Attestation keys are keypairs. The private keys are used by the Mobile or Smart ID Mobile / Smart ID Desktop App to sign Certification Signing Requests (CSR) while the public keys are used by IDM to verify these requests.
As the default, built-in attestation keys can be found in any Smart ID Mobile or / Smart ID Desktop App installation, any device, even personal ones, can install the App and try to request certificates. Configuring custom keypairs limits the devices that can request certificates to devices whose Mobile/Desktop App has the custom private key installed. The corresponding public keys can be configured into IDM. This process consists of two steps:
...