FIDO Product OID Arc
FIDO protocols, including FIDO2/WebAuthn and U2F, support the generation of attestation certificates for generated credentials. These credentials include OIDs listing details about the YubiKey itself. These OIDs are unique to Yubico FIDO Authentication devices, and may not be present on attestation certificates generated by non-Yubico hardware.
Base Prefix
The values in the table are added to the Yubico OID to identify the Yubico product type.
1.3.6.1.4.1.41482
FIDO2 and U2F Arc Values
When we change the physical appearance of devices or functional capabilities, this list will be expanded.
FIDO Device Type
| Number | Description |
|---|---|
| 1 | YubiKey U2F PlayStore devices (NXP-based) |
| 2 | YubiKey NEO (NXP-based) |
| 3 | YubiKey Plus (Infineon-based) |
| 4 | YubiKey Edge (Infineon-based) |
| 5 | YubiKey 4 USB (Infineon-based) [2015-11-03] |
| 6 | YubiKey NFC Preview (Infineon-based) [2018-04-12] |
| 7 | YubiKey 5 [2018-09-14] |
| 8 | YubiKey 5 Ci Lightning preview [2019-02-08] |
| 9 | YubiKey Bio |
FIDO Attributes
Full prefix 1.3.6.1.4.1.41482.13
| Number | Description | Encoding |
|---|---|---|
| 1 | Firmware version | Octet string (3 bytes), Major,
Minor, Patch, like: 040300 for 4.3.0
|
| 2 | CSPN certification | Value marking which cert is relevant |
For CSPN OID, this entry is only present if the device has achieved CSPN certification.
FIDO Enterprise Attestation Attributes
The FIDO Enterprise Attestation certificate includes the OIDs listed above with the addition of the FIDO Enterprise Attestation specific OIDs. The OIDs listed below are owned and maintained by the FIDO Alliance.
Full prefix 1.3.6.1.4.1.45724
| Number | Description | Encoding |
|---|---|---|
| 1.1.2 | Serial number | Serial number for enterprise attestation |
For the Serial Number OID (1.3.6.1.4.1.45724.1.1.2), this entry is only present on the Enterprise Attestation certificate, and is otherwise not included.
Sample OID with U2F Type
Example for a YubiKey NEO:
- version 1:
1.3.6.1.4.1.41482.1.2 - version 2:
1.3.6.1.4.1.41482.2: 1.3.6.1.4.1.41482.1.2
Example for Yubikey 4 FIPS:
- version 2:
1.3.6.1.4.1.41482.2: 1.3.6.1.4.1.41482.1.5 1.3.6.1.4.1.41482.12