3.2.2.6.2.1.2.5.2 Processing Rules for Key Attestation Based on a Key
The CA MUST follow the processing rules outlined below to perform key attestation based on a trusted public key.
The CA MUST create a SHA2 hash of the trust module public key as a hexadecimal string with spaces removed.
For each folder location contained by the Config_Hardware_Key_List_Directories ADM element, the CA MUST search for a file with a name matching the SHA2 hash of the public key created in step 1.
Note This search SHOULD be case-insensitive.
If a file is found with the SHA2 hash of the public key as a hexadecimal string with no spaces in step 2, the CA MUST set the CR_FLG_TRUSTEKKEY flag in the Request_Request_Flags column of the Request table ([MS-CSRA] section 3.1.1.1.2) to indicate that key attestation succeeded on a trusted key.