Generating an attestation certification for an Ed25519 keypair on the YubiHSM 2

Question

Does the YubiHSM 2's attestation mechanism support attesting for Ed25519 keypairs?

The following yubihsm-shell session fails:

connect
session open 1 password
generate asymmetric 0 100 test-key 1 sign-eddsa ed25519
attest asymmetric 0 100 0

with the following message:

Failed to attest asymmetric key: Malformed command / invalid data

Meanwhile, attestations of both RSA and NIST-B EC keypairs (i.e., ecp256, ecp384) work as expected. The YubiHSM documentation doesn't make any reference to this deficiency.

score 1 · Accepted Answer · answered Mar 27 '20 at 19:45

1

As of YubiHSM2 release 2019.12, the Known Issues and Limitations page states:

Attestation currently does not support ed25519 keys.

answered Mar 27 '20 at 19:45

Luke Walker

333
1
4

Generating an attestation certification for an Ed25519 keypair on the YubiHSM 2

1 Answers1