阿里云远程证明服务是一个统一的解决方案,用于验证平台的可信度和在该平台中运行的代码的完整性。该服务支持对基于可信平台模块TPM(Trusted Platform Module)的平台进行证明,以及对可信加密执行环境TEE(Trusted Execution Environment)的状态进行证明。本文介绍远程证明服务的工作原理及如何使用远程证明服务。
工作原理
阿里云远程证明服务以 RFC 9394 - Remote ATtestation procedureS (RATS) Architecture 为基础,可用于验证阿里云安全增强型实例的安全状态和可信性。该服务涉及以下角色:
证明者(Attester):使用阿里云ECS实例的用户,需要向依赖方证明ECS实例的身份及可信度。
依赖方(Relying Party):需要验证证明者身份及可信度的实体,依赖方会基于TPM、TEE等度量信息作为基准数据生成评估策略。
验证方(Verifier):阿里云远程证明服务,负责将证据与评估策略进行比较,并得出验证结果。
典型的使用方法为护照模型(Passport model)和背调模型(Backgroud-Check model),两者之间的差异如下:
当Attester数量显著少于Relying Party时护照模式通常有更好的扩展性。
背调模型中Relying party可以随时联系Attestation Service进行远程证明,通常而言具备更好的安全性。
计费说明
阿里云远程证明服务本身不收费。
但您需要对使用远程证明服务的ECS实例进行付费。
远程证明服务OpenAPI示例
阿里云远程证明服务支持基于vTPM平台模块的可信计算实例和基于Intel SGX/TDX/Enclave的机密计算实例。
针对vTPM的远程证明服务,您需要使用阿里云账号开通云安全中心服务。
针对机密计算实例特性Intel SGX/TDX等的远程证明服务,您可以通过匿名的HTTP方式访问。
OpenID Connect (OIDC)相关API
阿里云远程证明服务提供OIDC标准兼容的API,您可以将阿里云远程证明服务视为一个标准的identity provider (IdP) 服务。
阿里云远程证明服务通过为可信计算实例、机密计算实例颁发OIDC Token以向依赖方(Relying Party)证明ECS实例的身份。
依赖方可以通过OIDC的标准流程验证OIDC Token的密码学有效性。
OpenID Connect Discovery
OpenID Connect Discovery(OIDC Discovery)可以简化和自动化依赖方(Relying Party)与远程证明服务之间的交互过程。它的主要作用是允许依赖方(Relying Party)通过一个标准化的端点(即.well-known/openid-configuration)动态获取与身份验证相关的配置信息,而无需手动配置或硬编码这些信息。
例如,您可以将阿里云远程证明服务配置为阿里云RAM或AWS IAM的外部identity provider (IdP),以为可信实例、机密计算实例提供可信身份凭证。
curl https://attest.cn-beijing.aliyuncs.com/.well-known/openid-configuration请求响应示例:
{
"authorization_endpoint": "https://attest.cn-beijing.aliyuncs.com/authorize",
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://attest.cn-beijing.aliyuncs.com",
"jwks_uri": "https://attest.cn-beijing.aliyuncs.com/jwks.json",
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token"
],
"subject_types_supported": [
"public"
],
"token_endpoint": "https://attest.cn-beijing.aliyuncs.com/token",
"userinfo_endpoint": "https://attest.cn-beijing.aliyuncs.com/userinfo"
}远程证明vTPM可信实例
更多可信实例信息,请参见可信计算能力概述。
上报证据
请求参数示例(该接口需鉴权后方可调用,请参考请求结构和签名机制进行调用):
access https://trusted-server.cn-hangzhou.aliyuncs.com?Action=PutMessage&PropertyUuid=0f74b5cc-ff0e-4fa6-b457-************&FileData=******************请求响应示例:
{
"PropertyName": "instance-name",
"SystemTrustDetail": {
"pcr3": "d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198exxxx",
"pcr4": "c35cef3b92c3850dc0bfa6139b25dc1c4c3d642b8587bde0fiemd847ufjxxxx",
"pcr5": "aabd7d8c76c931dabed7ea53d1c8f96036c42a29435680ddff3f3148ff70xxxx",
"pcr6": "d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198exxxx",
"pcr0": "d22aa1bba22e829456f0cfda0d87690e6c252032864643da353133f161xxxx",
"pcr1": "d9f056a703f04e4f408445752e97e92c890266d32e2ff1df3e80545aab4fxxxx",
"pcr2": "d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198exxxx",
"pcr7": "dd794f2d0c4cfa28dc9b5a3266e8516378ba551190d9844c38b890f7ad27xxxx",
"pcr8": "deb301d065009d62980110d8173e350bbd43a4997ad74bf358ce5399c0ecxxxx",
"pcr9": "ffe25e93ac7d245159184ac68c7dd5783e4cea978fafb1ad036bc861a8cdxxxx"
},
"RequestId": "D0E0C1D2-2937-54D4-9C52-XXXXXXXXXXXX",
"SystemExceptionNum": 0,
"ProgramWhiteListId": -1,
"SystemWhiteListId": 1234,
"ProgramTrustStatus": 4,
"SystemTrustStatus": 1,
"GmtModified": 1698975648000,
"ProgramWhiteListName": "",
"GmtRecentReport": 1698975648000,
"OnlineStatus": 1,
"Extensions": {
"pcr5": "d1dac9c104c63c7e24f27962f4ad1df639a3f3224b1a968a45916207cf3xxxx"
},
"PropertyPrivateIp": "1.1.X.X",
"PropertyPublicIp": "1.1.X.X",
"GmtCreate": 1698385542000,
"PropertyUuid": "c13fcabe-6683-4a9f-8cdd-xxxxxxxxxxxx",
"ProgramTrustDetail": "{}",
"ProgramExceptionNum": 0,
"PropertyAffiliation": 1
}查询证明结果
请求参数示例:
access https://trusted-server.cn-beijing.aliyuncs.com?Action=DescribeInstance&PropertyUuid=0f74b5cc-ff0e-4fa6-b457-1dc58072****请求响应示例:
{
"RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3****"
"data": {
"nextClientIMAIndex": 0,
"systemVerificationResult": {
"status": 1,
"code": "TrustedStatus"
},
"programVerificationResult": {
"status": 1,
"code": "TrustedStatus"
}
}
}远程证明SGX/TDX机密实例
更多SGX/TDX机密实例信息,请参见构建SGX机密计算环境和构建TDX机密计算环境。
获取平台TCB信息
请求参数示例:
curl https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v3/tcb?fmspc=00606A000000请求响应示例:
{
"tcbInfo": {
"version": 2,
"issueDate": "2023-10-11T08:09:33Z",
"nextUpdate": "2023-12-18T08:09:33Z",
"fmspc": "00606A000000",
"pceId": "0000",
"tcbType": 0,
"tcbEvaluationDataNumber": 12,
"tcbLevels": [{
"tcb": {
"sgxtcbcomp01svn": 4,
"sgxtcbcomp02svn": 4,
"sgxtcbcomp03svn": 3,
"sgxtcbcomp04svn": 3,
"sgxtcbcomp05svn": 255,
"sgxtcbcomp06svn": 255,
"sgxtcbcomp07svn": 0,
"sgxtcbcomp08svn": 0,
"sgxtcbcomp09svn": 0,
"sgxtcbcomp10svn": 0,
"sgxtcbcomp11svn": 0,
"sgxtcbcomp12svn": 0,
"sgxtcbcomp13svn": 0,
"sgxtcbcomp14svn": 0,
"sgxtcbcomp15svn": 0,
"sgxtcbcomp16svn": 0,
"pcesvn": 11
},
"tcbDate": "2021-11-10T00:00:00Z",
"tcbStatus": "UpToDate"
}, {
"tcb": {
"sgxtcbcomp01svn": 4,
"sgxtcbcomp02svn": 4,
"sgxtcbcomp03svn": 3,
"sgxtcbcomp04svn": 3,
"sgxtcbcomp05svn": 255,
"sgxtcbcomp06svn": 255,
"sgxtcbcomp07svn": 0,
"sgxtcbcomp08svn": 0,
"sgxtcbcomp09svn": 0,
"sgxtcbcomp10svn": 0,
"sgxtcbcomp11svn": 0,
"sgxtcbcomp12svn": 0,
"sgxtcbcomp13svn": 0,
"sgxtcbcomp14svn": 0,
"sgxtcbcomp15svn": 0,
"sgxtcbcomp16svn": 0,
"pcesvn": 10
},
"tcbDate": "2020-11-11T00:00:00Z",
"tcbStatus": "OutOfDate"
}, {
"tcb": {
"sgxtcbcomp01svn": 4,
"sgxtcbcomp02svn": 4,
"sgxtcbcomp03svn": 3,
"sgxtcbcomp04svn": 3,
"sgxtcbcomp05svn": 255,
"sgxtcbcomp06svn": 255,
"sgxtcbcomp07svn": 0,
"sgxtcbcomp08svn": 0,
"sgxtcbcomp09svn": 0,
"sgxtcbcomp10svn": 0,
"sgxtcbcomp11svn": 0,
"sgxtcbcomp12svn": 0,
"sgxtcbcomp13svn": 0,
"sgxtcbcomp14svn": 0,
"sgxtcbcomp15svn": 0,
"sgxtcbcomp16svn": 0,
"pcesvn": 5
},
"tcbDate": "2018-01-04T00:00:00Z",
"tcbStatus": "OutOfDate"
}]
},
"signature": "21750a9a4173140379971c9eeaeee8dd27364cae4fdc45e19825bcddb0e5942941cb7cad8067aaaa98c75a0a0cfa9de329eb7d875957bd633a248bc328a0xxxx"
}获取QE身份
请求参数示例:
curl https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v3/qe/identity请求响应示例:
{
"enclaveIdentity": {
"id": "QE",
"version": 2,
"issueDate": "2023-11-01T14:57:38Z",
"nextUpdate": "2023-12-01T14:57:38Z",
"tcbEvaluationDataNumber": 16,
"miscselect": "00000000",
"miscselectMask": "FFFFFFFF",
"attributes": "11000000000000000000000000000000",
"attributesMask": "FBFFFFFFFFFFFFFF0000000000000000",
"mrsigner": "8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C5xxxx",
"isvprodid": 1,
"tcbLevels": [{
"tcb": {
"isvsvn": 8
},
"tcbDate": "2023-08-09T00:00:00Z",
"tcbStatus": "UpToDate"
},
{
"tcb": {
"isvsvn": 6
},
"tcbDate": "2021-11-10T00:00:00Z",
"tcbStatus": "OutOfDate"
}, {
"tcb": {
"isvsvn": 5
},
"tcbDate": "2020-11-11T00:00:00Z",
"tcbStatus": "OutOfDate"
}, {
"tcb": {
"isvsvn": 4
},
"tcbDate": "2019-11-13T00:00:00Z",
"tcbStatus": "OutOfDate"
}, {
"tcb": {
"isvsvn": 2
},
"tcbDate": "2019-05-15T00:00:00Z",
"tcbStatus": "OutOfDate"
}, {
"tcb": {
"isvsvn": 1
},
"tcbDate": "2018-08-15T00:00:00Z",
"tcbStatus": "OutOfDate"
}
]
},
"signature": "593f79398d6400e62d14f1066e69e4e5bb44ed7544b18713d8020354e7601481681dc812a124672bfedd0e54ab31179fac442400c011ebca6b00c44d805bxxxx"
}获取QvE身份
请求参数示例:
curl https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v3/qve/identity请求响应示例:
{
"enclaveIdentity": {
"id": "QVE",
"version": 2,
"issueDate": "2023-11-01T15:45:01Z",
"nextUpdate": "2023-12-01T15:45:01Z",
"tcbEvaluationDataNumber": 16,
"miscselect": "00000000",
"miscselectMask": "FFFFFFFF",
"attributes": "01000000000000000000000000000000",
"attributesMask": "FBFFFFFFFFFFFFFF0000000000000000",
"mrsigner": "8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C5xxxx",
"isvprodid": 2,
"tcbLevels": [{
"tcb": {
"isvsvn": 3
},
"tcbDate": "2023-08-09T00:00:00Z",
"tcbStatus": "UpToDate"
}]
},
"signature": "251bb1301cb499cb8161a9b885fad8ceeb06b497f1e4a83c8de2d0f2e9e82c3ce0f22ce2ef6c6a789dcc287bb0a1da12a822a465395b54c9046aacfee7ceaff6"
}远程证明TDX机密虚拟机实例
获取OIDC Token
发送 TEE Evidence至阿里云远程证明服务,阿里云远程证明服务基于平台策略完成对Evidence的评估后,返回一个由阿里云签发的JSON Web Token(JWT, RFC 7519)。
curl -X POST https://attest.cn-beijing.aliyuncs.com/v1/attestation -d '{
"evidence": "evidencebase64",
"tee": "tdx",
// empty policy_ids means only check the cryptographic integrity of the evidence
"policy_ids": []
}'请求体的内容如下:
Name | Type | Description |
Name | Type | Description |
tee | string | TEE类型,支持以下类型:
|
evidence | string | URL SAFE NO PAD的Base64编码证据。 |
policy_ids (optional) | string[] | 用于检查证据的策略ID的列表。
|
runtime_data (optional) | json | 运行时数据,可选项。 指定runtime_data时,raw字段应包含Base64编码的运行时数据片段,并将其作为预期的运行时数据,与证据内的数据进行核对。 runtime_data示例: |
响应为符合OIDC标准的JWT,具体响应示例如下:
eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ2NTM1NTBjLTU1NTEtNWU2Zi05MmI1LTIyZjUzMDIyOTc1MSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJodHRwczovL2F0dGVzdC5jbi1iZWlqaW5nLmFsaXl1bmNzLmNvbSIsImN1c3RvbWl6ZWRfY2xhaW1zIjp7ImluaXRfZGF0YSI6bnVsbCwicnVudGltZV9kYXRhIjpudWxsfSwiZWF0X3Byb2ZpbGUiOiJodHRwczovL3d3dy5hbGliYWJhY2xvdWQuY29tL2hlbHAvZW4vZWNzL3VzZXItZ3VpZGUvZWF0LXByb2ZpbGUiLCJldmFsdWF0aW9uLXJlcG9ydHMiOlt7InBvbGljeS1oYXNoIjpudWxsLCJwb2xpY3ktaWQiOiJkZWZhdWx0In1dLCJleHAiOjE3NDMwMDUzNjUsImlhdCI6MTc0Mjk4Mzc2NSwiaXNzIjoiaHR0cHM6Ly9hdHRlc3QuY24tYmVpamluZy5hbGl5dW5jcy5jb20iLCJqdGkiOiIwMzljZGZjOS02ZWMxLTQxZDQtOGRhOC02YTU5NTg0YzJmYTkiLCJuYmYiOjE3NDI5ODM3NjUsInRjYi1zdGF0dXMiOiJ7XCJpbml0X2RhdGFcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwicmVwb3J0X2RhdGFcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwXCIsXCJ0ZHgucXVvdGUuYm9keS5tcl9jb25maWdfaWRcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkubXJfb3duZXJcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkubXJfb3duZXJfY29uZmlnXCI6XCIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDBcIixcInRkeC5xdW90ZS5ib2R5Lm1yX3NlYW1cIjpcIjFjYzZhMTdhYjc5OWU5YTY5M2ZhYzc1MzZiZTYxYzEyZWUxZTBmYWJhZGE4MmQwYzk5OWUwOGNjZWUyYWE4NmRlNzdiMDg3MGY1NThjNTcwZTdmZmU1NWQ2ZDQ3ZmEwNFwiLFwidGR4LnF1b3RlLmJvZHkubXJfc2VydmljZXRkXCI6XCIzODNjODdkM2JiYjA0N2IyZDE3MWVhY2E5NTMxMmVkZTk5ZjI1ODA4OGRjNzg4ZjZhZTJjY2Y4YjZkZDg0OGZlOGQ0NzYyOWUwOGIzZjZjYmQ0YTAwZGQ0N2E1YTAzM2RcIixcInRkeC5xdW90ZS5ib2R5Lm1yX3RkXCI6XCJiMGU1MmM1OTU3NzUyM2IxN2FkNTUzYzZmZmZiMGY1ZjM0OTZkYmYzY2NjYTY5ZmJiMmVhODdjZjRmOTM4MTU3NTUwMDA1YzkyYTk4MTMwZDhkMzA1MDdjYTVjNjUyZGZcIixcInRkeC5xdW90ZS5ib2R5Lm1yc2lnbmVyX3NlYW1cIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkucmVwb3J0X2RhdGFcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwXCIsXCJ0ZHgucXVvdGUuYm9keS5ydG1yXzBcIjpcIjIyM2JlNjdmMWRiYzBjMmM2N2JiYWU5MTliMjk1MGY2MGY2OGFhYTlkNjA5NzM5OGFmMmRhZGE2ZDk4Zjk2NGY2YWVjY2U5YjM3NjQzYTc2NzA4ZTA3ZTBkOTUxOWY4NFwiLFwidGR4LnF1b3RlLmJvZHkucnRtcl8xXCI6XCI1YzNjZDMzNjQ4YmQ0N2I4ZDI0MjZlYzQ3NjBlMGYwZGI1MTAzYjk1NmY4ZTAzN2VmMmIxNzkzOWVkMTI1YTI5N2U5NjZmMzExMTJjMDUwYjVhMDliNDQ0ZmI2NDMyZDdcIixcInRkeC5xdW90ZS5ib2R5LnJ0bXJfMlwiOlwiMTA4MzU3YzM5ZThkYzhmMTUwYTMzNzM4NTY3YWY0NTE5MDhmODBkZGZjOGMxNDgwMWZiZDUxM2YzMDdkYTk5MDgyZWEwYWJhOGNjN2UwNDI5NDBmMzEwZTU0YzhhYjEwXCIsXCJ0ZHgucXVvdGUuYm9keS5ydG1yXzNcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkuc2VhbV9hdHRyaWJ1dGVzXCI6XCIwMDAwMDAwMDAwMDAwMDAwXCIsXCJ0ZHgucXVvdGUuYm9keS50Y2Jfc3ZuXCI6XCIwNTAxMDYwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkudGRfYXR0cmlidXRlc1wiOlwiMDAwMDAwMTAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkudGVlX3RjYl9zdm4yXCI6XCIwNTAxMDYwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkueGZhbVwiOlwiZTc0MjA2MDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmhlYWRlci5hdHRfa2V5X3R5cGVcIjpcIjAyMDBcIixcInRkeC5xdW90ZS5oZWFkZXIucmVzZXJ2ZWRcIjpcIjAwMDAwMDAwXCIsXCJ0ZHgucXVvdGUuaGVhZGVyLnRlZV90eXBlXCI6XCI4MTAwMDAwMFwiLFwidGR4LnF1b3RlLmhlYWRlci51c2VyX2RhdGFcIjpcIjJjMzBhZDEyYzAzNzFhMmMyNDlmNGE5MDMwNWMzZjU2MDAwMDAwMDBcIixcInRkeC5xdW90ZS5oZWFkZXIudmVuZG9yX2lkXCI6XCI5MzlhNzIzM2Y3OWM0Y2E5OTQwYTBkYjM5NTdmMDYwN1wiLFwidGR4LnF1b3RlLmhlYWRlci52ZXJzaW9uXCI6XCIwNTAwXCIsXCJ0ZHgucXVvdGUuc2l6ZVwiOlwiODgwMjAwMDBcIixcInRkeC5xdW90ZS50eXBlXCI6XCIwMzAwXCIsXCJ0ZHgudGRfYXR0cmlidXRlcy5kZWJ1Z1wiOmZhbHNlLFwidGR4LnRkX2F0dHJpYnV0ZXMua2V5X2xvY2tlclwiOmZhbHNlLFwidGR4LnRkX2F0dHJpYnV0ZXMucGVyZm1vblwiOmZhbHNlLFwidGR4LnRkX2F0dHJpYnV0ZXMucHJvdGVjdGlvbl9rZXlzXCI6ZmFsc2UsXCJ0ZHgudGRfYXR0cmlidXRlcy5zZXB0dmVfZGlzYWJsZVwiOnRydWV9IiwidGVlIjoidGR4In0.apt9yyHsJ4WoUwuqw-GivyjM_-W0m3p2p0xavtILExgAnaHMTv7hVvvuyjlnKHmLc8svTPZMAfYvbl0UJTpFkJ5TPQQ0wLijS69bsvG1mG8cltAwzI92BaAV8BdgMxUu9GWGQGaZRyEH-OJdM5HQBmo35YwCVYeNmwVGNdZ2h59D6fHIk1BUkVoPTmk0sE7aSnP_KblkfPL_Vh3ovs9MpAralCv2JO7cMCau0CqSoQTIORjh9i0BBXrt1y8y6gmpjEFDWMsIqW-k8cRhdANk_9CpBCN02jVwQXEHMnk0SAm4BCrCdyteXBNZfpN-3LCXQkkTyUEoaZXGHPm15cTbpg您可以利用JWT Debugger调试器在测试环境中验证OIDC Token的有效性。关于JWT Claims中的具体内容和解释,请参见远程证明服务EAT Profile。
该文章对您有帮助吗?
- 本页导读 (1)
- 工作原理
- 计费说明
- 远程证明服务OpenAPI示例
- OpenID Connect (OIDC)相关API
- 远程证明vTPM可信实例
- 远程证明SGX/TDX机密实例
- 远程证明TDX机密虚拟机实例