FIDO Product OID Arc
FIDO protocols, including FIDO2/WebAuthn and U2F, support the generation of attestation certificates for generated credentials. These credentials will include OIDs listing details about the YubiKey itself. These OIDs are unique to Yubico FIDO Authentication devices, and may not be present on attestation certificates generated by non-Yubico hardware.
Base Prefix
The values in the table are added to the Yubico OID to identify the Yubico product type.
1.3.6.1.4.1.41482
FIDO2 and U2F Arc Values
When we change the physical appearance of devices or functional capablities, this list will be expanded.
FIDO Device Type
| Number | Description |
|---|---|
| 1 | YubiKey U2F PlayStore devices (NXP-based) |
| 2 | YubiKey NEO (NXP-based) |
| 3 | YubiKey Plus (Infineon-based) |
| 4 | YubiKey Edge (Infineon-based) |
| 5 | YubiKey 4 USB (Infineon-based) [2015-11-03] |
| 6 | YubiKey NFC Preview (Infineon-based) [2018-04-12] |
| 7 | YubiKey 5 [2018-09-14] |
| 8 | YubiKey 5 Ci Lightning preview [2019-02-08] |
| 9 | YubiKey Bio |
FIDO Attributes
Full prefix 1.3.6.1.4.1.41482.13
| Number | Description | Encoding |
|---|---|---|
| 1 | Firmware version | Octet string (3 bytes), Major,
Minor, Patch, like: 040300 for 4.3.0
|
| 2 | CSPN certification | Value marking which cert is relevant |
| 3 | Serial number | Serial number for enterprise attestation |
For CSPN OID, this entry will only be present if the device has achived CSPN certification. For the Serial Number ODI, this entry will only be present on the Enterprise Attestation certificate, and will otherwise not be included.
Sample OID with U2F Type
Example for a YubiKey NEO:
version 1:
1.3.6.1.4.1.41482.1.2version 2:
1.3.6.1.4.1.41482.2: 1.3.6.1.4.1.41482.1.2
Example for Yubikey 4 FIPS:
version 2:1.3.6.1.4.1.41482.2: 1.3.6.1.4.1.41482.1.5 1.3.6.1.4.1.41482.12