Certificate Request with Key Attestation

Note For information on product behavior, see the following product behavior note.<27>

Before the client can submit the request to the CA for key attestation purposes, it MUST initialize a secure channel to the CA. To create a secure channel to the CA, the client MUST retrieve the current CA key exchange certificate, either through a call to ICertRequestD::GetCACert (providing the GETCERT_CAXCHGCERT 0x00000001 property identifier (ID) in the fchain parameter) or ICertRequestD2::GetCAProperty (providing the CR_PROP_CAXCHGCERT 0x0000000F flag in the PropID parameter). Both methods can be used to retrieve the CA exchange certificate with no preference. Once retrieved, the CA exchange certificate MUST be verified as being trusted for the szOID_KP_CA_EXCHANGE EKU or the szOID_KP_PRIVACY_CA EKU before being used further.

The request MUST be an ASN.1 DER-encoded PKCS10 request [RFC3852] that includes a szOID_ENROLL_EK_INFO or szOID_ENROLL_AIK_INFO attribute, an szOID_ENROLL_ATTESTATION_STATEMENT attribute, and an szOID_ENROLL_KSP_NAME attribute. More specifically:

  • The client MUST construct an EnvelopedData CMS structure that complies with the following requirements:

    • RecipientInfos: This field MUST reference the CA exchange certificate that contains the public key that is used to encrypt the Client_HardwareKeyInfo ADM element. The exact format of RecipientInfos is specified in [RFC3852] section 6.1.

    • EncryptedContent: This field MUST be the encrypted form of the Client_HardwareKeyInfo ADM element. For EK attestation (authority and subject) (section, the Client_HardwareKeyInfo MUST contain the client endorsement key (EK) and certificates (EKCerts). For AIK attestation (subject only) (section, the Client_HardwareKeyInfo MUST contain the Attestation Identity Key (AIK) and certificates (AIKCerts).

  • The client MUST construct a PKCS #10 request, as specified in section with:

    • The szOID_ENROLL_EK_INFO or szOID_ENROLL_AIK_INFO attribute set to the EnvelopedData CMS structure that was constructed in the previous step. The szOID_ENROLL_EK_INFO attribute MUST be used if the encrypted Client_HardwareKeyInfo contains the client endorsement key (EK) and certificates; that is, when EK attestation (authority and subject) (section is being performed. The szOID_ENROLL_AIK_INFO attribute MUST be used if the encrypted Client_HardwareKeyInfo contains the client Attestation Identity Key (AIK) and certificates; that is, when AIK attestation (subject only) (section is being performed.

    • The szOID_ENROLL_ATTESTATION_STATEMENT attribute set to the Client_KeyAttestationStatement ADM element.

    • The szOID_ENROLL_KSP_NAME attribute set to the CSP name used to create the private/public key pair.

Note All request formats detailed in the following sections MUST be marshaled by using DER-encoding rules, as specified in [X690], for transmission.