Does attestation certificate use a unique key for each device or a shared one for the entire batch? Can the user choose the behavior?
- Company
- News
- Products
- Solutions
- Support
- Shop
There is a typo in your topic, it should read “Nitrokey 3”.
Also you may want to clarify you refer to FIDO2/Passkeys certificates - I assume, having read your interesting previous topic.(?) There are plenty keys handled by the devices for different applications and with each “attestation” is a term frequently used for a user-generated key certificate.
Thank you for reading my previous thread and finding it interesting.
You’re right about the typo, it should be Nitrokey 3.
Yes, I mean the FIDO2/Passkey certificate. As I understand it (as explained to me by the AI), in case of FIDO2/Passkey, the certificate can be unique to a single device, and in that case, the certificate can be used to determine whether the same user is registered on several websites.
However, a device can also send a certificate common to all devices of the same type. In this case, it’s impossible to determine whether the user is the same person; it’s only possible to determine that both users are clients of the same company.
What exactly is the Nitrokey’s policy? I tried to find the answer in the documentation, but couldn’t.