Automata Docs
  • Understanding Automata
    • What is Automata?
      • TEE Coprocessor
      • Proof of Machinehood
        • Optimistic Attestation
        • Zero Knowledge Proof
        • Modular Trust
    • Key terms
  • TEE Overview
    • TEE Prover
    • Multi-Prover AVS (EigenLayer)
      • Operator guide
        • Installation
        • Deposit strategies
        • Opt in to run AVS
        • FAQ
    • TEE Compile
      • Getting Started
      • Vendorizing
      • Attestation Report
    • TEE Builder
      • Block Builder Architecture
      • Stateless Executor
    • Verifiable Random Function
      • Why Automata VRF
      • How does Automata VRF work
      • Attestation
  • Build with PoM
    • Introduction
      • Smart contract libraries
      • Attestations on Verax
      • Frequently asked questions
    • Attestation module
      • Machine Attestation
        • Intel SGX
        • AWS Nitro Enclaves
        • Miscellaneous
      • Device Attestation
        • Yubikey
        • Andriod
        • Apple
        • Windows
        • FIDO U2F Authenticator
      • WebAuthn Attestation
        • WebAuthn Attestation Types
        • Attestation Statements & Privacy Impacts
  • Backed by PoM
    • 1RPC
    • L2Faucet
      • Frequently asked questions
  • Protocol
    • App-Specific Rollup
    • Mainnet
    • Testnet
    • Bridge
      • Bridging Native Tokens from L1 to L2
      • Bridging Native Tokens from L2 to L1
    • Explorer
    • Specification
      • Attestation
      • Attestor
      • Smart Contract
  • Research
    • Account Abstraction
    • Decentralized Randomness
    • Maximal Extractable Value
    • Reproducible Build
    • Lightpaper
Powered by GitBook
On this page
  • Introduction of Yubikey
  • Yubikey Attestation

Was this helpful?

  1. Build with PoM
  2. Attestation module
  3. Device Attestation

Yubikey

Introduction of Yubikey

YubiKey, a popular hardware security key, provides strong two-factor authentication and can be used to protect online accounts, services, and applications from unauthorized access. One of the key features of YubiKey is its ability to generate cryptographic keys and signatures that can be used for authentication and attestation. By leveraging these cryptographic capabilities, YubiKey can prove its identity and integrity to a relying party.

Yubikey Attestation

Performing device attestation with YubiKey using WebAuthn involves a series of steps that ensure the authenticity of the device and the integrity of the attestation statement. The process begins when a user triggers their YubiKey to generate a new key pair, along with an attestation statement that attests to the device's authenticity. This attestation statement is then sent to an on-chain contract for verification.

The verification process on the blockchain involves several steps:

  1. Verify WebAuthn Attestation Signature: The on-chain contract first verifies that the signature in the WebAuthn attestation statement (attStmt) is valid. This is done by checking that the signature was created by the certificate (x5c[0]) included in the attStmt, and that it was signed over specific data.

  2. Verify Certificate Chain : The contract then verifies the certificate chain (x5c) included in the attStmt. This ensures that each certificate in the chain is signed by the next certificate, establishing a chain of trust.

  3. Verify Root Certificate: Finally, the contract verifies that the last certificate in the x5c chain is issued by a trusted Certificate Authority (CA). In the case of YubiKey, for example the "Yubico U2F Root CA Serial 457200631." This step confirms that the attestation statement comes from a genuine YubiKey device.

By following this process, the on-chain contract can verify the authenticity of the YubiKey and the integrity of the attestation statement. This provides a transparent and tamper-proof record of the attestation, which can be publicly accessed and verified by anyone on the blockchain.

PreviousDevice AttestationNextAndriod

Last updated 1 year ago

Was this helpful?