multipaz/org.multipaz.securearea.cloud/CloudAttestationExtension

CloudAttestationExtension

data class CloudAttestationExtension(val challenge: ByteString, val passphrase: Boolean, val userAuthentication: Set<CloudUserAuthType>)

X.509 Extension used by CloudSecureArea to convey attestations for keys.

The extension must be put in X.509 certificate for the created key (that is, included in the first certificate in the attestation for the key) at the OID defined by OID.X509_EXTENSION_MULTIPAZ_CSA_KEY_ATTESTATION and the payload should be an OCTET STRING containing the bytes of the CBOR conforming to the following CDDL:

CloudAttestationExtension = {
  "challenge" : bstr,
  "passphrase": bool,
  "userAuthentication: CloudUserAuthentication
}

; The following values are defined for the kind of user authentication required.
;
;  0: No user authentication required for using the key
;  1: Authentication is required for use of the key, only PIN/Passcode can be used.
;  2: Authentication is required for use of the key, only biometrics can be used.
;  3: Authentication is required for use of the key, either PIN/Passcode or biometrics can be used.
;
CloudUserAuthentication = uint
Content copied to clipboard

This map may be extended in the future with additional fields.

Constructors

Link copied to clipboard
constructor(challenge: ByteString, passphrase: Boolean, userAuthentication: Set<CloudUserAuthType>)

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
val challenge: ByteString

the challenge, for freshness.

Link copied to clipboard
val passphrase: Boolean

whether a passphrase is required to use the key.

Link copied to clipboard
val userAuthentication: Set<CloudUserAuthType>

the allowed ways to authenticate.

Functions

Link copied to clipboard
fun encode(): ByteString

Generates the payload of the attestation extension.

Link copied to clipboard
fun prettyPrint(): String

Pretty-prints the contents of the attestation extension.