Per Nilsson

You could also use YubiHSM-auth, i.e. using a YubiKey to authenticate to the HSM. Then you could created a number of them with a single symmetric key for instance. Or...

Yes I can see the value that would create. I'm pushing product management.

With asymmetric authentication both parties have their own key pair. Each party can trust they are talking to the party they intend to by using the public key of the...

So in short, the authentication key is the public key of the client, that the YubiHSM trusts. The device public key is what the client trusts. As long as the...

The attestation (certificate) will contain the key id of the key that was attested, so that can be used to verify that the attestation is for the device public key...

You _can_ attest it directly by specifying target key id 0

I will double check the documentation and ensure it is there if it isn't already. Thanks for your feedback.

I just tested this and it works for me. Could there possibly be another key on the device with the same label that isn't an AES key ?

I can't comment on our future roadmap, sorry.

One suggestion would be to build it with static dependencies, by specifying -DENABLE_STATIC=1 to cmake, and see if that solves the issue.