<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] is an [Attestation] implemented within [Web Authentication API] ([WebAuthN]) to attest to the [provenance] of an [authenticator] and the [data] it emits
[{$pagename}] statement is conveyed in an attestation object during [Credential Enrollment] including, for example: [credential] IDs, [credential] [key] pairs, [Digital Signature] counters, etc. [{$pagename}] defines [attestation] formats used to validate [FIDO] [Authenticators], uses [FIDO2] [credentials], and associated [User Verification Methods] which is similar to and could be mapped as [Authentication Context Class] to [federation] servers or other conditional/adaptive [authentication] systems.

!! Attestation Certificate [Example]

Attestation Certificate (attestnCert) [Example]
{{{
Version: 3 (0x2)
Serial Number: 1918419690 (0x7258c2ea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Yubico U2F Root CA Serial 457200631
Validity
Not Before: 2014-08-01T00:00:00
Not After: 2050-09-04T00:00:00
Subject: CN=Yubico U2F EE Serial 14803321578
Subject Public Key Info:
Public-Key: (256 bit)
pub:
04:a2:b0:39:93:22:54:31:9d:41:fa:48:54:d5:7c:a1:8d:eb:
69:cc:9b:3e:4d:81:ae:39:9f:32:3e:81:16:43:99:ef:2a:95:
14:67:3d:15:7c:ec:bf:b5:f0:bc:c7:89:08:53:ee:55:cf:3f:
1a:20:66:f4:d5:13:9b:93:8b:31:0b
Curve: secp256r1
X509v3 extensions:
1.3.6.1.4.1.41482.1.2 (YubiKey NEO):
Signature Algorithm: sha256WithRSAEncryption
bc:cc:1a:f9:0b:7b:95:78:18:d5:55:a4:33:71:6a:60:16:ac:
ed:cb:31:32:c3:41:0f:36:61:64:10:6c:23:d9:2a:b0:6c:5d:
1c:2c:b6:92:9a:d4:21:48:aa:2a:3a:f3:ae:53:89:3a:6a:a1:
40:ca:e9:32:65:93:15:3d:92:aa:00:fd:15:87:4b:02:32:94:
4c:ce:90:ef:11:98:ce:de:fe:a0:87:96:7c:6c:80:e6:b5:00:
09:e4:1d:a7:9c:82:f2:56:97:3b:0c:0e:ed:6a:3d:dd:52:b6:
73:34:c0:fc:bf:e6:d8:8c:a7:53:b1:92:7f:43:34:2c:b6:c7:
b0:20:f9:28:14:e2:11:46:da:ad:6b:48:b0:90:41:62:5f:f7:
30:47:5d:48:17:e5:12:19:c4:07:29:40:68:31:7e:b9:24:ff:
67:63:a0:f3:43:75:c7:a6:53:83:dd:b1:d4:38:7b:02:8b:63:
2a:05:95:3e:d5:f2:8e:ad:02:69:34:fd:30:f1:c0:50:a5:29:
3f:86:c5:53:9b:b5:22:19:6f:c5:1a:bc:6b:20:a5:df:a4:67:
c2:18:80:8a:0f:10:8c:7e:e5:8a:22:c8:6e:d0:78:cf:d2:91:
21:a3:00:17:d4:bb:35:a6:27:b6:4a:82:b7:f9:51:21:62:d9:
0e:15:12:ea
}}}

 shows X509v3 extensions: 1.3.6.1.4.1.41482.1.2 (YubiKey NEO) indicates that the Authenticator [Metadata] can be located within the [FIDO Alliance Metadata Service]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>