You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The CCF infra has wrappers for COSE verification in C++ (built around t-cose), but these aren't currently exposed in the JS/TS API. Ask is to look at exposing that.
There are scenarios where the CCF app client runs in confidential ACI and presents its attestation report as the means to authenticate to the /app endpoint APIs. The code running in confidential ACI container cannot use user/member cert based auth in such situations. Further the payload of the APIs needs to be signed with a key pair that is generated/re-generated on container start within the CACI instance and whose public key is then added in the report_data of the attestation report. That way one can tie the payload with the attestation report. Using cose signing for the payload is an option that we want to go with. For this we need code in the CCF app that can verify cose sign1 messages.
The CCF infra has wrappers for COSE verification in C++ (built around t-cose), but these aren't currently exposed in the JS/TS API. Ask is to look at exposing that.
There are scenarios where the CCF app client runs in confidential ACI and presents its attestation report as the means to authenticate to the /app endpoint APIs. The code running in confidential ACI container cannot use user/member cert based auth in such situations. Further the payload of the APIs needs to be signed with a key pair that is generated/re-generated on container start within the CACI instance and whose public key is then added in the report_data of the attestation report. That way one can tie the payload with the attestation report. Using cose signing for the payload is an option that we want to go with. For this we need code in the CCF app that can verify cose sign1 messages.
As a reference, https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.cose.cosesign1message.verifyembedded?view=dotnet-plat-ext-8.0 are the .NET APIs around cose sign/verification.
The text was updated successfully, but these errors were encountered: