@@ -64,21 +64,16 @@ keys.
6464
6565## Attestation Key
6666
67- The attestation key (in slot ` F9 ` ) will be used to create an attestation statement (which
68- is an X.509 certificate) that attests a key in slot ` 9A ` , ` 9C ` , ` 9D ` , or ` 9E ` was
69- generated on the YubiKey.
70-
71- Upon manufacture, a private key and cert pair is loaded into slot ` F9 ` . This key is
72- generated by Yubico, the cert is signed by a Yubico CA and chains to a Yubico root. The
73- same key and cert are loaded onto many different YubiKeys. See the article on
74- [ PIV attestation] ( attestation.md ) for more information on this topic.
75-
76- Note that if a private key was imported into one of those slots, it will not be possible
77- to create an attestation statement for that slot.
78-
79- It is possible to have the YubiKey generate a key pair for one of the retired slots
80- (` 82 ` - ` 95 ` ). However, the attestation key will not generate an attestation statement for
81- a key in one of those slots, even if it was generated by the YubiKey.
67+ The attestation key (in slot ` F9 ` ) is used to create an attestation statement (an X.509
68+ certificate), which attests that a key in slot ` 9A ` , ` 9C ` , ` 9D ` , ` 9E ` , or one of the
69+ retired slots (` 82 ` - ` 95 ` ) was * generated* on the YubiKey. If a private key was * imported*
70+ into one of those slots, it will not be possible to create an attestation statement for
71+ that slot.
72+
73+ Upon manufacture, the attestation key (a private key and certificate pair) is loaded into slot
74+ ` F9 ` . This key is generated by Yubico, and the cert is signed by a Yubico CA and chains
75+ to a Yubico root. The same key and cert are loaded onto many different YubiKeys. See the
76+ article on [ PIV attestation] ( attestation.md ) for more information on this topic.
8277
8378## Generate and import asymmetric keys
8479
0 commit comments