Browse Prior Art Database

Subject Key Attestations in KeyGen2 Disclosure Number: IPCOM000178924D
Original Publication Date: 2009-Jan-29
Included in the Prior Art Database: 2009-Jan-29
Document File: 6 page(s) / 48K

Publishing Venue

Linux Defenders

Related People

Anders Rundgren: AUTHOR


The document describes an on-line provisioning protocol the enables issuers to verify that assymetric key-pairs actually are generated in clients' trusted containers as well as how you can securely download symmetric keys to such containers.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 23% of the total text.

Page 1 of 6

Subject Key Attestations in KeyGen2

For on-line (remote) provisioning of keys to Security Elements (SEs), like Smart Cards, there is a whish by issuers to be able to securely verify that the public key part they receive for inclusion in a certificate, indeed was (together with its private counterpart), generated inside of a "genuine" SE. This document shows how key-attestations performed by an SE (assumed to be equipped with at least one embedded private key and certificate), have been integrated in the KeyGen2 protocol. The primary KeyGen2 message affected by this facility is KeyOperationResponse (holding generated public

keys), which is sent from the client to the issuer. By "piggybacking" secret data on attested asymmetric key-pairs, the described key attestation mechanism becomes equally applicable to downloadable symmetric keys. Below is a sample featuring a single key which is used for illustrating the key-attestation support.

Request Phase

In the request the issuer declares requirements on the generated key(s) to the provisioning client.

< KeyOperationRequest SubmitURL =""

ID ="R.11c6ffa38d96804bb04f9d79913"

SessionID ="S.11c6ffa3f23b544f7a3ae4b3409"

ServerTime ="2009-01-19T13:03:04+01:00"

xmlns =" ">

Response Phase

In the subsequent response, the client returns generated keys including their associated key attestations.

< KeyOperationResponse ClientTime ="2009-01-19T13:03:17+02:00"

ID ="S.11c6ffa3f23b544f7a3ae4b3409"

RequestID ="R.11c6ffa38d96804bb04f9d79913"

RequestURL =""


ServerTime ="2009-01-19T13:03:04+01:00"

SubmitURL =""

xmlns =" "

xmlns : ds =" ">

AIyJ4QCz+0A … HRR1hOws8=


A.Rundgren,, KeyGen2 application note - Key attestations, V0.18, January 2009 1/6

Page 2 of 6


gqVvmXw8dO … Sd/nurzR+Xw=

CN=Mobile Device Root CA,DC=webpki,DC=org


MIIC/jCCAea … ySVpfRGH0=

Detailed Operation

The KeyAttestation attribute holds a key attestation signature for the binary object constituting of the concatenation of a Nonce object, an Exportable flag, a KeyUsage variable, and the generated public key in ASN.1 DER encoded format like the following: Sign (Nonce || Exportable || KeyUsage || public key).Nonce is the SHA1 hash of the UTF-8

encoded string created by concatenating the content of the following XML attributes, where each attribute value has been appended by a trailing NULL (\0) character:

GeneratedPublicKey/@ID KeyOperationResponse/@ID KeyOperationResponse/@RequestID

Note: Attribute order is significant! Exportable is a byte [0..1] telling if the generated key is exportable or not. This characteristic is defined during the request...