3.2.2.6.2.1.2.5.2 Processing Rules for Key Attestation Based on a Key

The CA MUST follow the processing rules outlined below to perform key attestation based on a trusted public key.

1. The CA MUST create a SHA2 hash of the trust module public key as a hexadecimal string with spaces removed.

2. For each folder location contained by the Config_Hardware_Key_List_Directories ADM element, the CA MUST search for a file with a name matching the SHA2 hash of the public key created in step 1.

   Note This search SHOULD be case-insensitive.

3. If a file is found with the SHA2 hash of the public key as a hexadecimal string with no spaces in step 2, the CA MUST set the CR_FLG_TRUSTEKKEY flag in the Request_Request_Flags column of the Request table ([MS-CSRA] section 3.1.1.1.2) to indicate that key attestation succeeded on a trusted key.