Remote Key Attestation

A list of cryptographic devices that includes support for remote key attestations

Use cases

Common use cases for key attestation are:

  • Issuing code signing certificates for subscriber keys, verifying that the subscribers private signature key is generated and managed in an approved cryptographic device.
  • Issuing digital signature certificate for subscriber keys, verifying that the subscribers private signature key is generated and managed in an approved cryptographic device.

There are other ways to achieve the same purpose, such as shipping hardware devices (USB tokens, smart cards, etc) to the subscriber, or requiring a formal audit of the key generation procedure from the subscriber. Using remote key attestation makes this process more efficient and possible to automate in a larger scale.

Implementations

The table lists known hardware cryptographic devices and their support, or non-support, for remote key attestation.

Vendor/ModelCapabilityFormatDocumentationNotes
Cloud HSMs
Google CloudHSM✔️JSONhttps://cloud.google.com/kms/docs/attest-key
AWS CloudHSM
AWS KMS
Azure Key Vault
Azure Managed HSM❌🕐Claimed to be on the roadmap
HSMs
Crypto4A QASM✔️Proprietary/PEMhttps://support.crypto4a.com/public/documentation/C4A-302-0043-AttestationInQasm.html
Entrust nShield✔️JSONhttps://nshielddocs.entrust.com/key-attestation-docs/v1.0.2/intro.html
Utimaco CryptoServer
Thales Luna✔️CMS/PKCS#7Meeting CA/Browser Forum Standards with Luna and Luna Cloud HSMs / Public Key Confirmations
Marvell HSMCMS/PKCS#7✔️Proprietary/Binaryhttps://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.htmlGCP Cloud HSM, AWS CloudHSM and MS Managed HSM are using Marvell hardware in the background
Securosys Primus HSM✔️XML with external sigHSM User Guide Docs
I4P Trident HSM✔️CMS/PKCS#7https://www.i4p.com/documents/Trident_RSS_summary_sheet_200929.pdfNo detailed documentation about using key attestation available publicly.
Fortanix✔️JSONVerifying Key Attestation Statements Doc
Tokens
Yubico✔️X.509Attestation Concept PIV Attestation
Trusted Platform Module✔️TPMS_ATTEST/PKCS#10TPM Fundamentals / MS Key Attestation / MS CSP with Key Attestation / TCG Trusted Attestation Protocol
Century Longmai PKI Token❌🕐CMS/PKCS#7Claimed roadmap item
TrustSec SLCOS - Bio/PKI token
SmartCard-HSM✔️CVC, BSI TR-03110-3Remote Key Attestation explained
Other Devices
Apple iOS✔️X.509/ACME/CBOR/WebAuthnApple
Android✔️ASN.1/CBOS/COSEAndroid

Vendor Details

Android

Android provides multiple resources.

Key attestation using a custom ASN.1 format.

A (not well documented) certificate management protocol called KeyMint, which is conceptually a CBOR/COSE-based version of a CSR plus response, the utilized attestation technology is DICE.

Apple

Apple provides multiple resources.

Managed Device Attestation, in iOS 16 and later, can be used for key attestation.

DeviceCheck app integrity attestation is not usedfor the purpose of key attestation as defined here.

Participate in our community discussions and/or join the consortium