FIDO Product OID Arc

FIDO protocols, including FIDO2/WebAuthn and U2F, support the generation of attestation certificates for generated credentials. These credentials will include OIDs listing details about the YubiKey itself. These OIDs are unique to Yubico FIDO Authentication devices, and may not be present on attestation certificates generated by non-Yubico hardware.

Base Prefix

The values in the table are added to the Yubico OID to identify the Yubico product type.

FIDO2 and U2F Arc Values

When we change the physical appearance of devices or functional capablities, this list will be expanded.

FIDO Device Type

Number Description
1 YubiKey U2F PlayStore devices (NXP-based)
2 YubiKey NEO (NXP-based)
3 YubiKey Plus (Infineon-based)
4 YubiKey Edge (Infineon-based)
5 YubiKey 4 USB (Infineon-based) [2015-11-03]
6 YubiKey NFC Preview (Infineon-based) [2018-04-12]
7 YubiKey 5 [2018-09-14]
8 YubiKey 5 Ci Lightning preview [2019-02-08]
9 YubiKey Bio

FIDO Attributes

Full prefix

Number Description Encoding
1 Firmware version
Octet string (3 bytes), Major,
Minor, Patch, like: 040300 for 4.3.0
2 CSPN certification Value marking which cert is relevant
3 Serial number Serial number for enterprise attestation

For CSPN OID, this entry will only be present if the device has achived CSPN certification. For the Serial Number ODI, this entry will only be present on the Enterprise Attestation certificate, and will otherwise not be included.

Sample OID with U2F Type

Example for a YubiKey NEO:

version 1:

version 2:

Example for Yubikey 4 FIPS:

version 2: