Remote Key Attestation

Key attestation, in this context, is the technical ability to prove to a remote party that a private key was generated inside, and is managed inside, and not exportable from, a hardware cryptographic module

Use cases

Common use cases for key attestation are:

  • Issuing code signing certificates for subscriber keys, verifying that the subscribers private signature key is generated and managed in an approved cryptographic device.
  • Issuing digital signature certificate for subscriber keys, verifying that the subscribers private signature key is generated and managed in an approved cryptographic device.

There are other ways to achieve the same purpose, such as shipping hardware devices (USB tokens, smart cards, etc) to the subscriber, or requiring a formal audit of the key generation procedure from the subscriber. Using remote key attestation makes this process more efficient and possible to automate in a larger scale.

Implementations

The table lists known hardware cryptographic devices and their support, or non-support, for remote key attestation.

Vendor/ModelCapabilityFormatDocumentationNotes
Cloud HSMs
Google CloudHSM✔️JSONhttps://cloud.google.com/kms/docs/attest-key
AWS CloudHSM
AWS KMS
Azure Key Vault
Azure Managed HSM❌🕐Claimed to be on the roadmap
HSMs
Entrust nShield❌🕐https://github.com/pkic/remote-key-attestation/issues/3Claimed to be on the roadmap
Utimaco CryptoServer
Thales Luna✔️CMS/PKCS#7https://thalesdocs.com/gphsm/luna/7/docs/network/Content/admin_partition/confirm/confirm_hsm.htmhttps://thalesdocs.com/gphsm/luna/7/docs/network/Content/Utilities/cmu/cmu_getpkc.htm
Marvell HSMCMS/PKCS#7✔️Proprietary/Binaryhttps://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.htmlGCP Cloud HSM, AWS CloudHSM and MS Managed HSM are using Marvell hardware in the background
Securosys Primus HSM✔️XML with external sighttps://www.securosys.com/hubfs/Securosys_PrimusHSM_KeyAttestation_SB-E01.pdf (Documentation in HSM User Guide)
I4P Trident HSM✔️CMS/PKCS#7https://www.i4p.com/documents/Trident_RSS_summary_sheet_200929.pdfNo detailed documentation about using key attestation available publicly.
Fortanix❌🕐Claimed roadmap item for H1 2023
Tokens
Yubico✔️X.509https://developers.yubico.com/YubiHSM2/Concepts/Attestation.htmlhttps://developers.yubico.com/yubico-piv-tool/Attestation.htmlhttps://developers.yubico.com/PIV/Introduction/PIV_attestation.html
Trusted Platform Module✔️TPMS_ATTEST/PKCS#10https://www.cs.unh.edu/~it666/reading_list/Hardware/tpm_fundamentals.pdfhttps://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/tpm-key-attestationhttps://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/f596c7df-a72c-4323-b27f-3c8646604ddb?redirectedfrom=MSDNhttps://trustedcomputinggroup.org/wp-content/uploads/TNC_TAP_Information_Model_v1.00_r0.29A_publicreview.pdf
Century Longmai PKI Token❌🕐CMS/PKCS#7Claimed roadmap item
TrustSec SLCOS - Bio/PKI token
Other Devices
Apple iOS✔️CBOR/WebAuthnhttps://developer.apple.com/documentation/devicecheckhttps://developer.apple.com/documentation/devicecheck/dcappattestservice/3573911-attestkeyhttps://developer.apple.com/documentation/devicecheck/validating_apps_that_connect_to_your_serverNot for the purpose of key attestation as defined here, perhaps it can be used for additional purposes than intended?
Android✔️ASN.1https://developer.android.com/training/articles/security-key-attestationhttps://source.android.com/security/keystore/attestationCustom ASN.1 format

Standards

There are a few standardization efforts available. Known efforts include:

Other suggestions, which hasn’t been seen live in any of the above implementations:

There is also a draft with Use cases for Remote Attestation common encodings. Section 7 describes several of the encodings listed in the table above.

Resources

Participate in our community discussions and/or join the consortium