Confirm-CAAttestationIdentityKeyInfo
Checks whether the local CA trusts secure hardware for identity key attestation.
Syntax
Confirm-CAAttestationIdentityKeyInfo
[-PublicKeyHash] <String>
[<CommonParameters>] Confirm-CAAttestationIdentityKeyInfo
[-Certificate] <X509Certificate2>
[<CommonParameters>] Description
The Confirm-CAAttestationIdentityKeyInfo cmdlet checks whether the local certification authority (CA) trusts secure hardware, such as a Trusted Platform Module (TPM), for identity key attestation. The Attestation Identity Key (AIK) replaces the Endorsement Key as an identity for the TPM. An Attestation Identity Key is permanently embedded in the security hardware. The public portion of the key helps to recognize genuine security hardware.
This cmdlet verifies whether the AIK public certificate connects through a certificate chain to an anchor that the CA trusts. Specify an X509 certificate by using the Certificate parameter.
This cmdlet checks whether the AIK public key exists as a file in a folder configured at the local CA for key attestation. Specify the public key by using the PublicKeyHash parameter.
Examples
Example 1: Check certificate
Confirm-CAAttestationIdentityKeyInfo -Certificate Contoso87.cer
TrueThis command checks whether the certificate Contoso87.cer connects, by using a certificate chain, to a trusted anchor.
This example returns a value of $True.
Example 2: Check a key
Confirm-CAAttestationIdentityKeyInfo -PublicKeyHash "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
FalseThe command checks for the public certificate specified as an SHA-256 hash code.
This example returns a value of $False.
The CA does not have this public key.
Parameters
-Certificate
Specifies an X509 public key certificate issued to secure hardware.
| Type: | X509Certificate2 |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-PublicKeyHash
Specifies an Attestation Identity Key (AIK) public key of the secure hardware, as the result of the SHA-256 hash algorithm. This value is a 64 character hexadecimal string.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Inputs
Outputs
Related Links
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for