Site icon

ATKey FIDO2 Security Key AAGUIDs

The FIDO2 specification details a new way to identify authenticators, which is a 128-bit code that indicates the type of authenticator (e.g., brand and model). The AAGUID must be selected by the manufacturer to be consistent across all authenticators manufactured by that manufacturer that are essentially identical and different from the AAGUID of all other types of authenticators (with probabilities 1-2-128 or greater). The AAGUID is represented as a string (e.g., “7a98c250-6808-11cf-b73b-00aa00b677a7”) consisting of five hexadecimal strings separated by a dash (“-“).

New AAGUIDs will be issued for our new products that support FIDO2, or when existing products have features added or taken away.

 


ATKeys AAGUID

Prodcut NameFirmwareFIDO2 AAGUID
ATKey.ProCTAP2.0 firmware 1.xe1a96183-5016-4f24-b55b-e3ae23614cc6
ATKey.ProCTAP2.1 firmware 2.xe416201b-afeb-41ca-a03d-2281c28322aa
ATKey.ProCTAP2.1 firmware 5.xba76a271-6eb6-4171-874d-b6428dbe3437
ATKey.Card
EOL in 2024.08d41f5a69-b817-4144-a13c-9ebd6d9254d6
ATKey.Card NFC
CTAP2.1da1fa263-8b25-42b6-a820-c0036f21ba7f

Normally, there are two ways to obtain your AAGUID. You can ask the security key provider or view the details of how each subscriber key is verified. Please see the example from the Microsoft document: