Share via

Azure Key Vault HSM Key Attestation for Code Signing Certificate

Karbust 5 Reputation points
2024-01-11T00:07:43.37+00:00

Hello,

I recently had to renew my previous code signing certificate and now they are only available on physical tokens.

I have the certificate on a YubiKey 5 NFC FIPS, and since I cannot have it on more than one YubiKey at a time I was having a look at Azure Key Vault HSM, which supports CSC.

My current certificate provider is Sectigo, and to issue a new certificate it needs a Key attestation, and accepts Luna and YubiKey as HSM types (check image below). How can I get such information? User's image

The CSR I can generate through the Key Vault interface.

It is my first time using a certificate on a physical token.

Any help would be appreciated.

Thank you

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,194 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,436 Reputation points
    2024-01-11T05:21:54.54+00:00

    Hello @Karbust , Azure KeyVault HSM does not support key attestation. Currently, only Luna or YubiKey do.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

  2. Monika Mac 80 Reputation points
    2024-01-19T05:38:48.67+00:00

    Absolutely Correct @Alfredo Revilla - Upwork Top Talent | IAM SWE SWA Azure KeyVault HSM doesn't support key attestation whereas Luna HSM and YubiKey do it. @Karbust you can refer to a quick step tutorial for key attestation via Luna HSM & YubiKeyManager.

    Hope you will find it good!