Can not create key attestation with Yubikey FIPS (Firmware: 4.4.2)

[TuanTAg]

Hi, I am using Yubico.Yubikey (1.1.0) what version is downloaded from nuget in .Net 4.7.2, I have tried to create key attestation with Yubikey Token, I have tried with 2 Yubikey Token, the function success with Yubikey 5 NFC (Firmware: 5.4.3) but throw exception with Yubikey FIPS (Firmware: 4.4.2), exception: "Incorrect paramerters in the command data field". This is my code: public static void RunCreateAttestationStatement( IYubiKeyDevice yubiKey, byte slotNumber, out X509Certificate2 certificate) { using (var pivSession = new PivSession(yubiKey)) { certificate = pivSession.CreateAttestationStatement(slotNumber); } } Can you help me check it?

[GregDomzalski]

Thanks for reporting this issue. We'll take a look and get back to you!

[TuanTAg]

Thank @GregDomzalski!

[GregDomzalski]

Hi @TuanTAg,

That exception is often seen in two scenarios:

1. There is no private key in the slot you are trying to attest. (i.e. There is nothing to attest.)
2. There is a key present in the slot, however it was imported onto the YubiKey. (i.e. The key was not generated on the YubiKey itself, rather it was generated somewhere else.)

Can you please verify that the slot that you are trying to attest has a generated key rather than an imported key?

This article goes into depth on the PIV attestation feature: https://docs.yubico.com/yesdk/users-manual/application-piv/attestation.html

[TuanTAg]

@GregDomzalski thank for responding. I will check and revert!

[GregDomzalski]

Closing out old issues.

If this is something you are still encountering and require further assistance, please feel free to re-open this issue.