FIPS Certificates OID Arc
The PIV Attestation certificates generated on the device will include OIDs with additional information about the YubiKey the certificate was generated on. For FIPS devices, there will also be an additional OID to indicate the YubiKey was FIPS certified. For all other devices, this OID entry will not be present.
Base Prefix
The values in the certificates are added to the Yubico OID to identify the Yubico product type.
1.3.6.1.4.1.41482
FIPS Arc Values
FIPS is marked with the OID 1.3.6.1.4.1.41482.12
and a value marking what FIPS certificate the device belongs to:
1: YubiKey Standard and YubiKey Nano Certificate #2267, validation date 10/14/2014 https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Certificate/2267
2: YubiKey (4) FIPS Certificate #3204, validation date 6/21/2018 - 4/30/2019 (revoked but no keys programmed with this) https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Certificate/3204
3: YubiKey (4) FIPS Certificate #3517, validation date 9/3/2019 https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/3517
4: YubiKey 5 FIPS Certificate #3907 (Level 1), validation date (assuming this is the 4/22/2021 date but where is the other 8/19/2021 represented?) https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3907
5: YubiKey 5 FIPS Certificate #3914 (Level 2), validation date 05/03/2021 https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3914
6: YubiHSM 2 Certificate #3916, validation date 05/03/2021 https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3916
7: YubiKey 5 FIPS Certificate #3914 (Level 2) update, validation date 08/19/2021 https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3914
Sample OID with LDAP Type
FIPS is marked with the OID 1.3.6.1.4.1.41482.12