This document describes the Dyber PKI certificate policy for hardware device attestation. It covers the scope of the Root CA, device EK provisioning, what a valid certificate attests to, how to verify a device certificate chain, CRL update procedures, and revocation contacts.
The Dyber Root CA is a self-signed ML-DSA-65 certificate that serves as the trust anchor for all Dyber hardware device attestation. It signs exactly one subordinate: the Dyber Device Intermediate CA.
The Root CA does not directly sign device certificates, code-signing certificates, TLS certificates, or any other end-entity certificate. It exists solely to anchor the device attestation hierarchy.
The Root CA private key is stored offline in a hardware security module (HSM) and is only brought online to sign or re-sign the Intermediate CA certificate or to sign a new CRL for the Root CA level. Access requires a quorum of key custodians.
The PKI has three levels:
Each device receives exactly one EK certificate at manufacturing time. The EK private key is generated on-device and never leaves the device's secure element. The Intermediate CA signs the corresponding public key.
During manufacturing, each Dyber hardware device undergoes the following provisioning sequence:
Provisioning occurs in an access-controlled facility. The provisioning station communicates with the Intermediate CA signing service over a mutually authenticated TLS channel. Audit logs of all provisioning events are retained.
A valid, unrevoked device EK certificate attests to the following:
The EK certificate does not attest to:
For runtime firmware attestation and tamper state verification, use the device's secure boot log and the remote attestation protocol documented in the QuantaCore SDK.
To verify that a device EK certificate is genuine and unrevoked:
oqs-provider or the QuantaCore SDK.https://ocsp.dyber.org.dyber-cli cert verify \ --ca-bundle /path/to/bundle.pem \ --cert /path/to/device-ek.pem \ --check-crl /path/to/crl.pem
openssl verify \ -provider oqsprovider \ -CAfile root-ca.pem \ -untrusted intermediate-ca.pem \ device-ek.pem
A device EK certificate may be revoked for any of the following reasons:
Revoked certificates are added to the CRL published at https://dyber.org/pki/crl.pem. The OCSP responder at https://ocsp.dyber.org also reflects revocations in real time once operational.
The CRL is regenerated and published every 7 days, or sooner if an emergency revocation occurs. The CRL includes a nextUpdate field indicating when the next scheduled CRL will be published. Relying parties should fetch a new CRL before the nextUpdate time.
For airgapped environments, the CRL can be transferred via removable media. The bundle.zip download at /pki/bundle.zip includes the most recent CRL at the time of download.
The OCSP responder at https://ocsp.dyber.org provides real-time certificate status. It is the preferred method for revocation checking in online environments. The responder supports HTTP GET and POST methods per RFC 6960.
The OCSP responder is operational. Responses are signed by the Intermediate CA using ML-DSA-65. Each response includes a nonce, thisUpdate/nextUpdate timestamps, and the certificate status (good, revoked, or unknown). Responses are valid for 7 days.
This policy may be updated as the PKI matures. Material changes (changes to what a certificate attests to, changes to the trust hierarchy, or changes to revocation procedures) will be announced via the Dyber news page at /news-and-updates/ and reflected in the metadata.json schema_version field.
Non-material clarifications and formatting changes may be made without notice.
Effective date: 2026-06-11. Dyber, Inc.