FIPS Certificates OID Arc

The PIV Attestation certificates generated on the device will include OIDs with additional information about the YubiKey the certificate was generated on. For FIPS devices, there will also be an additional OID to indicate the YubiKey was FIPS certified. For all other devices, this OID entry will not be present.

Base Prefix

The values in the certificates are added to the Yubico OID to identify the Yubico product type.

FIPS Arc Values

FIPS is marked with the OID and a value marking what FIPS certificate the device belongs to:

1: YubiKey Standard and YubiKey Nano Certificate #2267, validation date 10/14/2014

2: YubiKey (4) FIPS Certificate #3204, validation date 6/21/2018 - 4/30/2019 (revoked but no keys programmed with this)

3: YubiKey (4) FIPS Certificate #3517, validation date 9/3/2019

4: YubiKey 5 FIPS Certificate #3907 (Level 1), validation date (assuming this is the 4/22/2021 date but where is the other 8/19/2021 represented?)

5: YubiKey 5 FIPS Certificate #3914 (Level 2), validation date 05/03/2021

6: YubiHSM 2 Certificate #3916, validation date 05/03/2021

7: YubiKey 5 FIPS Certificate #3914 (Level 2) update, validation date 08/19/2021

Sample OID with LDAP Type

FIPS is marked with the OID