Using Fortanix DSM for Verifying Key Attestation Statements

1.0 Introduction

Fortanix DSM can issue key provenance attestation statements that are cryptographically verifiable proofs about certain types of asymmetric keys that are managed in DSM.

This document describes the steps to verify DSM key attestation statements and extract claims about the target key. The claims about the target key can then be used by a certificate authority (CA) for whatever purposes they see fit.

The following types of claims can be extracted from a Fortanix DSM key attestation statement and a certificate path:

• The protection properties of the DSM cluster holding the key, for example: the cluster is running on hardware with physical protection.
• The allowed key usages.
• Whether the key was generated in Fortanix DSM.
• Whether the key has ever been exportable.

2.0 Fortanix Attestation and Provisioning Key Hierarchy

Figure 1: Fortanix Attestation and Provisioning PKI Hierarchy

3.0 Fortanix DSM Key Attestation Statement Format

This section provides a description of the key attestation statements in JSON format that Fortanix DSM has issued. This format is the same as the output of the KeyAttestation API (POST /crypto/v1/keys/key_attestation) in DSM SaaS. For more information, refer to the Fortanix Open API documentation.

The key attestation statement is a JSON object with the following fields:

• authority_chain: An array of base64-encoded blobs; each blob is a DER-encoded X.509 certificate.
• attestation_statement: An object with the following fields:
  • format: A string describing the format of the statement field. See below for a list of possible formats.
  • statement: A base64-encoded blob.

The supported formats for attestation statements are:

x509_certificate: the statement field contains an attestation statement formatted as a DER-encoded X.509 certificate. The following is an example key attestation statement JSON object:

{
  "authority_chain": [
    "MIIF3TCCA8WgAwIBAgIVAMSEK+w2k7qWvIeDsRrdD2d3mJAsMA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNVBAYMAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEXMBUGA1UECgwORm9ydGFuaXgsIEluYy4xJDAiBgNVBAMMG0ZvcnRhbml4IEtleSBBdHRlc3RhdGlvbiBDQTAeFw0yMzA5MDUxNDA4MTNaFw0yMzEwMDUxNDA4MTNaMDYxNDAyBgNVBAMMK0ZvcnRhbml4IERTTSBTYWFTIEtleSBBdHRlc3RhdGlvbiBBdXRob3JpdHkwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCyjT2N2em/CAu5Y0ZGzz8ECc+nZH7ku8tP+19MAQ0tWV57XLZJjdD2XG5duahG+DZalpscO6xnEKW+GkBrIK49/fbRWxeB2oZklDN3V+bVM3cJ5IjzFqVNciCGDIyc1s4AjezsIdsFRNm63yR7XCT7EnaDT50k9c00GwE0wVmQGO804s/N8L9MOnn0AS+k7Srf+p9+M2qjyk7S6KYeeNPyd/psaHcTze01MFzuclVpLmoG8qgWNxL8D2MaSa2WbRRQeTi2j6L/vy0mSK3IDIGHohVVCvhtgv9RX/f788KB0lkzrMQ5HyaczK+ceYSIyDdfvFjJ3Cqu6StDp0raH6fpkDePx2o7534FLa9J7HFQj+OGEEYjEtmEQ2O4s1Mtn16zY1+WolqE3Nw4ZKEGqfbNEVRUFltUMPZrCFRAhA7ks03FxHvsEWB2kfX/+NI9qTcO4gw7vsv8gsYI5CmFM271euDNi8+xfl/Xwi1oSiMdviKauzTEYoptO5g1oGzwtDMCAwEAAaOCAR8wggEbMA4GA1UdDwEB/wQEAwIBgDAPBgNVHRMBAf8EBTADAQEAMB0GA1UdDgQWBBQ+Q7S5GyBsvO6unPK0qjFZz+EqVTAVBgNVHSUEDjAMBgorBgEEAYOEGggBMDwGCisGAQQBg4QaAgUELjAsMBsGCysGAQQBg4QaAgUBBgwrBgEEAYOEGgIFAQEwDQYLKwYBBAGDhBoCBQIwSQYDVR0fBEIwQDA+oDygOoY4aHR0cHM6Ly9wa2kuZm9ydGFuaXguY29tL0ZvcnRhbml4X0tleV9BdHRlc3RhdGlvbl9DQS5jcmwwGAYDVR0gBBEwDzANBgsrBgEEAYOEGgYBAjAfBgNVHSMEGDAWgBRWzAkGGL14+SsKm5+z3dAgTfl5WTANBgkqhkiG9w0BAQsFAAOCAgEAk3LH9PfAWoY6X84k/pedXZ7/68J9TzboZSNRpVX3a2rD2UoW//nU+oxjaT9jngDA7z4p8iJQMgrrDew5xGvCGYXRXmu51kjfuvFF9SwkCEXRFQH1sTEhJZH71AZNYNTB+xtVa0gaAJL35N1iEAu8oxDUycWtaMMFa9OXVMClk6XIzmRzvsc/ZlEgHZuPLbgVrB6xlaYezRCFxlLxs9myuV1NHEwCybkYzfgyqLbAYuT0QqdHVRmmylQbTf+4n8S2MWKGVLRfZ9ixVM5AQomxuVVNS4lS2trva7PB+DO8KlptQn2NDnLL7vPfEI6CzPtE1lP/2XmwPsRF/2E265fzHQjxukK84ady8EMlPwcSeP5/UwCwtMejcmUcTkXQGIB356EKjHzzE82pvD35e4wWmzk/KJuZwYtJ7dNvJTTLr+XlJ9eNm68K7NBfa5xP0zbl5tNDe9NzJPFztV8Cr0Zm1fkDJUisPaAlbl9RcA98+h0GLDyXottIPQO8YBEQ/c80iXaK+xVOvQzPVaqzHbDB0++dV6xT3SUa1UO79mtbrV0mlJsMregQUuW6/gUeTz0ePlyHyML3Ni6iTDoPpySLfBz0yPF3fAI/afx11lymzilnzKh8zWawzQHiqZfNiDMmDq+EW4gGuX/dEi4MH5Q778ZAEIiREtGFSb04esozeis=",
    "MIIGbDCCBFSgAwIBAgIVAKeDDqNESVKW2FrSlg8SJjvOhS8EMA0GCSqGSIb3DQEBCwUAMIGJMQswCQYDVQQGDAJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExFzAVBgNVBAoMDkZvcnRhbml4LCBJbmMuMTYwNAYDVQQDDC1Gb3J0YW5peCBBdHRlc3RhdGlvbiBhbmQgUHJvdmlzaW9uaW5nIFJvb3QgQ0EwHhcNMjMwOTAxMTY1MTI1WhcNMjYwODMxMTY1MTI1WjB3MQswCQYDVQQGDAJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExFzAVBgNVBAoMDkZvcnRhbml4LCBJbmMuMSQwIgYDVQQDDBtGb3J0YW5peCBLZXkgQXR0ZXN0YXRpb24gQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz1sUR0U9+tQefHJa/2aPLh9o3zJyKTnqrBMzxPbQyA/xd0knozV2cWEAG/olg1EnRe/lSKwg6QCT6OFSjls9Fw1omnau4UyZyvJIlpPiSeC+QS0WMWOxLnY17adT5KTVaACm5pzMen8y3vYvnWyWUllqjME/B88nixhe8AFQ3bKKXxY54AUQQcWojLZKNjx3MRzaJyPt5Gw4zc075nF115kpFH/7tiYqGw8qfOAHUH7sSApAGYIR6PH8CC+H69U8po2KBpGxW9ifCZsoBDp19xS5gKkqQ+cXdOq19ybtcaLw1cuSJbI7mOQhBclvPQUksiy5IFU2D/JF1BOZR+Tq++O9M39DOib/0S5xkparAKhJL5kuxgzX+9P+KmhDrHxfVw5LJ+umU89rvXLOs20wqR64Ix+bwZON1n/fMzLx50IUArGrW8pCH/8yT86r1tpTfSECC882ahQxN2E04Yg2uTi5muM4YyNlaf0MXkUayg1iTP2r+xY7xTw4/48Qim6dJMEiT/w/MyseKLDl+2OZ1Y2oLX80LmB1adXG3hgoNt98RiktSEA1URIfi2jeTmx1brKLicUOd+9tiMhybwTQjOEdoWaOzt/+SSE9i+81ZaseqKtdKu2myclMwIgFCvX1OnMmtImFcHPjcyHdv6HEIUgTvQS2X/JtJJNwjgg1f1QIDAQABo4HbMIHYMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRWzAkGGL14+SsKm5+z3dAgTfl5WTBbBgNVHR8EVDBSMFCgTqBMhkpodHRwczovL3BraS5mb3J0YW5peC5jb20vRm9ydGFuaXhfQXR0ZXN0YXRpb25fYW5kX1Byb3Zpc2lvbmluZ19Sb290X0NBLmNybDAYBgNVHSAEETAPMA0GCysGAQQBg4QaBgECMB8GA1UdIwQYMBaAFAPRP1h71MGugK6zLKGtM+Q3tqhUMA0GCSqGSIb3DQEBCwUAA4ICAQCcIC2VvZKE2KMP68lh5oD1IUxDijAsQLI5n01fpcNlMDD3kqZQY9tllIrXtC32z/osSqIGxPS2gw3h7bHL5xHUboidyK5J3lrfW2vfsoL6ZHp9Z3lZ+sY3M5f/vwYzEvaEnbpGH2SJpWVoBv0DzS+kv9EGFYTQN5KxZnsEDYCK03g9twfhE/hWQXo2B5bg70i6t4qR38k7nuCDKP76ksCnVjFdoM96LUuMlwYstFbjzg1WebhJVksxNynaP+jYCKv2LSoq5/OZmmz6qjyF9Qce9McGDKDndL3+L/cWO+QndBF9/zsNZpF9HtcaH+XjCE7i/KtAHxuGGxEkhh6YJl9LfchJa/e9aravZ6LZ3IgyjxCPTcQb8WrQjoIO9G0CSjtJAFjDXRq9V5LhvL7W+s/Mj6GsetBQxSkJTBZHLrprEnlzj7B8iE7ysOhvUtynlMrHcyXsHm7bbB2o+tw58DszSnZvIdZJXuopYZHGEwMiHASkwqRlqToUVGfrqdp++HyIIlB74PijrbrH51uNa/LEf/14Ym5LBN48y9kPmRtrwzQ1KGN+I1+J1niNk4Bx3Hb16e+Bbyd/FuTsCCjBBSioGhkRHaYP7z+qPBydnoEIBMBCYcjCouctMOuFqYqAO9PSKgkHxmOkGQ167jKdROhxIZLnN2lovNKhHdU88LeIqQ==",
    "MIIF5DCCA8ygAwIBAgIUbJke8FQ1Waqplu/N/rDpkRD6+3wwDQYJKoZIhvcNAQELBQAwgYkxCzAJBgNVBAYMAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEXMBUGA1UECgwORm9ydGFuaXgsIEluYy4xNjA0BgNVBAMMLUZvcnRhbml4IEF0dGVzdGF0aW9uIGFuZCBQcm92aXNpb25pbmcgUm9vdCBDQTAeFw0yMzA5MDExNjM4MTJaFw0zMzA4MjkxNjM4MTJaMIGJMQswCQYDVQQGDAJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExFzAVBgNVBAoMDkZvcnRhbml4LCBJbmMuMTYwNAYDVQQDDC1Gb3J0YW5peCBBdHRlc3RhdGlvbiBhbmQgUHJvdmlzaW9uaW5nIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCmjKH3KAHI03MrY5MBt7ENpn11pT4RJFC1A89xVknimcYpVnAUKq4oKSv8OyBiGXPXVVmr7n6FyY2Zmgv8FlQKvc8S0yCuJ171IEB0AQSXSWXk6E6Kw7WpUUNMGXAoCBuKB17IxqrM8MR/RztfIjWyrABmFHN+DSrzleuRbQgi8R4J6RvDzZVYnLzNE8xg86ZYbf2+n2vZlA0LIb6J1V+6lQcwFUBPepDX7NRgepnpMoawsMeiZLb0YQ4nuwRTSzwwy/5L25ME8p+4drGkC01MZ0R7nr60AAHRonWJrG41AfHmgZ9fApiByIWWWdFgUikHgMl4mGpONuCyI0PozUWrrQvsYbV77LJVOnv4QqS+F7epZR8BhunXyoANunm8qKW+JkKcRn93t7Q8JDDKhlTN20RjFGTxrrnMIDdQhsh8FCWuE7cQFFKDFksPeyTzMKALws582UM3bFuljxZk1TGyYjrwnAKX6H+t9SS7Dmw5Gb0hAG4JQGdFe1E2N7KcvI80gOiTG11N0WVVHoBkgWI7/r6kA/P5exsbqe+DZjRcx+FuK4ynWww/Fq1qzsOOiAq2Yd6dtu7GXWiQeTfWyJBH5HJ8Z5ZPxGsYEFdHH51X1s2czkI4VZ+ddnQ6lr1HeBgnMjS/GgtTIDk8D0rDY83wexfUyG6mo2VDMbCS5ayvGwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA9E/WHvUwa6ArrMsoa0z5De2qFQwDQYJKoZIhvcNAQELBQADggIBAD7g0wzncoD6xgucFkkw9CUPBW3R7aj5sWE7ETTDa7+m7/O3RTEZT/TJkO8r8XWcDbsUYWLI4ftsya+q1D4BNZbo8TODPTObdKFzj9W0NBkgJmInuNqQpGC+7sIrO90ua74Zs5TJIf79u0ae4lLBOUsP012UINzyL5ciAVf7Q2PUNCGt7k1Rye9QU23qOc7CZXksd9NkHIqX5eZ/YEComTr68iMX3Thn3KMqbA2hxp+5EHNy/LhOcrYJSmCqmNQk6tNqs1aqOvI8gpNHwN9G/pIY2+AAzIBuY9JYf06gspBVrPIJyNJuv2aYQeoK8tN9t/QisLHdmyH9q+/cIlJIK8fQ6w86ZzTQWJLhjrlsJnU3sR5ThAUk4GAS02BEca6i1HWjuv2iQvJtMy1Das2A1zyybYxxF373FEtD1a8ogOHYM5e6wtgs+SFFc+K4AM97bLcVHJ9iPN0aq/NnWfn2jMPj1G3XLA5KPFpmbkRM0EGULK2gm19/8qis1lsEqYTdfxHk4tW/HGC2WxZTi53gKyOosEcwEwjaDO3qwgNHBuRxXp6d0VoNkN9yt0aku58yjW0ytOtXO4+BYXcSA5mOkETzDBYhA+BhdXgu3ieRB5f62peMh5fjuXjiUZZ0BuAs0FGfSmL31xHHVy7C0XDshbtkYyLwng8do2UtM4FT0fYV"
  ],
  "attestation_statement": {
    "format": "x509_certificate",
    "statement": "MIID/zCCAmegAwIBAgIUFfMF1u5hM+1tXXYUXWOqNKS7xx4wDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UEAwwrRm9ydGFuaXggRFNNIFNhYVMgS2V5IEF0dGVzdGF0aW9uIEF1dGhvcml0eTAgFw0yMzA5MDUxODExNTFaGA85OTk5MTIzMTIzNTk1OVowXjElMCMGA1UEAwwcRm9ydGFuaXggRFNNIEtleSBBdHRlc3RhdGlvbjE1MDMGCysGAQQBg4QaAQICDCQxOGVjOGI5Ni04ODQ1LTRjZTMtOWZkMS01MDQwN2I0YjFmYzAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8UHvIrnFPGD6B5uCihVW/H9MqL8NWJ7qvfrelsvON/PkZIuYmpSrQUvzQpy/5rk+07V91BSKAAtUMap3ALe9CCKca+gugq+VqBP8c7MzTeYmI8QPDz4bD5dKNEnLgdn42c2onxqVRk52eJeJ5f1WT+g/INi4V3LSYJEvkgs2aQiZ9c6wCByvMlmNax1NpidnAlp8uuFKJtB3wf5Gu1HPi4mgFZ4Hbg+aAdH2EHpdP7HvvvmhJ6+Nt0oB7N68i4c+T366bc+LwCvYHz3fON54k2izilXhbooRgfxksKvjpYYPIRtXZIDHJ8cCkQIZfshZRFb3tBM2ihfJNj4X2byFzAgMBAAGjWzBZMA4GA1UdDwEB/wQEAwIHgDASBgwrBgEEAYOEGgIEAQEEAjAAMBIGDCsGAQQBg4QaAgQBAgQCMAAwHwYDVR0jBBgwFoAUPkO0uRsgbLzurpzytKoxWc/hKlUwDQYJKoZIhvcNAQELBQADggGBABLOIVpgH9SMPxN7qLl18dKiznqM2mfdO7InpPQmivbCDNw8QWdqmgJNxtMG4HtJpEOeSVkcIiFIXLuQghjehk5Q246vf9HAVMnTU7vn2MDAtP4gTxruIOJeOunnGwFugEKsLy6nfBEbkcip5X0jY07KLtKXjQDXEeDBsIhr9VD6nnN8ySs7RVxb2VuT9crDdSx6yLC4OBwylayvDk3BZzIKeW4qKh11vkJaSoJJni4XkTTeQnR0hWHgOW9/l+nVV2jxqCSN03T92lsojkVC/5B3dqClqO1y45FdHgmIDq7zyzdBYLFVSKV7H8MiUgfHlBr+e0kC/tu+WBnEGGuzCk/PVXxLg4Ly3baLLc0egOSdzUtGuovS6sntFjwkdKezDPlADFFIb93jnwi/oRLsc0BBWCE90idVxpr2sx2h6QCs0Yxigyx19ZtsVzHIOtfEHVQ5bcT8EWhS8kkZynK/6xhNj7jKv5fuDX/WCSvZJISvx1kKb6yTlv5c8vI6xoxyKw=="
  }
}

3.1 Authority Chain Certificates

The authority_chain field contains the following certificates:

• Key Attestation Authority Certificate: This is the end-entry certificate in the authority_chain field.
• Key Attestation CA Certificate: this refers to any non-self-signed CA certificates in the authority_chain field.
• Fortanix Attestation and Provisioning Root CA Certificate: This certificate can be obtained from https://pki.fortanix.com/Fortanix_Attestation_and_Provisioning_Root_CA.crt.

The Subject of the Key Attestation Authority Certificate identifies the DSM cluster. The Key Attestation Authority Certificate will have the following extended key usage:

fortanixKeyAttestationSigning = 1.3.6.1.4.1.49690.8.1

The Key Attestation Authority Certificate will have the following certificate policy:

fortanixKeyAttestationPkiCertificatePolicy = 1.3.6.1.4.1.49690.6.1.2

The Key Attestation Authority Certificate will have the following certificate extension, containing claims:

fortanixClusterNodeEnrollmentPolicy = 1.3.6.1.4.1.49690.2.5

3.2 Key Attestation Statement

The attestation_statement specifies in format the format of the Key Attestation Statement in statement.

• x509_certificate format
  A Key Attestation Statement is not a public-key certificate, but the same format is used. The fields in the certificate have the following meaning:
  • The Subject Public Key Info specifies the public key of the Target Key.
  • The Subject contains the following DN attribute, uniquely identifying the Target Key object in DSM:
    • Attribute type:

      fortanixKeyId = 1.3.6.1.4.1.49690.1.2.2
      

    • Attribute value:

      -- The value should contain a human-readable UUID
       -- of form `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
       -- Example: 3cc1bec3-4fc1-4df9-9538-8f40577d126e
       KeyID ::= UTF8String
      

  • The Issuer and Authority Key Identifier extension identifies the authority that issued the Key Attestation Statement. The Signature Algorithm and Signature describe the cryptographic signature from the Key Attestation Authority.
  • The Validity "not before" time indicates when the Key Attestation Statement was signed.
  • The Key Usage extension may contain the following bits:
    • Digital Signature: sign key usage claim
    • Key Encipherment: unwrap key usage claim
    • Data Encipherment: decrypt key usage claim
    • Key Agreement: agree key usage claim
      The following extensions may be included, containing claims:

    fortanixKeyGeneratedInDSM = 1.3.6.1.4.1.49690.2.4.1.1
    fortanixKeyNeverExportable = 1.3.6.1.4.1.49690.2.4.1.2
    

3.3 Claims

3.3.1 Claims About the Protection Properties of the DSM Cluster

The fortanixClusterNodeEnrollmentPolicy extension

This claim indicates the policy that applies to nodes in the DSM cluster. The policy is a list of policy items, all of which must be met in order for a node to become part of the cluster.
The claim value is the following ASN.1 type:

ClusterNodeEnrollmentPolicy ::= SEQUENCE SIZE (1..MAX) OF NodeEnrollmentPolicyItem

NodeEnrollmentPolicyItem ::= SEQUENCE {
  policyItem  OBJECT IDENTIFIER,
  qualifiers  ANY DEFINED BY policyItem OPTIONAL
}

The following is a list of defined policy items:

• Minimum protection profile:

  fortanixNodeEnrollmentPolicyItemMinimumProtectionProfile = 1.3.6.1.4.1.49690.2.5.1
  

  The above policy item has the following qualifiers:

  MinimumProtectionProfile ::= CHOICE {
   wellKnown  OBJECT IDENTIFIER,
  }
  

  This policy item indicates that the node must be protected in at least the manner described in the protection profile.
  The following well-known protection profiles are defined:

  fortanixFX2200 = 1.3.6.1.4.1.49690.2.5.1.1
  

  This protection profile includes the following minimum requirements:
  • The computing environment is protected using an Intel SGX Trusted Execution Environment of one of the following SGX types:
    • Standard
    • Scalable with Cryptographic Integrity
  • The node is a Fortanix FX2200 appliance.
  • The node is compliant with at least FIPS 140-2 or 140-3 hardware level 2.
• Site operator approval required

  fortanixNodeEnrollmentPolicyItemSiteOperatorApprovalRequired = 1.3.6.1.4.1.49690.2.5.2
  

  • This policy item has no qualifiers.
  • This policy item indicates that a site operator must approve the enrollment of nodes into the cluster.

3.3.2 Claims About the Target Key

Key Usage Claims

Key usage claims indicate for which purposes the Target Key may be used. DSM will not use the Target Key for any purposes not claimed.

• sign: the Target Key can be used to generate digital signatures.
• unwrap: the Target Key can be used to decrypt (unwrap) other cryptographic keys.
• decrypt: the Target Key can be used to decrypt data.
• agree: the Target Key can be used for key agreement.

The following are the key usage claims:

• fortanixKeyGeneratedInDSM: This claim indicates that the Target Key was generated in DSM. The claim value is the empty ASN.1 SEQUENCE.
• fortanixKeyNeverExportable: This claim indicates that the Target Key was never exported from DSM and may not be exported in the future. This prohibition also includes export in encrypted form. The claim value is the empty ASN.1 SEQUENCE.

4.0 Verify the Key Attestation Statements

All of the following steps should be performed prior to relying on the Target Key.

4.1 Validate the Authority Chain

The first step is to verify the authority chain. The objective is to ensure that the authority chain ends in Fortanix Attestation and Provisioning Root CA.

The authority chain must be built using the standard X.509 Certification path building procedure and the standard [ST1] X.509 Certification path validation procedure must be used to verify that the authority chain forms a valid path. The path-building and validation procedure should be called with the following inputs:

• Target certificate: the Key Attestation Authority Certificate
• Collection of certificates that may be useful in building the path: the Key Attestation CA Certificates
• Trust list: the Fortanix Attestation and Provisioning Root CA Certificate
• Initial user acceptable policy set: initialized with fortanixKeyAttestationPkiCertificatePolicy

4.2 Validate the Key Attestation Authority Certificate

• If the Key Attestation Authority Certificate contains a Key Usage extension, check that digital signature is allowed.
• If the Key Attestation Authority Certificate contains a Basic Constraints extension, check that CA is set to false.
• Check that the Key Attestation Authority Certificate contains an Extended Key Usage extension, and that extension includes fortanixKeyAttestationSigning.

4.3 Validate the Key Attestation Statement

The next step is to ensure that the Fortanix DSM Key Attestation Statement is valid and properly signed by the Key Attestation Authority Certificate. The exact method for verifying this depends on the attestation statement format:

• For x509_certificate format, since the attestation statement is formatted as an X.509 certificate, the X.509 Certification path validation procedure can be used to verify that the attestation statement is signed by the Fortanix DSM Key Attestation Authority. The procedure should be called with the following inputs:
  • Certification path: the Key Attestation Statement
  • Trust anchor information: the previously identified Key Attestation Authority Certificate
  • user-initial-policy-set: any-policy

4.4. Validating the Claims

The Key Attestation Authority Certificate and Key Attestation Statement must be checked for claims that are of interest.