.. oid-u2f-fido-arc.rst .. _oid-u2f-fido-arc: ============================= FIDO Product OID Arc ============================= FIDO protocols, including FIDO2/WebAuthn and U2F, support the generation of attestation certificates for generated credentials. These credentials include OIDs listing details about the YubiKey itself. These OIDs are unique to Yubico FIDO Authentication devices, and may not be present on attestation certificates generated by non-Yubico hardware. Base Prefix ============ The values in the table are added to the Yubico OID to identify the Yubico product type. ``1.3.6.1.4.1.41482`` FIDO2 and U2F Arc Values ========================= When we change the physical appearance of devices or functional capabilities, this list will be expanded. FIDO Device Type ----------------- .. table:: +--------+---------------------------------------------+ | Number | Description | +========+=============================================+ | 1 | YubiKey U2F PlayStore devices (NXP-based) | | | and Security Key Series (Infineon-based) | +--------+---------------------------------------------+ | 2 | YubiKey NEO (NXP-based) | +--------+---------------------------------------------+ | 3 | YubiKey Plus (Infineon-based) | +--------+---------------------------------------------+ | 4 | YubiKey Edge (Infineon-based) | +--------+---------------------------------------------+ | 5 | YubiKey 4 USB (Infineon-based) [2015-11-03] | +--------+---------------------------------------------+ | 6 | YubiKey NFC Preview (Infineon-based) | | | [2018-04-12] | +--------+---------------------------------------------+ | 7 | YubiKey 5 [2018-09-14] | +--------+---------------------------------------------+ | 8 | YubiKey 5 Ci Lightning preview [2019-02-08] | +--------+---------------------------------------------+ | 9 | YubiKey Bio | +--------+---------------------------------------------+ FIDO Attributes ---------------- Full prefix ``1.3.6.1.4.1.41482.13`` .. table:: +--------+----------------------+------------------------------------------+ | Number | Description | Encoding | +========+======================+==========================================+ | 1 | Firmware version || Octet string (3 bytes), Major, | | | || Minor, Patch, like: 040300 for 4.3.0 | +--------+----------------------+------------------------------------------+ | 2 | CSPN certification | Value marking which cert is relevant | +--------+----------------------+------------------------------------------+ For CSPN OID, this entry is only present if the device has achieved CSPN certification. FIDO Enterprise Attestation Attributes -------------------------------------- The FIDO Enterprise Attestation certificate includes the OIDs listed above with the addition of the FIDO Enterprise Attestation specific OIDs. The OIDs listed below are owned and maintained by the FIDO Alliance. Full prefix ``1.3.6.1.4.1.45724`` .. table:: +--------+----------------------+------------------------------------------+ | Number | Description | Encoding | +========+======================+==========================================+ | 1.1.2 | Serial number | Serial number for enterprise attestation | +--------+----------------------+------------------------------------------+ For the Serial Number OID (``1.3.6.1.4.1.45724.1.1.2``), this entry is only present on the Enterprise Attestation certificate, and is otherwise not included. Sample OID with U2F Type ============================= Example for a YubiKey NEO: * version 1: ``1.3.6.1.4.1.41482.1.2`` * version 2: ``1.3.6.1.4.1.41482.2: 1.3.6.1.4.1.41482.1.2`` Example for Yubikey 4 FIPS: * version 2: ``1.3.6.1.4.1.41482.2: 1.3.6.1.4.1.41482.1.5 1.3.6.1.4.1.41482.12``