Attestation SDK APIs#
nv_attestation_sdk import attestation
API |
Description |
|---|---|
Attestation(<-name->) |
Create a new Attestation Object used to call other Attestation methods. |
set_name(<-name->) |
Set a name for the Attestation SDK client |
set_nonce(<-nonce->) |
Set a nonce for Attestation |
set_ocsp_nonce_disabled(<-bool->) |
Flag which indicates whether to include a nonce when calling OCSP. Only applicable for local GPU attestation. False by default |
set_service_key(<-key->) |
Service key which is used to auth remote service calls to attestation services. None by default. Note: No valid service keys have been created by admins yet - using any key will result in attestation failure. |
set_claims_version(<-version->) |
Set a claims version for Attestation. Please refer to the Claims Guide for the claims. If claims version is not set, it defaults to 2.0. |
add_verifier(<-attestation-device-type->, <-local/remote->, <-remote-attestation-service-url->, <-attestation-results-policy->) |
Add a specific type of verifier for the client object. The verifier will be invoked during the attest operation |
get_verifiers() |
Retrieves the list of verifiers added to the client object. |
get_evidence() |
Retrieves the list of evidence based on the attestation device (e.g., GPU, switch) and the type of attestation (e.g., local, remote). |
attest() |
Trigger the Attestation for the client object, This uses the Attestation type configured in the add_verifier method |
get_token() |
Retrieves the Attestation token that contains claims corresponding to the Attestation result. |
get_ocsp_nonce_disabled() |
Retrieves the flag which indicates whether a nonce is included when calling OCSP. |
get_claims_version() |
Retrieves the claims version added to the client object. |
validate_token(<-attestation-results-policy->) |
Validate the Attestation Claims against a policy |
decode_token(<-jwt-token->) |
Decodes the JWT token to claims received by the verifier |
Policy File#
You can find a sample Attestation Result policy file for Local and Remote Attestation here. Please note that the Schema/EAT claim information is subject to change in future releases.
Attestation SDK configuration#
The below configuration can be set using environment variables in the console
Configuration |
Values |
Explanation |
|---|---|---|
NV_ALLOW_HOLD_CERT |
true/false |
Enable attestation if the OCSP revocation status of the certificate in the RIM files is ‘certificate_hold’. Defaults to false. |