SEQUENCE {
517 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
528 0: NULL
: }
530 257: BIT STRING
: 52 80 5A 6D C3 9E DF 47 A8 F1 B2 A5 9C A3 80 81
: 3B 1D 6A EB 6A 12 62 4B 11 FD 8D 30 F1 7B FC 71
: 10 C9 B2 08 FC D1 4E 35 7F 45 F2 10 A2 52 B9 D4
: B3 02 1A 01 56 07 6B FA 64 A7 08 F0 03 FB 27 A9
: 60 8D 0D D3 AC 5A 10 CF 20 96 4E 82 BC 9D E3 37
: DA C1 4C 50 E1 3D 16 B4 CA F4 1B FF 08 64 C9 74
: 4F 2A 3A 43 E0 DE 42 79 F2 13 AE 77 A1 E2 AE 6B
: DF 72 A5 B6 CE D7 4C 90 13 DF DE DB F2 8B 34 45
: [ Another 128 bytes skipped ]
: }
791 783: SEQUENCE {
795 503: SEQUENCE {
799 3: [0] {
801 1: INTEGER 2
: }
804 17: INTEGER
: 00 FE B9 AF 03 3B 0B A7 79 04 02 F5 67 AE DF 72
: ED
823 13: SEQUENCE {
825 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
836 0: NULL
: }
838 33: SEQUENCE {
840 31: SET {
842 29: SEQUENCE {
844 3: OBJECT IDENTIFIER commonName (2 5 4 3)
849 22: UTF8String 'Yubico PIV Attestation'
: }
: }
: }
873 32: SEQUENCE {
875 13: UTCTime 14/03/2016 00:00:00 GMT
890 15: GeneralizedTime 17/04/2052 00:00:00 GMT
: }
UTF8String 'Yubico PIV Root CA Serial 263751' : } : } : } 129 32: 907 37: SEQUENCE {
SEQUENCE { 131 13: UTCTime 14/03/2016 00:00:00 GMT 146 15: 909 35: SET {
GeneralizedTime 17/04/2052 00:00:00 GMT : } 163 33: SEQUENCE { 165 911 33: SEQUENCE {
31: SET { 167 29: SEQUENCE { 169 3: OBJECT IDENTIFIER commonName (2 5 913 3: OBJECT IDENTIFIER commonName (2 5 4 3)
4 3) 174 22: UTF8String 'Yubico PIV Attestation' : } : } : } 198 290: 918 26: UTF8String 'YubiKey PIV Attestation 9e'
SEQUENCE { 202 13: SEQUENCE { 204 9: OBJECT IDENTIFIER : : }
rsaEncryption (1 2 840 113549 1 1 1) 215 0: NULL : } 217 271: BIT : }
STRING : 30 82 01 0A 02 82 01 01 00 AB A9 0B 16 9B EF 31 : CC 3E AC : }
18 5A 2D 45 80 75 70 C7 58 B0 6C 3F 1B : 59 0D 49 B9 89 E8 6F CE BB 946 290: SEQUENCE {
27 6F D8 3C 60 3A 85 : 00 EF 5C BC 40 99 3D 41 EE EA C0 81 7F 76 48 950 13: SEQUENCE {
E4 : A9 4C BC D5 6B E1 1F 0A 60 93 C6 FE AA D2 8D 8E : E2 B7 CD 8B 2B 952 9: OBJECT IDENTIFIER
F7 9B DD 5A AB 2F CF B9 0E 54 CE : EC 8D F5 5E D7 7B 91 C3 A7 56 9C : rsaEncryption (1 2 840 113549 1 1 1)
DC C1 06 86 76 : 36 44 53 FB 08 25 D8 06 B9 06 8C 81 FD 63 67 CA : [ 963 0: NULL
Another 142 bytes skipped ] : } 492 21: [3] { 494 19: SEQUENCE { 496 : }
17: SEQUENCE { 498 10: OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 3' 510 965 271: BIT STRING
3: OCTET STRING 04 03 03 : } : } : } : } 515 13: SEQUENCE { 517 9: : 30 82 01 0A 02 82 01 01 00 93 C4 C0 35 95 7E 26
OBJECT IDENTIFIER : sha256WithRSAEncryption (1 2 840 113549 1 1 11) : 2A 7E A5 D0 29 C4 D7 E9 39 67 22 B1 09 45 46 4D
528 0: NULL : } 530 257: BIT STRING : 52 80 5A 6D C3 9E DF 47 A8 F1 : DB A4 77 CB 0B A3 F1 D0 69 3C 24 8D A2 72 72 27
B2 A5 9C A3 80 81 : 3B 1D 6A EB 6A 12 62 4B 11 FD 8D 30 F1 7B FC 71 : : E1 7F DE CB 67 A4 1D D2 E5 43 44 6F 21 39 F8 57
10 C9 B2 08 FC D1 4E 35 7F 45 F2 10 A2 52 B9 D4 : B3 02 1A 01 56 07 : 34 01 0E 7E C3 81 63 63 6A 6D D7 40 20 7B AF 35
6B FA 64 A7 08 F0 03 FB 27 A9 : 60 8D 0D D3 AC 5A 10 CF 20 96 4E 82 : 61 9C 8D C1 D1 2B 25 48 EE 52 FC F3 72 6A 74 96
BC 9D E3 37 : DA C1 4C 50 E1 3D 16 B4 CA F4 1B FF 08 64 C9 74 : 4F 2A : 01 CB 1C 1A B2 AD F9 18 96 EB 59 EF E3 3A CA BC
3A 43 E0 DE 42 79 F2 13 AE 77 A1 E2 AE 6B : DF 72 A5 B6 CE D7 4C 90 : AA 9B 42 FE FF 60 6E 28 89 49 0D C1 B1 B0 25 AE
13 DF DE DB F2 8B 34 45 : [ Another 128 bytes skipped ] : } 791 783: : [ Another 142 bytes skipped ]
SEQUENCE { 795 503: SEQUENCE { 799 3: [0] { 801 1: INTEGER 2 : } 804 : }
17: INTEGER : 00 FE B9 AF 03 3B 0B A7 79 04 02 F5 67 AE DF 72 : ED 1240 60: [3] {
823 13: SEQUENCE { 825 9: OBJECT IDENTIFIER : sha256WithRSAEncryption 1242 58: SEQUENCE {
(1 2 840 113549 1 1 11) 836 0: NULL : } 838 33: SEQUENCE { 840 31: 1244 17: SEQUENCE {
SET { 842 29: SEQUENCE { 844 3: OBJECT IDENTIFIER commonName (2 5 4 1246 10: OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 3'
3) 849 22: UTF8String 'Yubico PIV Attestation' : } : } : } 873 32: 1258 3: OCTET STRING 04 03 03 -- firmware version
SEQUENCE { 875 13: UTCTime 14/03/2016 00:00:00 GMT 890 15: : }
GeneralizedTime 17/04/2052 00:00:00 GMT : } 907 37: SEQUENCE { 909 1263 19: SEQUENCE {
35: SET { 911 33: SEQUENCE { 913 3: OBJECT IDENTIFIER commonName (2 5 1265 10: OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 7'
4 3) 918 26: UTF8String 'YubiKey PIV Attestation 9e' : } : } : } 946 1277 5: OCTET STRING 02 03 4F 9B B5 -- serial number
290: SEQUENCE { 950 13: SEQUENCE { 952 9: OBJECT IDENTIFIER : : }
rsaEncryption (1 2 840 113549 1 1 1) 963 0: NULL : } 965 271: BIT 1284 16: SEQUENCE {
STRING : 30 82 01 0A 02 82 01 01 00 93 C4 C0 35 95 7E 26 : 2A 7E A5 1286 10: OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 8'
D0 29 C4 D7 E9 39 67 22 B1 09 45 46 4D : DB A4 77 CB 0B A3 F1 D0 69 1298 2: OCTET STRING 01 01 -- PIN and touch policy
3C 24 8D A2 72 72 27 : E1 7F DE CB 67 A4 1D D2 E5 43 44 6F 21 39 F8 : }
57 : 34 01 0E 7E C3 81 63 63 6A 6D D7 40 20 7B AF 35 : 61 9C 8D C1 D1 : }
2B 25 48 EE 52 FC F3 72 6A 74 96 : 01 CB 1C 1A B2 AD F9 18 96 EB 59 : }
EF E3 3A CA BC : AA 9B 42 FE FF 60 6E 28 89 49 0D C1 B1 B0 25 AE : [ : }
Another 142 bytes skipped ] : } 1240 60: [3] { 1242 58: SEQUENCE { 1302 13: SEQUENCE {
1244 17: SEQUENCE { 1246 10: OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 1304 9: OBJECT IDENTIFIER
3' 1258 3: OCTET STRING 04 03 03 -- firmware version : } 1263 19: : sha256WithRSAEncryption (1 2 840 113549 1 1 11)
SEQUENCE { 1265 10: OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 7' 1277 5: 1315 0: NULL
OCTET STRING 02 03 4F 9B B5 -- serial number : } 1284 16: SEQUENCE { : }
1286 10: OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 8' 1298 2: OCTET 1317 257: BIT STRING
STRING 01 01 -- PIN and touch policy : } : } : } : } 1302 13: : 1F 2B B8 1C 95 A1 01 74 3F 87 27 F6 B3 A6 A9 9D
SEQUENCE { 1304 9: OBJECT IDENTIFIER : sha256WithRSAEncryption (1 2 : 11 B9 ED 68 92 B9 05 2D 22 36 51 28 23 3D B0 2F
840 113549 1 1 11) 1315 0: NULL : } 1317 257: BIT STRING : 1F 2B B8 : 7A 17 D5 8C 0C F4 3A 68 FD 2A 34 0D 80 3C F7 8F
1C 95 A1 01 74 3F 87 27 F6 B3 A6 A9 9D : 11 B9 ED 68 92 B9 05 2D 22 : B8 79 B0 76 E5 4D 61 94 C5 72 D6 9F 6E 26 76 5F
36 51 28 23 3D B0 2F : 7A 17 D5 8C 0C F4 3A 68 FD 2A 34 0D 80 3C F7 : 03 94 55 40 93 5C 04 EF CC 58 41 EB 7C 86 64 23
8F : B8 79 B0 76 E5 4D 61 94 C5 72 D6 9F 6E 26 76 5F : 03 94 55 40 93 : 5F 23 5E 94 78 73 2E 77 8C 58 C5 45 87 22 CF BA
5C 04 EF CC 58 41 EB 7C 86 64 23 : 5F 23 5E 94 78 73 2E 77 8C 58 C5 : 69 06 B8 C7 06 37 10 21 8C 74 AD 08 B9 85 F2 7B
45 87 22 CF BA : 69 06 B8 C7 06 37 10 21 8C 74 AD 08 B9 85 F2 7B : 99 : 99 02 4A 3E E8 96 09 D3 F4 C6 AB FA 49 68 E2 E0
02 4A 3E E8 96 09 D3 F4 C6 AB FA 49 68 E2 E0 : [ Another 128 bytes : [ Another 128 bytes skipped ]
skipped ] : } : } 1578 0: SET {} : } : } : } " : }
: }
1578 0: SET {}
: }
: }
: }
7.3.2. Yubikey 5 7.3.2. Yubikey 5
"0 1613: SEQUENCE { 4 9: OBJECT IDENTIFIER signedData (1 2 840 113549 0 1613: SEQUENCE {
1 7 2) 15 1598: [0] { 19 1594: SEQUENCE { 23 1: INTEGER 1 26 0: SET 4 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
{} 28 11: SEQUENCE { 30 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 15 1598: [0] {
1) : } 41 1570: [0] { 45 762: SEQUENCE { 49 482: SEQUENCE { 53 3: [0] 19 1594: SEQUENCE {
{ 55 1: INTEGER 2 : } 58 9: INTEGER 00 86 77 17 E0 1D 19 2B 26 69 13: 23 1: INTEGER 1
SEQUENCE { 71 9: OBJECT IDENTIFIER : sha256WithRSAEncryption (1 2 840 26 0: SET {}
113549 1 1 11) 82 0: NULL : } 84 43: SEQUENCE { 86 41: SET { 88 39: 28 11: SEQUENCE {
SEQUENCE { 90 3: OBJECT IDENTIFIER commonName (2 5 4 3) 95 32: 30 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
UTF8String 'Yubico PIV Root CA Serial 263751' : } : } : } 129 32: : }
SEQUENCE { 131 13: UTCTime 14/03/2016 00:00:00 GMT 146 15: 41 1570: [0] {
GeneralizedTime 17/04/2052 00:00:00 GMT : } 163 33: SEQUENCE { 165 45 762: SEQUENCE {
31: SET { 167 29: SEQUENCE { 169 3: OBJECT IDENTIFIER commonName (2 5 49 482: SEQUENCE {
4 3) 174 22: UTF8String 'Yubico PIV Attestation' : } : } : } 198 290: 53 3: [0] {
SEQUENCE { 202 13: SEQUENCE { 204 9: OBJECT IDENTIFIER : 55 1: INTEGER 2
rsaEncryption (1 2 840 113549 1 1 1) 215 0: NULL : } 217 271: BIT : }
STRING : 30 82 01 0A 02 82 01 01 00 C5 5B 8D E9 B9 3C 53 : 69 82 88 58 9: INTEGER 00 86 77 17 E0 1D 19 2B 26
FE DA 70 FC 5C 88 78 41 25 A2 1D 7B 84 : 8E 93 36 AD 67 2B 4C AB 45 69 13: SEQUENCE {
BE B2 E0 D5 9C 1B A1 : 68 D5 6B F8 63 5C 83 CB 83 38 62 B7 64 AE 83 71 9: OBJECT IDENTIFIER
37 : 37 8E C8 60 80 E6 01 F8 75 AA AE F6 6E A7 D5 76 : C5 C1 25 AD AA : sha256WithRSAEncryption (1 2 840 113549 1 1 11)
9E 9D DC B5 7E E9 8E 2A B4 3F 99 : 0D F7 9F 20 A0 28 A0 9F B3 B1 22 82 0: NULL
5F AF 38 FB 73 : 46 F4 C7 93 30 DD FA D0 86 E0 C9 C6 72 99 AF FB : [ : }
Another 142 bytes skipped ] : } 492 41: [3] { 494 39: SEQUENCE { 496 84 43: SEQUENCE {
17: SEQUENCE { 498 10: OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 3' 510 86 41: SET {
3: OCTET STRING 05 01 02 : } 515 18: SEQUENCE { 517 3: OBJECT 88 39: SEQUENCE {
IDENTIFIER basicConstraints (2 5 29 19) 522 1: BOOLEAN TRUE 525 8: 90 3: OBJECT IDENTIFIER commonName (2 5 4 3)
OCTET STRING 30 06 01 01 FF 02 01 00 : } : } : } : } 535 13: SEQUENCE 95 32: UTF8String 'Yubico PIV Root CA Serial 263751'
{ 537 9: OBJECT IDENTIFIER : sha256WithRSAEncryption (1 2 840 113549 : }
1 1 11) 548 0: NULL : } 550 257: BIT STRING : 05 57 B7 BF 5A 41 74 F9 : }
5F EC 2E D2 B8 78 26 E5 : EF 4F EA BF 5A 64 C9 CF 06 7F CA 8C 0A FC : }
1A 47 : 1C D6 AC ED C8 5B 54 72 00 9F B8 59 AB 73 25 B2 : D6 02 A3 59 129 32: SEQUENCE {
83 31 69 EE C1 5F 3D F2 2B 1B 22 CA : B6 FC F9 FB 21 32 9E 08 F3 08 131 13: UTCTime 14/03/2016 00:00:00 GMT
54 6D C9 26 10 42 : 08 1D 3C B5 F0 5A B1 98 D4 68 DC 91 F1 D3 91 54 : 146 15: GeneralizedTime 17/04/2052 00:00:00 GMT
7A A0 34 8B F6 65 EB 13 9F 3A 1C BF 43 C5 D1 D0 : 33 23 C6 25 A0 4C : }
E4 E9 AA 59 80 D8 02 1E B0 10 : [ Another 128 bytes skipped ] : } 811 163 33: SEQUENCE {
800: SEQUENCE { 815 520: SEQUENCE { 819 3: [0] { 821 1: INTEGER 2 : } 165 31: SET {
824 16: INTEGER : 17 7D 2D F7 D6 6D 97 CC D6 CF 69 33 87 5B F1 5E 842 167 29: SEQUENCE {
13: SEQUENCE { 844 9: OBJECT IDENTIFIER : sha256WithRSAEncryption (1 169 3: OBJECT IDENTIFIER commonName (2 5 4 3)
2 840 113549 1 1 11) 855 0: NULL : } 857 33: SEQUENCE { 859 31: SET { 174 22: UTF8String 'Yubico PIV Attestation'
861 29: SEQUENCE { 863 3: OBJECT IDENTIFIER commonName (2 5 4 3) 868 : }
22: UTF8String 'Yubico PIV Attestation' : } : } : } 892 32: SEQUENCE : }
{ 894 13: UTCTime 14/03/2016 00:00:00 GMT 909 15: GeneralizedTime : }
17/04/2052 00:00:00 GMT : } 926 37: SEQUENCE { 928 35: SET { 930 33: 198 290: SEQUENCE {
SEQUENCE { 932 3: OBJECT IDENTIFIER commonName (2 5 4 3) 937 26: 202 13: SEQUENCE {
UTF8String 'YubiKey PIV Attestation 9e' : } : } : } 965 290: SEQUENCE 204 9: OBJECT IDENTIFIER
{ 969 13: SEQUENCE { 971 9: OBJECT IDENTIFIER : rsaEncryption (1 2 : rsaEncryption (1 2 840 113549 1 1 1)
840 113549 1 1 1) 982 0: NULL : } 984 271: BIT STRING : 30 82 01 0A 215 0: NULL
02 82 01 01 00 A9 02 2D 7A 4C 0B B1 : 0C 02 F9 E5 9C E5 6F 20 D1 9D : }
F9 CE B3 B3 4D 1B : 61 B0 B4 E0 3F 44 19 72 88 8B 8D 9F 86 4A 5E C7 : 217 271: BIT STRING
38 F0 AF C9 28 5C D8 A2 80 C9 43 93 2D FA 39 7F : E9 39 2D 18 1B A7 : 30 82 01 0A 02 82 01 01 00 C5 5B 8D E9 B9 3C 53
A2 76 8F D4 6C D0 75 96 99 0D : 06 37 9D 90 D5 71 00 6E FB 82 D1 5B : 69 82 88 FE DA 70 FC 5C 88 78 41 25 A2 1D 7B 84
2A 7C 3B 62 : 9E AB 15 81 B9 AD 7F 3D 30 1C C2 4B 9D C4 D5 64 : 32 9A : 8E 93 36 AD 67 2B 4C AB 45 BE B2 E0 D5 9C 1B A1
54 D6 23 B1 65 92 A3 D7 57 E2 62 10 2B 93 : [ Another 142 bytes : 68 D5 6B F8 63 5C 83 CB 83 38 62 B7 64 AE 83 37
skipped ] : } 1259 78: [3] { 1261 76: SEQUENCE { 1263 17: SEQUENCE { : 37 8E C8 60 80 E6 01 F8 75 AA AE F6 6E A7 D5 76
1265 10: OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 3' 1277 3: OCTET : C5 C1 25 AD AA 9E 9D DC B5 7E E9 8E 2A B4 3F 99
STRING 05 01 02 -- firmware version : } 1282 20: SEQUENCE { 1284 10: : 0D F7 9F 20 A0 28 A0 9F B3 B1 22 5F AF 38 FB 73
OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 7' 1296 6: OCTET STRING 02 04 : 46 F4 C7 93 30 DD FA D0 86 E0 C9 C6 72 99 AF FB
00 93 6A A0 -- serial number : } 1304 16: SEQUENCE { 1306 10: OBJECT : [ Another 142 bytes skipped ]
IDENTIFIER '1 3 6 1 4 1 41482 3 8' 1318 2: OCTET STRING 01 01 -- PIN : }
and touch policy : } 1322 15: SEQUENCE { 1324 10: OBJECT IDENTIFIER 492 41: [3] {
'1 3 6 1 4 1 41482 3 9' 1336 1: OCTET STRING 02 -- form factor : } : 494 39: SEQUENCE {
} : } : } 1339 13: SEQUENCE { 1341 9: OBJECT IDENTIFIER : 496 17: SEQUENCE {
sha256WithRSAEncryption (1 2 840 113549 1 1 11) 1352 0: NULL : } 1354 498 10: OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 3'
257: BIT STRING : 9F EB 7A 4C F0 7C 67 11 ED C5 84 07 C8 19 41 B2 : 510 3: OCTET STRING 05 01 02
71 42 08 2B D6 CD A8 5F DC AE 79 75 6C F1 E5 4D : 28 95 89 69 9D C0 : }
2E A7 D4 48 51 B0 75 FF 63 FD : B8 79 93 03 EA BB 8A 67 D8 E7 EC C9 515 18: SEQUENCE {
1C 8E 3F AF : 74 30 D4 7E 74 A4 26 50 9F D4 57 AE 23 C0 8A 63 : 4E F3 517 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
C7 CF 5A AF 91 11 A2 6B 3B 49 24 32 26 88 : D8 4F 6F BE BC F0 2D A9 522 1: BOOLEAN TRUE
A2 88 B4 5F 54 AF 42 72 : 08 74 64 57 76 5A 02 9A 9D 21 4B FD 7F 44 525 8: OCTET STRING 30 06 01 01 FF 02 01 00
8F AF : [ Another 128 bytes skipped ] : } : } 1615 0: SET {} : } : } : }
: } " : }
: }
: }
535 13: SEQUENCE {
537 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
548 0: NULL
: }
550 257: BIT STRING
: 05 57 B7 BF 5A 41 74 F9 5F EC 2E D2 B8 78 26 E5
: EF 4F EA BF 5A 64 C9 CF 06 7F CA 8C 0A FC 1A 47
: 1C D6 AC ED C8 5B 54 72 00 9F B8 59 AB 73 25 B2
: D6 02 A3 59 83 31 69 EE C1 5F 3D F2 2B 1B 22 CA
: B6 FC F9 FB 21 32 9E 08 F3 08 54 6D C9 26 10 42
: 08 1D 3C B5 F0 5A B1 98 D4 68 DC 91 F1 D3 91 54
: 7A A0 34 8B F6 65 EB 13 9F 3A 1C BF 43 C5 D1 D0
: 33 23 C6 25 A0 4C E4 E9 AA 59 80 D8 02 1E B0 10
: [ Another 128 bytes skipped ]
: }
811 800: SEQUENCE {
815 520: SEQUENCE {
819 3: [0] {
821 1: INTEGER 2
: }
824 16: INTEGER
: 17 7D 2D F7 D6 6D 97 CC D6 CF 69 33 87 5B F1 5E
842 13: SEQUENCE {
844 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
855 0: NULL
: }
857 33: SEQUENCE {
859 31: SET {
861 29: SEQUENCE {
863 3: OBJECT IDENTIFIER commonName (2 5 4 3)
868 22: UTF8String 'Yubico PIV Attestation'
: }
: }
: }
892 32: SEQUENCE {
894 13: UTCTime 14/03/2016 00:00:00 GMT
909 15: GeneralizedTime 17/04/2052 00:00:00 GMT
: }
926 37: SEQUENCE {
928 35: SET {
930 33: SEQUENCE {
932 3: OBJECT IDENTIFIER commonName (2 5 4 3)
937 26: UTF8String 'YubiKey PIV Attestation 9e'
: }
: }
: }
965 290: SEQUENCE {
969 13: SEQUENCE {
971 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
982 0: NULL
: }
984 271: BIT STRING
: 30 82 01 0A 02 82 01 01 00 A9 02 2D 7A 4C 0B B1
: 0C 02 F9 E5 9C E5 6F 20 D1 9D F9 CE B3 B3 4D 1B
: 61 B0 B4 E0 3F 44 19 72 88 8B 8D 9F 86 4A 5E C7
: 38 F0 AF C9 28 5C D8 A2 80 C9 43 93 2D FA 39 7F
: E9 39 2D 18 1B A7 A2 76 8F D4 6C D0 75 96 99 0D
: 06 37 9D 90 D5 71 00 6E FB 82 D1 5B 2A 7C 3B 62
: 9E AB 15 81 B9 AD 7F 3D 30 1C C2 4B 9D C4 D5 64
: 32 9A 54 D6 23 B1 65 92 A3 D7 57 E2 62 10 2B 93
: [ Another 142 bytes skipped ]
: }
1259 78: [3] {
1261 76: SEQUENCE {
1263 17: SEQUENCE {
1265 10: OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 3'
1277 3: OCTET STRING 05 01 02 -- firmware version
: }
1282 20: SEQUENCE {
1284 10: OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 7'
1296 6: OCTET STRING 02 04 00 93 6A A0 -- serial number
: }
1304 16: SEQUENCE {
1306 10: OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 8'
1318 2: OCTET STRING 01 01 -- PIN and touch policy
: }
1322 15: SEQUENCE {
1324 10: OBJECT IDENTIFIER '1 3 6 1 4 1 41482 3 9'
1336 1: OCTET STRING 02 -- form factor
: }
: }
: }
: }
1339 13: SEQUENCE {
1341 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
1352 0: NULL
: }
1354 257: BIT STRING
: 9F EB 7A 4C F0 7C 67 11 ED C5 84 07 C8 19 41 B2
: 71 42 08 2B D6 CD A8 5F DC AE 79 75 6C F1 E5 4D
: 28 95 89 69 9D C0 2E A7 D4 48 51 B0 75 FF 63 FD
: B8 79 93 03 EA BB 8A 67 D8 E7 EC C9 1C 8E 3F AF
: 74 30 D4 7E 74 A4 26 50 9F D4 57 AE 23 C0 8A 63
: 4E F3 C7 CF 5A AF 91 11 A2 6B 3B 49 24 32 26 88
: D8 4F 6F BE BC F0 2D A9 A2 88 B4 5F 54 AF 42 72
: 08 74 64 57 76 5A 02 9A 9D 21 4B FD 7F 44 8F AF
: [ Another 128 bytes skipped ]
: }
: }
1615 0: SET {}
: }
: }
: }
8. Privacy Considerations. 8. Privacy Considerations.
TBD TBD
9. Security Considerations 9. Security Considerations
TBD. TBD.
10. IANA Considerations 10. IANA Considerations
skipping to change at page 32, line 37 skipping to change at page 62, line 50
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
12.2. Informative References 12.2. Informative References
[android_security] [android_security]
Kralevich, R., "The Android Platform Security Model", Kralevich, R., "The Android Platform Security Model",
n.d., <https://arxiv.org/pdf/1904.05572.pdf>. n.d., <https://arxiv.org/pdf/1904.05572.pdf>.
[azureattestation] [azureattestation]
Microsoft, ., "Azure Sphere Attestation", n.d., Microsoft, ., "Azure Sphere Attestation", n.d.,
<https://azure.microsoft.com/enus/resources/ <https://azure.microsoft.com/enus/resources/azure-sphere-
azure-sphere-device-authentication-andattestation-service/ device-authentication-andattestation-service/en-us/>.
en-us/>.
[fido] FIDO Alliance, ., "FIDO Specification Overview", n.d., [fido] FIDO Alliance, ., "FIDO Specification Overview", n.d.,
<https://fidoalliance.org/specifications/>. <https://fidoalliance.org/specifications/>.
[fido_w3c] [fido_w3c]
W3C, ., "Web Authentication: An API for accessing Public W3C, ., "Web Authentication: An API for accessing Public
Key Credentials Level 1", n.d., Key Credentials Level 1", n.d.,
<https://www.w3.org/TR/webauthn-1/>. <https://www.w3.org/TR/webauthn-1/>.
[fidoattestation] [fidoattestation]
skipping to change at page 33, line 12 skipping to change at page 63, line 25
<https://fidoalliance.org/specs/fido-v2.0-ps-20150904/ <https://fidoalliance.org/specs/fido-v2.0-ps-20150904/
fido-key-attestation-v2.0-ps-20150904.html>. fido-key-attestation-v2.0-ps-20150904.html>.
[fidosignature] [fidosignature]
FIDO Alliance, ., "FIDO 2.0: Signature Format", n.d., FIDO Alliance, ., "FIDO 2.0: Signature Format", n.d.,
<https://fidoalliance.org/specs/fido-v2.0-ps-20150904/ <https://fidoalliance.org/specs/fido-v2.0-ps-20150904/
fido-signature-format-v2.0-ps-20150904.html>. fido-signature-format-v2.0-ps-20150904.html>.
[fidotechnote] [fidotechnote]
FIDO Alliance, ., "FIDO TechNotes: The Truth about FIDO Alliance, ., "FIDO TechNotes: The Truth about
Attestation", n.d., <https://fidoalliance.org/ Attestation", n.d., <https://fidoalliance.org/fido-
fido-technotes-the-truth-about-attestation/>. technotes-the-truth-about-attestation/>.
[I-D.fedorkow-rats-network-device-attestation]
Fedorkow, G. and J. Fitzgerald-McKay, "Network Device
Attestation Workflow", draft-fedorkow-rats-network-device-
attestation-00 (work in progress), July 2019.
[I-D.gutmann-scep] [I-D.gutmann-scep]
Gutmann, P., "Simple Certificate Enrolment Protocol", Gutmann, P., "Simple Certificate Enrolment Protocol",
draft-gutmann-scep-14 (work in progress), June 2019. draft-gutmann-scep-14 (work in progress), June 2019.
[I-D.tschofenig-rats-psa-token] [I-D.tschofenig-rats-psa-token]
Tschofenig, H., Frost, S., Brossard, M., and A. Shaw, Tschofenig, H., Frost, S., Brossard, M., Shaw, A., and T.
"Arm's Platform Security Architecture (PSA) Attestation Fossati, "Arm's Platform Security Architecture (PSA)
Token", draft-tschofenig-rats-psa-token-01 (work in Attestation Token", draft-tschofenig-rats-psa-token-02
progress), April 2019. (work in progress), July 2019.
[ieee802-1AR] [ieee802-1AR]
IEEE Standard, ., "IEEE 802.1AR Secure Device Identifier", IEEE Standard, ., "IEEE 802.1AR Secure Device Identifier",
2009, <http://standards.ieee.org/findstds/ 2009, <http://standards.ieee.org/findstds/
standard/802.1AR-2009.html>. standard/802.1AR-2009.html>.
[intelsgx] [intelsgx]
Intel, ., "Intel(R) Software Guard Extensions: Attestation Intel, ., "Intel(R) Software Guard Extensions: Attestation
& Provisioning Services", n.d., & Provisioning Services", n.d.,
<https://software.intel.com/en-us/sgx/ <https://software.intel.com/en-us/sgx/attestation-
attestation-services>. services>.
[keystore] [keystore]
Google, ., "Android Keystore System", n.d., Google, ., "Android Keystore System", n.d.,
<https://developer.android.com/training/articles/ <https://developer.android.com/training/articles/
keystore>. keystore>.
[keystore_attestation] [keystore_attestation]
Google, ., "Verifying hardware-backed key pairs with Key Google, ., "Verifying hardware-backed key pairs with Key
Attestation", n.d., Attestation", n.d.,
<https://developer.android.com/training/articles/ <https://developer.android.com/training/articles/security-
security-key-attestation>. key-attestation>.
[RFC4210] Adams, C., Farrell, S., Kause, T., and T. Mononen, [RFC4210] Adams, C., Farrell, S., Kause, T., and T. Mononen,
"Internet X.509 Public Key Infrastructure Certificate "Internet X.509 Public Key Infrastructure Certificate
Management Protocol (CMP)", RFC 4210, Management Protocol (CMP)", RFC 4210,
DOI 10.17487/RFC4210, September 2005, DOI 10.17487/RFC4210, September 2005,
<https://www.rfc-editor.org/info/rfc4210>. <https://www.rfc-editor.org/info/rfc4210>.
[RFC5209] Sangster, P., Khosravi, H., Mani, M., Narayan, K., and J. [RFC5209] Sangster, P., Khosravi, H., Mani, M., Narayan, K., and J.
Tardo, "Network Endpoint Assessment (NEA): Overview and Tardo, "Network Endpoint Assessment (NEA): Overview and
Requirements", RFC 5209, DOI 10.17487/RFC5209, June 2008, Requirements", RFC 5209, DOI 10.17487/RFC5209, June 2008,
skipping to change at page 34, line 24 skipping to change at page 64, line 41
[RFC7030] Pritikin, M., Ed., Yee, P., Ed., and D. Harkins, Ed., [RFC7030] Pritikin, M., Ed., Yee, P., Ed., and D. Harkins, Ed.,
"Enrollment over Secure Transport", RFC 7030, "Enrollment over Secure Transport", RFC 7030,
DOI 10.17487/RFC7030, October 2013, DOI 10.17487/RFC7030, October 2013,
<https://www.rfc-editor.org/info/rfc7030>. <https://www.rfc-editor.org/info/rfc7030>.
[RFC8555] Barnes, R., Hoffman-Andrews, J., McCarney, D., and J. [RFC8555] Barnes, R., Hoffman-Andrews, J., McCarney, D., and J.
Kasten, "Automatic Certificate Management Environment Kasten, "Automatic Certificate Management Environment
(ACME)", RFC 8555, DOI 10.17487/RFC8555, March 2019, (ACME)", RFC 8555, DOI 10.17487/RFC8555, March 2019,
<https://www.rfc-editor.org/info/rfc8555>. <https://www.rfc-editor.org/info/rfc8555>.
[SP800-147B]
NIST, ., "BIOS Protection Guidelines for Servers", n.d.,
<https://nvlpubs.nist.gov/nistpubs/SpecialPublications/
NIST.SP.800-147B.pdf>.
[SP800-155]
NIST, ., "BIOS Integrity Measurement Guidelines (Draft)",
n.d., <https://csrc.nist.gov/CSRC/media/Publications/
sp/800-155/draft/documents/draft-SP800-155_Dec2011.pdf>.
[tapinfomodel]
Group, T., "TCG Trusted Attestation Protocol (TAP)
Information Model for TPM Families 1.2 and 2.0 and DICE
Family 1.0", n.d., <https://trustedcomputinggroup.org/wp-
content/uploads/
TNC_TAP_Information_Model_v1.00_r0.29A_publicreview.pdf>.
[tcgglossary]
Group, T., "TCG Glossary, Version 1.1", n.d.,
<https://trustedcomputinggroup.org/wp-content/uploads/TCG-
Glossary-V1.1-Rev-1.0.pdf>.
[tpmarchspec]
Group, T., "TPM 2.0 Mobile Reference Architecture", n.d.,
<https://trustedcomputinggroup.org/resource/tpm-2-0-
mobile-reference-architecture-specification/>.
[windowsdefender] [windowsdefender]
Microsoft, ., "Windows Defender System Guard attestation", Microsoft, ., "Windows Defender System Guard attestation",
n.d., <https://www.microsoft.com/security/blog/2018/04/19/ n.d., <https://www.microsoft.com/security/blog/2018/04/19/
introducing-windows-defender-system-guard-runtime- introducing-windows-defender-system-guard-runtime-
attestation/>. attestation/>.
[windowshealth] [windowshealth]
Microsoft, ., "Windows Device Health Attestation", n.d., Microsoft, ., "Windows Device Health Attestation", n.d.,
<https://docs.microsoft.com/en-us/windowsserver/security/ <https://docs.microsoft.com/en-us/windowsserver/security/
device-health-attestation>. device-health-attestation>.
 End of changes. 81 change blocks. 
948 lines changed or deleted 2388 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/