SoloKeys Solo 2 PKI

Each Solo 2 "secure" device contains three keys and corresponding certificates that are unique to the device, the so-called "Trussed device keys".
You can look these up by visiting https://s2pki.net/lookup.

Root Certificates

SoloKeys Root

• SoloKeys Root R1 (RSA 4096, O = SoloKeys, CN = Root R1):
  • Self-signed: der, pem, txt

    CRL: der, pem, txt

Intermediate Certificates

Trussed Intermediate

• SoloKeys T1 (Ed255, O = SoloKeys, CN = T1):
  • Signed by Root R1 (pathlen = 1): der, pem, txt
  • Cross-signed by Trussed Alliance Vendor Certification V1 (pathlen = 0): todo
• SoloKeys T2 (P256, O = SoloKeys, CN = T2):
  • Signed by Root R1 (pathlen = 1): der, pem, txt
  • Cross-signed by Trussed Alliance Vendor Certification V1 (pathlen = 0): todo

Trussed Device

Example: Solo 2 device with UUID 770DE0ACAA8C67A75D15DA979349EE9B

• SoloKeys Solo 2 770DE0ACAA8C67A75D15DA979349EE9B Ed255 (Ed255, O = SoloKeys, CN = Solo 2 770DE0ACAA8C67A75D15DA979349EE9B Ed255):
  • Signed by T1 (pathlen = 0): der, pem, txt
• SoloKeys Solo 2 770DE0ACAA8C67A75D15DA979349EE9B P256 (P256, O = SoloKeys, CN = Solo 2 770DE0ACAA8C67A75D15DA979349EE9B P256):
  • Signed by T2 (pathlen = 0): der, pem, txt

FIDO Intermediate

• SoloKeys F1 (P256, O = SoloKeys, CN = F1):
  • Signed by Root R1 (pathlen = 0): der, pem, txt

Entity Certificates

Trussed Device

Example: Solo 2 device with UUID 770DE0ACAA8C67A75D15DA979349EE9B

• SoloKeys Solo 2 770DE0ACAA8C67A75D15DA979349EE9B X255 (X255, O = SoloKeys, CN = Solo 2 770DE0ACAA8C67A75D15DA979349EE9B X255):
  • Signed by T1: der, pem, txt

Solo 2 Signed Firmware

• SoloKeys S1 (active, RSA 2048, O = SoloKeys, C = US, CN = S1):
  • Signed by Root R1: der, pem, txt
  • Self-signed: der, pem, txt
• SoloKeys S2 (backup, RSA 2048, O = SoloKeys, C = US, CN = S2):
  • Signed by Root R1: der, pem, txt
  • Self-signed: der, pem, txt
• SoloKeys S3 (active, RSA 2048, O = SoloKeys, C = CH, CN = S3):
  • Signed by Root R1: der, pem, txt
  • Self-signed: der, pem, txt
• SoloKeys S4 (active, RSA 2048, O = SoloKeys, C = CH, CN = S4):
  • Signed by Root R1: der, pem, txt
  • Self-signed: der, pem, txt

FIDO Batch Attestation

• SoloKeys B1 (shared, P-256, O = SoloKeys, OU = Authenticator Attestation, CN = Solo 2 NFC+USB-A 8652ABE9FBD84810A840D6FC442A8C2C B1):
  • Signed by F1: der, pem, txt
• SoloKeys B2 (shared, P-256, O = SoloKeys, OU = Authenticator Attestation, CN = Solo 2 NFC+USB-C 2369D4D013CE48CB9F26F7ED8C9A6068 B2):
  • Signed by F1: der, pem, txt
• SoloKeys B3 (shared, P-256, O = SoloKeys, OU = Authenticator Attestation, CN = Solo 2 USB-A 5D684CEA941B4D5C99FD61BEB53524E0 B3):
  • Signed by F1: der, pem, txt
• SoloKeys B4 (shared, P-256, O = SoloKeys, OU = Authenticator Attestation, CN = Solo 2 USB-C 1CEF53DDBFFA4F0797AC984B37FE8658 B4):
  • Signed by F1: der, pem, txt