远程证明服务

更新时间:2025-04-02 05:30:25

阿里云远程证明服务是一个统一的解决方案,用于验证平台的可信度和在该平台中运行的代码的完整性。该服务支持对基于可信平台模块TPM(Trusted Platform Module)的平台进行证明,以及对可信加密执行环境TEE(Trusted Execution Environment)的状态进行证明。本文介绍远程证明服务的工作原理及如何使用远程证明服务。

工作原理

阿里云远程证明服务以 RFC 9394 - Remote ATtestation procedureS (RATS) Architecture 为基础,可用于验证阿里云安全增强型实例的安全状态和可信性。该服务涉及以下角色:

  • 证明者(Attester):使用阿里云ECS实例的用户,需要向依赖方证明ECS实例的身份及可信度。

  • 依赖方(Relying Party):需要验证证明者身份及可信度的实体,依赖方会基于TPM、TEE等度量信息作为基准数据生成评估策略。

  • 验证方(Verifier):阿里云远程证明服务,负责将证据与评估策略进行比较,并得出验证结果。

典型的使用方法为护照模型(Passport model)和背调模型(Backgroud-Check model),两者之间的差异如下:

  • Attester数量显著少于Relying Party时护照模式通常有更好的扩展性。

  • 背调模型中Relying party可以随时联系Attestation Service进行远程证明,通常而言具备更好的安全性。

image

计费说明

阿里云远程证明服务本身不收费。

但您需要对使用远程证明服务的ECS实例进行付费。

远程证明服务OpenAPI示例

阿里云远程证明服务支持基于vTPM平台模块的可信计算实例和基于Intel SGX/TDX/Enclave的机密计算实例。

  • 针对vTPM的远程证明服务,您需要使用阿里云账号开通云安全中心服务。

  • 针对机密计算实例特性Intel SGX/TDX等的远程证明服务,您可以通过匿名的HTTP方式访问。

OpenID Connect (OIDC)相关API

阿里云远程证明服务提供OIDC标准兼容的API,您可以将阿里云远程证明服务视为一个标准的identity provider (IdP) 服务。

  • 阿里云远程证明服务通过为可信计算实例、机密计算实例颁发OIDC Token以向依赖方(Relying Party)证明ECS实例的身份。

  • 依赖方可以通过OIDC的标准流程验证OIDC Token的密码学有效性。

OpenID Connect Discovery

OpenID Connect Discovery(OIDC Discovery)可以简化和自动化依赖方(Relying Party)与远程证明服务之间的交互过程。它的主要作用是允许依赖方(Relying Party)通过一个标准化的端点(即.well-known/openid-configuration)动态获取与身份验证相关的配置信息,而无需手动配置或硬编码这些信息。

例如,您可以将阿里云远程证明服务配置为阿里云RAMAWS IAM的外部identity provider (IdP),以为可信实例、机密计算实例提供可信身份凭证。

curl https://attest.cn-beijing.aliyuncs.com/.well-known/openid-configuration

请求响应示例:

{
  "authorization_endpoint": "https://attest.cn-beijing.aliyuncs.com/authorize",
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "issuer": "https://attest.cn-beijing.aliyuncs.com",
  "jwks_uri": "https://attest.cn-beijing.aliyuncs.com/jwks.json",
  "response_types_supported": [
    "code",
    "code id_token",
    "id_token",
    "token id_token"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "https://attest.cn-beijing.aliyuncs.com/token",
  "userinfo_endpoint": "https://attest.cn-beijing.aliyuncs.com/userinfo"
}

远程证明vTPM可信实例

更多可信实例信息,请参见可信计算能力概述

上报证据

请求参数示例(该接口需鉴权后方可调用,请参考请求结构和签名机制进行调用):

access https://trusted-server.cn-hangzhou.aliyuncs.com?Action=PutMessage&PropertyUuid=0f74b5cc-ff0e-4fa6-b457-************&FileData=******************

请求响应示例:

{
	"PropertyName": "instance-name",
	"SystemTrustDetail": {
		"pcr3": "d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198exxxx",
		"pcr4": "c35cef3b92c3850dc0bfa6139b25dc1c4c3d642b8587bde0fiemd847ufjxxxx",
		"pcr5": "aabd7d8c76c931dabed7ea53d1c8f96036c42a29435680ddff3f3148ff70xxxx",
		"pcr6": "d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198exxxx",
		"pcr0": "d22aa1bba22e829456f0cfda0d87690e6c252032864643da353133f161xxxx",
		"pcr1": "d9f056a703f04e4f408445752e97e92c890266d32e2ff1df3e80545aab4fxxxx",
		"pcr2": "d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198exxxx",
		"pcr7": "dd794f2d0c4cfa28dc9b5a3266e8516378ba551190d9844c38b890f7ad27xxxx",
		"pcr8": "deb301d065009d62980110d8173e350bbd43a4997ad74bf358ce5399c0ecxxxx",
		"pcr9": "ffe25e93ac7d245159184ac68c7dd5783e4cea978fafb1ad036bc861a8cdxxxx"
	},
	"RequestId": "D0E0C1D2-2937-54D4-9C52-XXXXXXXXXXXX",
	"SystemExceptionNum": 0,
	"ProgramWhiteListId": -1,
	"SystemWhiteListId": 1234,
	"ProgramTrustStatus": 4,
	"SystemTrustStatus": 1,
	"GmtModified": 1698975648000,
	"ProgramWhiteListName": "",
	"GmtRecentReport": 1698975648000,
	"OnlineStatus": 1,
	"Extensions": {
		"pcr5": "d1dac9c104c63c7e24f27962f4ad1df639a3f3224b1a968a45916207cf3xxxx"
	},
	"PropertyPrivateIp": "1.1.X.X",
	"PropertyPublicIp": "1.1.X.X",
	"GmtCreate": 1698385542000,
	"PropertyUuid": "c13fcabe-6683-4a9f-8cdd-xxxxxxxxxxxx",
	"ProgramTrustDetail": "{}",
	"ProgramExceptionNum": 0,
	"PropertyAffiliation": 1
}

查询证明结果

请求参数示例:

access https://trusted-server.cn-beijing.aliyuncs.com?Action=DescribeInstance&PropertyUuid=0f74b5cc-ff0e-4fa6-b457-1dc58072****

请求响应示例:

{
  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3****"
  "data": {
    "nextClientIMAIndex": 0,
    "systemVerificationResult": {
      "status": 1,
      "code": "TrustedStatus"
    },
    "programVerificationResult": {
      "status": 1,
      "code": "TrustedStatus"
    }
  }
}

远程证明SGX/TDX机密实例

更多SGX/TDX机密实例信息,请参见构建SGX机密计算环境构建TDX机密计算环境

获取平台TCB信息

请求参数示例:

curl https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v3/tcb?fmspc=00606A000000

请求响应示例:

{
	"tcbInfo": {
		"version": 2,
		"issueDate": "2023-10-11T08:09:33Z",
		"nextUpdate": "2023-12-18T08:09:33Z",
		"fmspc": "00606A000000",
		"pceId": "0000",
		"tcbType": 0,
		"tcbEvaluationDataNumber": 12,
		"tcbLevels": [{
			"tcb": {
				"sgxtcbcomp01svn": 4,
				"sgxtcbcomp02svn": 4,
				"sgxtcbcomp03svn": 3,
				"sgxtcbcomp04svn": 3,
				"sgxtcbcomp05svn": 255,
				"sgxtcbcomp06svn": 255,
				"sgxtcbcomp07svn": 0,
				"sgxtcbcomp08svn": 0,
				"sgxtcbcomp09svn": 0,
				"sgxtcbcomp10svn": 0,
				"sgxtcbcomp11svn": 0,
				"sgxtcbcomp12svn": 0,
				"sgxtcbcomp13svn": 0,
				"sgxtcbcomp14svn": 0,
				"sgxtcbcomp15svn": 0,
				"sgxtcbcomp16svn": 0,
				"pcesvn": 11
			},
			"tcbDate": "2021-11-10T00:00:00Z",
			"tcbStatus": "UpToDate"
		}, {
			"tcb": {
				"sgxtcbcomp01svn": 4,
				"sgxtcbcomp02svn": 4,
				"sgxtcbcomp03svn": 3,
				"sgxtcbcomp04svn": 3,
				"sgxtcbcomp05svn": 255,
				"sgxtcbcomp06svn": 255,
				"sgxtcbcomp07svn": 0,
				"sgxtcbcomp08svn": 0,
				"sgxtcbcomp09svn": 0,
				"sgxtcbcomp10svn": 0,
				"sgxtcbcomp11svn": 0,
				"sgxtcbcomp12svn": 0,
				"sgxtcbcomp13svn": 0,
				"sgxtcbcomp14svn": 0,
				"sgxtcbcomp15svn": 0,
				"sgxtcbcomp16svn": 0,
				"pcesvn": 10
			},
			"tcbDate": "2020-11-11T00:00:00Z",
			"tcbStatus": "OutOfDate"
		}, {
			"tcb": {
				"sgxtcbcomp01svn": 4,
				"sgxtcbcomp02svn": 4,
				"sgxtcbcomp03svn": 3,
				"sgxtcbcomp04svn": 3,
				"sgxtcbcomp05svn": 255,
				"sgxtcbcomp06svn": 255,
				"sgxtcbcomp07svn": 0,
				"sgxtcbcomp08svn": 0,
				"sgxtcbcomp09svn": 0,
				"sgxtcbcomp10svn": 0,
				"sgxtcbcomp11svn": 0,
				"sgxtcbcomp12svn": 0,
				"sgxtcbcomp13svn": 0,
				"sgxtcbcomp14svn": 0,
				"sgxtcbcomp15svn": 0,
				"sgxtcbcomp16svn": 0,
				"pcesvn": 5
			},
			"tcbDate": "2018-01-04T00:00:00Z",
			"tcbStatus": "OutOfDate"
		}]
	},
	"signature": "21750a9a4173140379971c9eeaeee8dd27364cae4fdc45e19825bcddb0e5942941cb7cad8067aaaa98c75a0a0cfa9de329eb7d875957bd633a248bc328a0xxxx"
}

获取QE身份

请求参数示例:

curl https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v3/qe/identity

请求响应示例:

{
	"enclaveIdentity": {
		"id": "QE",
		"version": 2,
		"issueDate": "2023-11-01T14:57:38Z",
		"nextUpdate": "2023-12-01T14:57:38Z",
		"tcbEvaluationDataNumber": 16,
		"miscselect": "00000000",
		"miscselectMask": "FFFFFFFF",
		"attributes": "11000000000000000000000000000000",
		"attributesMask": "FBFFFFFFFFFFFFFF0000000000000000",
		"mrsigner": "8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C5xxxx",
		"isvprodid": 1,
		"tcbLevels": [{
				"tcb": {
					"isvsvn": 8
				},
				"tcbDate": "2023-08-09T00:00:00Z",
				"tcbStatus": "UpToDate"
			},
			{
				"tcb": {
					"isvsvn": 6
				},
				"tcbDate": "2021-11-10T00:00:00Z",
				"tcbStatus": "OutOfDate"
			}, {
				"tcb": {
					"isvsvn": 5
				},
				"tcbDate": "2020-11-11T00:00:00Z",
				"tcbStatus": "OutOfDate"
			}, {
				"tcb": {
					"isvsvn": 4
				},
				"tcbDate": "2019-11-13T00:00:00Z",
				"tcbStatus": "OutOfDate"
			}, {
				"tcb": {
					"isvsvn": 2
				},
				"tcbDate": "2019-05-15T00:00:00Z",
				"tcbStatus": "OutOfDate"
			}, {
				"tcb": {
					"isvsvn": 1
				},
				"tcbDate": "2018-08-15T00:00:00Z",
				"tcbStatus": "OutOfDate"
			}
		]
	},
	"signature": "593f79398d6400e62d14f1066e69e4e5bb44ed7544b18713d8020354e7601481681dc812a124672bfedd0e54ab31179fac442400c011ebca6b00c44d805bxxxx"
}

获取QvE身份

请求参数示例:

curl https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v3/qve/identity

请求响应示例:

{
	"enclaveIdentity": {
		"id": "QVE",
		"version": 2,
		"issueDate": "2023-11-01T15:45:01Z",
		"nextUpdate": "2023-12-01T15:45:01Z",
		"tcbEvaluationDataNumber": 16,
		"miscselect": "00000000",
		"miscselectMask": "FFFFFFFF",
		"attributes": "01000000000000000000000000000000",
		"attributesMask": "FBFFFFFFFFFFFFFF0000000000000000",
		"mrsigner": "8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C5xxxx",
		"isvprodid": 2,
		"tcbLevels": [{
			"tcb": {
				"isvsvn": 3
			},
			"tcbDate": "2023-08-09T00:00:00Z",
			"tcbStatus": "UpToDate"
		}]
	},
	"signature": "251bb1301cb499cb8161a9b885fad8ceeb06b497f1e4a83c8de2d0f2e9e82c3ce0f22ce2ef6c6a789dcc287bb0a1da12a822a465395b54c9046aacfee7ceaff6"
}

远程证明TDX机密虚拟机实例

获取OIDC Token

发送 TEE Evidence至阿里云远程证明服务,阿里云远程证明服务基于平台策略完成对Evidence的评估后,返回一个由阿里云签发的JSON Web Token(JWT, RFC 7519)。

curl -X POST https://attest.cn-beijing.aliyuncs.com/v1/attestation -d '{
  "evidence": "evidencebase64",
  "tee": "tdx",
  // empty policy_ids means only check the cryptographic integrity of the evidence
  "policy_ids": []
}'

请求体的内容如下:

Name

Type

Description

Name

Type

Description

tee

string

TEE类型,支持以下类型:

  • tdx: Intel TDX实例。

  • nvgpu: NVIDIA GPU实例。

  • acstdxnvgpu: 阿里云机密计算实例。

evidence

string

URL SAFE NO PADBase64编码证据。

policy_ids (optional)

string[]

用于检查证据的策略ID的列表。

policy_ids是可选项,如果没有提供,将使用默认值。

runtime_data (optional)

json

运行时数据,可选项。

指定runtime_data时,raw字段应包含Base64编码的运行时数据片段,并将其作为预期的运行时数据,与证据内的数据进行核对。

runtime_data示例:{“raw”: “YWFhCg==..."}

响应为符合OIDC标准的JWT,具体响应示例如下:

eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ2NTM1NTBjLTU1NTEtNWU2Zi05MmI1LTIyZjUzMDIyOTc1MSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJodHRwczovL2F0dGVzdC5jbi1iZWlqaW5nLmFsaXl1bmNzLmNvbSIsImN1c3RvbWl6ZWRfY2xhaW1zIjp7ImluaXRfZGF0YSI6bnVsbCwicnVudGltZV9kYXRhIjpudWxsfSwiZWF0X3Byb2ZpbGUiOiJodHRwczovL3d3dy5hbGliYWJhY2xvdWQuY29tL2hlbHAvZW4vZWNzL3VzZXItZ3VpZGUvZWF0LXByb2ZpbGUiLCJldmFsdWF0aW9uLXJlcG9ydHMiOlt7InBvbGljeS1oYXNoIjpudWxsLCJwb2xpY3ktaWQiOiJkZWZhdWx0In1dLCJleHAiOjE3NDMwMDUzNjUsImlhdCI6MTc0Mjk4Mzc2NSwiaXNzIjoiaHR0cHM6Ly9hdHRlc3QuY24tYmVpamluZy5hbGl5dW5jcy5jb20iLCJqdGkiOiIwMzljZGZjOS02ZWMxLTQxZDQtOGRhOC02YTU5NTg0YzJmYTkiLCJuYmYiOjE3NDI5ODM3NjUsInRjYi1zdGF0dXMiOiJ7XCJpbml0X2RhdGFcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwicmVwb3J0X2RhdGFcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwXCIsXCJ0ZHgucXVvdGUuYm9keS5tcl9jb25maWdfaWRcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkubXJfb3duZXJcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkubXJfb3duZXJfY29uZmlnXCI6XCIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDBcIixcInRkeC5xdW90ZS5ib2R5Lm1yX3NlYW1cIjpcIjFjYzZhMTdhYjc5OWU5YTY5M2ZhYzc1MzZiZTYxYzEyZWUxZTBmYWJhZGE4MmQwYzk5OWUwOGNjZWUyYWE4NmRlNzdiMDg3MGY1NThjNTcwZTdmZmU1NWQ2ZDQ3ZmEwNFwiLFwidGR4LnF1b3RlLmJvZHkubXJfc2VydmljZXRkXCI6XCIzODNjODdkM2JiYjA0N2IyZDE3MWVhY2E5NTMxMmVkZTk5ZjI1ODA4OGRjNzg4ZjZhZTJjY2Y4YjZkZDg0OGZlOGQ0NzYyOWUwOGIzZjZjYmQ0YTAwZGQ0N2E1YTAzM2RcIixcInRkeC5xdW90ZS5ib2R5Lm1yX3RkXCI6XCJiMGU1MmM1OTU3NzUyM2IxN2FkNTUzYzZmZmZiMGY1ZjM0OTZkYmYzY2NjYTY5ZmJiMmVhODdjZjRmOTM4MTU3NTUwMDA1YzkyYTk4MTMwZDhkMzA1MDdjYTVjNjUyZGZcIixcInRkeC5xdW90ZS5ib2R5Lm1yc2lnbmVyX3NlYW1cIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkucmVwb3J0X2RhdGFcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwXCIsXCJ0ZHgucXVvdGUuYm9keS5ydG1yXzBcIjpcIjIyM2JlNjdmMWRiYzBjMmM2N2JiYWU5MTliMjk1MGY2MGY2OGFhYTlkNjA5NzM5OGFmMmRhZGE2ZDk4Zjk2NGY2YWVjY2U5YjM3NjQzYTc2NzA4ZTA3ZTBkOTUxOWY4NFwiLFwidGR4LnF1b3RlLmJvZHkucnRtcl8xXCI6XCI1YzNjZDMzNjQ4YmQ0N2I4ZDI0MjZlYzQ3NjBlMGYwZGI1MTAzYjk1NmY4ZTAzN2VmMmIxNzkzOWVkMTI1YTI5N2U5NjZmMzExMTJjMDUwYjVhMDliNDQ0ZmI2NDMyZDdcIixcInRkeC5xdW90ZS5ib2R5LnJ0bXJfMlwiOlwiMTA4MzU3YzM5ZThkYzhmMTUwYTMzNzM4NTY3YWY0NTE5MDhmODBkZGZjOGMxNDgwMWZiZDUxM2YzMDdkYTk5MDgyZWEwYWJhOGNjN2UwNDI5NDBmMzEwZTU0YzhhYjEwXCIsXCJ0ZHgucXVvdGUuYm9keS5ydG1yXzNcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkuc2VhbV9hdHRyaWJ1dGVzXCI6XCIwMDAwMDAwMDAwMDAwMDAwXCIsXCJ0ZHgucXVvdGUuYm9keS50Y2Jfc3ZuXCI6XCIwNTAxMDYwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkudGRfYXR0cmlidXRlc1wiOlwiMDAwMDAwMTAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkudGVlX3RjYl9zdm4yXCI6XCIwNTAxMDYwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkueGZhbVwiOlwiZTc0MjA2MDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmhlYWRlci5hdHRfa2V5X3R5cGVcIjpcIjAyMDBcIixcInRkeC5xdW90ZS5oZWFkZXIucmVzZXJ2ZWRcIjpcIjAwMDAwMDAwXCIsXCJ0ZHgucXVvdGUuaGVhZGVyLnRlZV90eXBlXCI6XCI4MTAwMDAwMFwiLFwidGR4LnF1b3RlLmhlYWRlci51c2VyX2RhdGFcIjpcIjJjMzBhZDEyYzAzNzFhMmMyNDlmNGE5MDMwNWMzZjU2MDAwMDAwMDBcIixcInRkeC5xdW90ZS5oZWFkZXIudmVuZG9yX2lkXCI6XCI5MzlhNzIzM2Y3OWM0Y2E5OTQwYTBkYjM5NTdmMDYwN1wiLFwidGR4LnF1b3RlLmhlYWRlci52ZXJzaW9uXCI6XCIwNTAwXCIsXCJ0ZHgucXVvdGUuc2l6ZVwiOlwiODgwMjAwMDBcIixcInRkeC5xdW90ZS50eXBlXCI6XCIwMzAwXCIsXCJ0ZHgudGRfYXR0cmlidXRlcy5kZWJ1Z1wiOmZhbHNlLFwidGR4LnRkX2F0dHJpYnV0ZXMua2V5X2xvY2tlclwiOmZhbHNlLFwidGR4LnRkX2F0dHJpYnV0ZXMucGVyZm1vblwiOmZhbHNlLFwidGR4LnRkX2F0dHJpYnV0ZXMucHJvdGVjdGlvbl9rZXlzXCI6ZmFsc2UsXCJ0ZHgudGRfYXR0cmlidXRlcy5zZXB0dmVfZGlzYWJsZVwiOnRydWV9IiwidGVlIjoidGR4In0.apt9yyHsJ4WoUwuqw-GivyjM_-W0m3p2p0xavtILExgAnaHMTv7hVvvuyjlnKHmLc8svTPZMAfYvbl0UJTpFkJ5TPQQ0wLijS69bsvG1mG8cltAwzI92BaAV8BdgMxUu9GWGQGaZRyEH-OJdM5HQBmo35YwCVYeNmwVGNdZ2h59D6fHIk1BUkVoPTmk0sE7aSnP_KblkfPL_Vh3ovs9MpAralCv2JO7cMCau0CqSoQTIORjh9i0BBXrt1y8y6gmpjEFDWMsIqW-k8cRhdANk_9CpBCN02jVwQXEHMnk0SAm4BCrCdyteXBNZfpN-3LCXQkkTyUEoaZXGHPm15cTbpg

您可以利用JWT Debugger调试器在测试环境中验证OIDC Token的有效性。关于JWT Claims中的具体内容和解释,请参见远程证明服务EAT Profile

  • 本页导读 (1)
  • 工作原理
  • 计费说明
  • 远程证明服务OpenAPI示例
  • OpenID Connect (OIDC)相关API
  • 远程证明vTPM可信实例
  • 远程证明SGX/TDX机密实例
  • 远程证明TDX机密虚拟机实例