Using Fortanix DSM for Verifying Key Attestation Statements

1.0 Introduction

Fortanix Data Security Manager (DSM) can issue key provenance attestation statements that are cryptographically verifiable proofs about certain types of asymmetric keys that are managed in DSM SaaS.

This document describes the steps to verify Fortanix DSM Key Attestation Statements and extract claims about the target key. The claims about the target key can then be used by a certificate authority (CA) for whatever purposes they see fit.

The following types of claims can be extracted from a Fortanix DSM Key Attestation Statement and a certificate path:

  • The protection properties of the DSM cluster holding the key, for example: the cluster is running on hardware with physical protection.
  • The allowed key usages.
  • Whether the key was generated in Fortanix DSM.
  • Whether the key has ever been exportable.

2.0 Fortanix Attestation and Provisioning Key Hierarchy

KPO-AttestationHierarchy.png Figure 1: Fortanix Attestation and Provisioning PKI Hierarchy

3.0 Fortanix DSM Key Attestation Statement Format

This section provides a description of the Key Attestation Statements in JSON format that Fortanix DSM has issued. This format is the same as the output of the KeyAttestation API (POST /crypto/v1/keys/key_attestation) in DSM. For more information, refer to the Fortanix Open API documentation.

The Key Attestation Statement is represented as a JSON object, comprising two primary components:

  • authority_chain: This field consists of an array of base64-encoded blob; each blob serving as a  representation of a DER-encoded X.509 certificate.
  • attestation_statement: Within this object with the following fields are present:
    • format: This field is a string denoting the format of the statement field. See below for a list of possible formats.
    • statement: This field conatins a base64-encoded blob.

As of the current implementation, the supported formats for attestation statements are:

  • x509_certificate: In this format, the statement field encompasses an attestation statement formatted as a DER-encoded X.509 certificate that functions as the representation of the attestation statement.

The following is a sample JSON object for a Key Attestation Statement:

{
  "authority_chain": [
    "MIIF3TCCA8WgAwIBAgIVAMSEK+w2k7qWvIeDsRrdD2d3mJAsMA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNVBAYMAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEXMBUGA1UECgwORm9ydGFuaXgsIEluYy4xJDAiBgNVBAMMG0ZvcnRhbml4IEtleSBBdHRlc3RhdGlvbiBDQTAeFw0yMzA5MDUxNDA4MTNaFw0yMzEwMDUxNDA4MTNaMDYxNDAyBgNVBAMMK0ZvcnRhbml4IERTTSBTYWFTIEtleSBBdHRlc3RhdGlvbiBBdXRob3JpdHkwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCyjT2N2em/CAu5Y0ZGzz8ECc+nZH7ku8tP+19MAQ0tWV57XLZJjdD2XG5duahG+DZalpscO6xnEKW+GkBrIK49/fbRWxeB2oZklDN3V+bVM3cJ5IjzFqVNciCGDIyc1s4AjezsIdsFRNm63yR7XCT7EnaDT50k9c00GwE0wVmQGO804s/N8L9MOnn0AS+k7Srf+p9+M2qjyk7S6KYeeNPyd/psaHcTze01MFzuclVpLmoG8qgWNxL8D2MaSa2WbRRQeTi2j6L/vy0mSK3IDIGHohVVCvhtgv9RX/f788KB0lkzrMQ5HyaczK+ceYSIyDdfvFjJ3Cqu6StDp0raH6fpkDePx2o7534FLa9J7HFQj+OGEEYjEtmEQ2O4s1Mtn16zY1+WolqE3Nw4ZKEGqfbNEVRUFltUMPZrCFRAhA7ks03FxHvsEWB2kfX/+NI9qTcO4gw7vsv8gsYI5CmFM271euDNi8+xfl/Xwi1oSiMdviKauzTEYoptO5g1oGzwtDMCAwEAAaOCAR8wggEbMA4GA1UdDwEB/wQEAwIBgDAPBgNVHRMBAf8EBTADAQEAMB0GA1UdDgQWBBQ+Q7S5GyBsvO6unPK0qjFZz+EqVTAVBgNVHSUEDjAMBgorBgEEAYOEGggBMDwGCisGAQQBg4QaAgUELjAsMBsGCysGAQQBg4QaAgUBBgwrBgEEAYOEGgIFAQEwDQYLKwYBBAGDhBoCBQIwSQYDVR0fBEIwQDA+oDygOoY4aHR0cHM6Ly9wa2kuZm9ydGFuaXguY29tL0ZvcnRhbml4X0tleV9BdHRlc3RhdGlvbl9DQS5jcmwwGAYDVR0gBBEwDzANBgsrBgEEAYOEGgYBAjAfBgNVHSMEGDAWgBRWzAkGGL14+SsKm5+z3dAgTfl5WTANBgkqhkiG9w0BAQsFAAOCAgEAk3LH9PfAWoY6X84k/pedXZ7/68J9TzboZSNRpVX3a2rD2UoW//nU+oxjaT9jngDA7z4p8iJQMgrrDew5xGvCGYXRXmu51kjfuvFF9SwkCEXRFQH1sTEhJZH71AZNYNTB+xtVa0gaAJL35N1iEAu8oxDUycWtaMMFa9OXVMClk6XIzmRzvsc/ZlEgHZuPLbgVrB6xlaYezRCFxlLxs9myuV1NHEwCybkYzfgyqLbAYuT0QqdHVRmmylQbTf+4n8S2MWKGVLRfZ9ixVM5AQomxuVVNS4lS2trva7PB+DO8KlptQn2NDnLL7vPfEI6CzPtE1lP/2XmwPsRF/2E265fzHQjxukK84ady8EMlPwcSeP5/UwCwtMejcmUcTkXQGIB356EKjHzzE82pvD35e4wWmzk/KJuZwYtJ7dNvJTTLr+XlJ9eNm68K7NBfa5xP0zbl5tNDe9NzJPFztV8Cr0Zm1fkDJUisPaAlbl9RcA98+h0GLDyXottIPQO8YBEQ/c80iXaK+xVOvQzPVaqzHbDB0++dV6xT3SUa1UO79mtbrV0mlJsMregQUuW6/gUeTz0ePlyHyML3Ni6iTDoPpySLfBz0yPF3fAI/afx11lymzilnzKh8zWawzQHiqZfNiDMmDq+EW4gGuX/dEi4MH5Q778ZAEIiREtGFSb04esozeis=",
    "MIIGbDCCBFSgAwIBAgIVAKeDDqNESVKW2FrSlg8SJjvOhS8EMA0GCSqGSIb3DQEBCwUAMIGJMQswCQYDVQQGDAJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExFzAVBgNVBAoMDkZvcnRhbml4LCBJbmMuMTYwNAYDVQQDDC1Gb3J0YW5peCBBdHRlc3RhdGlvbiBhbmQgUHJvdmlzaW9uaW5nIFJvb3QgQ0EwHhcNMjMwOTAxMTY1MTI1WhcNMjYwODMxMTY1MTI1WjB3MQswCQYDVQQGDAJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExFzAVBgNVBAoMDkZvcnRhbml4LCBJbmMuMSQwIgYDVQQDDBtGb3J0YW5peCBLZXkgQXR0ZXN0YXRpb24gQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz1sUR0U9+tQefHJa/2aPLh9o3zJyKTnqrBMzxPbQyA/xd0knozV2cWEAG/olg1EnRe/lSKwg6QCT6OFSjls9Fw1omnau4UyZyvJIlpPiSeC+QS0WMWOxLnY17adT5KTVaACm5pzMen8y3vYvnWyWUllqjME/B88nixhe8AFQ3bKKXxY54AUQQcWojLZKNjx3MRzaJyPt5Gw4zc075nF115kpFH/7tiYqGw8qfOAHUH7sSApAGYIR6PH8CC+H69U8po2KBpGxW9ifCZsoBDp19xS5gKkqQ+cXdOq19ybtcaLw1cuSJbI7mOQhBclvPQUksiy5IFU2D/JF1BOZR+Tq++O9M39DOib/0S5xkparAKhJL5kuxgzX+9P+KmhDrHxfVw5LJ+umU89rvXLOs20wqR64Ix+bwZON1n/fMzLx50IUArGrW8pCH/8yT86r1tpTfSECC882ahQxN2E04Yg2uTi5muM4YyNlaf0MXkUayg1iTP2r+xY7xTw4/48Qim6dJMEiT/w/MyseKLDl+2OZ1Y2oLX80LmB1adXG3hgoNt98RiktSEA1URIfi2jeTmx1brKLicUOd+9tiMhybwTQjOEdoWaOzt/+SSE9i+81ZaseqKtdKu2myclMwIgFCvX1OnMmtImFcHPjcyHdv6HEIUgTvQS2X/JtJJNwjgg1f1QIDAQABo4HbMIHYMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRWzAkGGL14+SsKm5+z3dAgTfl5WTBbBgNVHR8EVDBSMFCgTqBMhkpodHRwczovL3BraS5mb3J0YW5peC5jb20vRm9ydGFuaXhfQXR0ZXN0YXRpb25fYW5kX1Byb3Zpc2lvbmluZ19Sb290X0NBLmNybDAYBgNVHSAEETAPMA0GCysGAQQBg4QaBgECMB8GA1UdIwQYMBaAFAPRP1h71MGugK6zLKGtM+Q3tqhUMA0GCSqGSIb3DQEBCwUAA4ICAQCcIC2VvZKE2KMP68lh5oD1IUxDijAsQLI5n01fpcNlMDD3kqZQY9tllIrXtC32z/osSqIGxPS2gw3h7bHL5xHUboidyK5J3lrfW2vfsoL6ZHp9Z3lZ+sY3M5f/vwYzEvaEnbpGH2SJpWVoBv0DzS+kv9EGFYTQN5KxZnsEDYCK03g9twfhE/hWQXo2B5bg70i6t4qR38k7nuCDKP76ksCnVjFdoM96LUuMlwYstFbjzg1WebhJVksxNynaP+jYCKv2LSoq5/OZmmz6qjyF9Qce9McGDKDndL3+L/cWO+QndBF9/zsNZpF9HtcaH+XjCE7i/KtAHxuGGxEkhh6YJl9LfchJa/e9aravZ6LZ3IgyjxCPTcQb8WrQjoIO9G0CSjtJAFjDXRq9V5LhvL7W+s/Mj6GsetBQxSkJTBZHLrprEnlzj7B8iE7ysOhvUtynlMrHcyXsHm7bbB2o+tw58DszSnZvIdZJXuopYZHGEwMiHASkwqRlqToUVGfrqdp++HyIIlB74PijrbrH51uNa/LEf/14Ym5LBN48y9kPmRtrwzQ1KGN+I1+J1niNk4Bx3Hb16e+Bbyd/FuTsCCjBBSioGhkRHaYP7z+qPBydnoEIBMBCYcjCouctMOuFqYqAO9PSKgkHxmOkGQ167jKdROhxIZLnN2lovNKhHdU88LeIqQ==",
    "MIIF5DCCA8ygAwIBAgIUbJke8FQ1Waqplu/N/rDpkRD6+3wwDQYJKoZIhvcNAQELBQAwgYkxCzAJBgNVBAYMAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEXMBUGA1UECgwORm9ydGFuaXgsIEluYy4xNjA0BgNVBAMMLUZvcnRhbml4IEF0dGVzdGF0aW9uIGFuZCBQcm92aXNpb25pbmcgUm9vdCBDQTAeFw0yMzA5MDExNjM4MTJaFw0zMzA4MjkxNjM4MTJaMIGJMQswCQYDVQQGDAJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExFzAVBgNVBAoMDkZvcnRhbml4LCBJbmMuMTYwNAYDVQQDDC1Gb3J0YW5peCBBdHRlc3RhdGlvbiBhbmQgUHJvdmlzaW9uaW5nIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCmjKH3KAHI03MrY5MBt7ENpn11pT4RJFC1A89xVknimcYpVnAUKq4oKSv8OyBiGXPXVVmr7n6FyY2Zmgv8FlQKvc8S0yCuJ171IEB0AQSXSWXk6E6Kw7WpUUNMGXAoCBuKB17IxqrM8MR/RztfIjWyrABmFHN+DSrzleuRbQgi8R4J6RvDzZVYnLzNE8xg86ZYbf2+n2vZlA0LIb6J1V+6lQcwFUBPepDX7NRgepnpMoawsMeiZLb0YQ4nuwRTSzwwy/5L25ME8p+4drGkC01MZ0R7nr60AAHRonWJrG41AfHmgZ9fApiByIWWWdFgUikHgMl4mGpONuCyI0PozUWrrQvsYbV77LJVOnv4QqS+F7epZR8BhunXyoANunm8qKW+JkKcRn93t7Q8JDDKhlTN20RjFGTxrrnMIDdQhsh8FCWuE7cQFFKDFksPeyTzMKALws582UM3bFuljxZk1TGyYjrwnAKX6H+t9SS7Dmw5Gb0hAG4JQGdFe1E2N7KcvI80gOiTG11N0WVVHoBkgWI7/r6kA/P5exsbqe+DZjRcx+FuK4ynWww/Fq1qzsOOiAq2Yd6dtu7GXWiQeTfWyJBH5HJ8Z5ZPxGsYEFdHH51X1s2czkI4VZ+ddnQ6lr1HeBgnMjS/GgtTIDk8D0rDY83wexfUyG6mo2VDMbCS5ayvGwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA9E/WHvUwa6ArrMsoa0z5De2qFQwDQYJKoZIhvcNAQELBQADggIBAD7g0wzncoD6xgucFkkw9CUPBW3R7aj5sWE7ETTDa7+m7/O3RTEZT/TJkO8r8XWcDbsUYWLI4ftsya+q1D4BNZbo8TODPTObdKFzj9W0NBkgJmInuNqQpGC+7sIrO90ua74Zs5TJIf79u0ae4lLBOUsP012UINzyL5ciAVf7Q2PUNCGt7k1Rye9QU23qOc7CZXksd9NkHIqX5eZ/YEComTr68iMX3Thn3KMqbA2hxp+5EHNy/LhOcrYJSmCqmNQk6tNqs1aqOvI8gpNHwN9G/pIY2+AAzIBuY9JYf06gspBVrPIJyNJuv2aYQeoK8tN9t/QisLHdmyH9q+/cIlJIK8fQ6w86ZzTQWJLhjrlsJnU3sR5ThAUk4GAS02BEca6i1HWjuv2iQvJtMy1Das2A1zyybYxxF373FEtD1a8ogOHYM5e6wtgs+SFFc+K4AM97bLcVHJ9iPN0aq/NnWfn2jMPj1G3XLA5KPFpmbkRM0EGULK2gm19/8qis1lsEqYTdfxHk4tW/HGC2WxZTi53gKyOosEcwEwjaDO3qwgNHBuRxXp6d0VoNkN9yt0aku58yjW0ytOtXO4+BYXcSA5mOkETzDBYhA+BhdXgu3ieRB5f62peMh5fjuXjiUZZ0BuAs0FGfSmL31xHHVy7C0XDshbtkYyLwng8do2UtM4FT0fYV"
  ],
  "attestation_statement": {
    "format": "x509_certificate",
    "statement": "MIID/zCCAmegAwIBAgIUFfMF1u5hM+1tXXYUXWOqNKS7xx4wDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UEAwwrRm9ydGFuaXggRFNNIFNhYVMgS2V5IEF0dGVzdGF0aW9uIEF1dGhvcml0eTAgFw0yMzA5MDUxODExNTFaGA85OTk5MTIzMTIzNTk1OVowXjElMCMGA1UEAwwcRm9ydGFuaXggRFNNIEtleSBBdHRlc3RhdGlvbjE1MDMGCysGAQQBg4QaAQICDCQxOGVjOGI5Ni04ODQ1LTRjZTMtOWZkMS01MDQwN2I0YjFmYzAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8UHvIrnFPGD6B5uCihVW/H9MqL8NWJ7qvfrelsvON/PkZIuYmpSrQUvzQpy/5rk+07V91BSKAAtUMap3ALe9CCKca+gugq+VqBP8c7MzTeYmI8QPDz4bD5dKNEnLgdn42c2onxqVRk52eJeJ5f1WT+g/INi4V3LSYJEvkgs2aQiZ9c6wCByvMlmNax1NpidnAlp8uuFKJtB3wf5Gu1HPi4mgFZ4Hbg+aAdH2EHpdP7HvvvmhJ6+Nt0oB7N68i4c+T366bc+LwCvYHz3fON54k2izilXhbooRgfxksKvjpYYPIRtXZIDHJ8cCkQIZfshZRFb3tBM2ihfJNj4X2byFzAgMBAAGjWzBZMA4GA1UdDwEB/wQEAwIHgDASBgwrBgEEAYOEGgIEAQEEAjAAMBIGDCsGAQQBg4QaAgQBAgQCMAAwHwYDVR0jBBgwFoAUPkO0uRsgbLzurpzytKoxWc/hKlUwDQYJKoZIhvcNAQELBQADggGBABLOIVpgH9SMPxN7qLl18dKiznqM2mfdO7InpPQmivbCDNw8QWdqmgJNxtMG4HtJpEOeSVkcIiFIXLuQghjehk5Q246vf9HAVMnTU7vn2MDAtP4gTxruIOJeOunnGwFugEKsLy6nfBEbkcip5X0jY07KLtKXjQDXEeDBsIhr9VD6nnN8ySs7RVxb2VuT9crDdSx6yLC4OBwylayvDk3BZzIKeW4qKh11vkJaSoJJni4XkTTeQnR0hWHgOW9/l+nVV2jxqCSN03T92lsojkVC/5B3dqClqO1y45FdHgmIDq7zyzdBYLFVSKV7H8MiUgfHlBr+e0kC/tu+WBnEGGuzCk/PVXxLg4Ly3baLLc0egOSdzUtGuovS6sntFjwkdKezDPlADFFIb93jnwi/oRLsc0BBWCE90idVxpr2sx2h6QCs0Yxigyx19ZtsVzHIOtfEHVQ5bcT8EWhS8kkZynK/6xhNj7jKv5fuDX/WCSvZJISvx1kKb6yTlv5c8vI6xoxyKw=="
  }
}

3.1 Authority Chain Certificates

The authority_chain field contains the following certificates:

  • Key Attestation Authority Certificate: This is the end-entry certificate in the authority_chain field.
  • Key Attestation CA Certificate: This refers to any non-self-signed CA certificates in the authority_chain field.
  • Fortanix Attestation and Provisioning Root CA Certificate: This certificate can be obtained from https://pki.fortanix.com/Fortanix_Attestation_and_Provisioning_Root_CA.crt.
NOTE
The certificates may appear in any order.

The Subject of the Key Attestation Authority Certificate identifies the Fortanix DSM cluster. The Key Attestation Authority Certificate will have the following extended key usage:

fortanixKeyAttestationSigning = 1.3.6.1.4.1.49690.8.1

The Key Attestation Authority Certificate will have the following certificate policy:

fortanixKeyAttestationPkiCertificatePolicy = 1.3.6.1.4.1.49690.6.1.2

The Key Attestation Authority Certificate will have the following certificate extension, containing claims:

fortanixClusterNodeEnrollmentPolicy = 1.3.6.1.4.1.49690.2.5

3.2 Key Attestation Statement

The attestation_statement specifies in format the format of the Key Attestation Statement in statement.

  • In the x509_certificate format,
    A Key Attestation Statement is not a public-key certificate, but the same format is used. The fields in the certificate have the following meaning:
    • The Subject Public Key Info specifies the public key of the Target Key.
    • The Subject contains the following DN attribute, uniquely identifying the Target Key object in Fortanix DSM:
      • Attribute type:
        fortanixKeyId = 1.3.6.1.4.1.49690.1.2.2
        
      • Attribute value:
        -- The value should contain a human-readable UUID
         -- of form `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
         -- Example: 3cc1bec3-4fc1-4df9-9538-8f40577d126e
         KeyID ::= UTF8String
        
    • The Issuer and Authority Key Identifier extension identifies the authority that issued the Key Attestation Statement. The Signature Algorithm and Signature describe the cryptographic signature from the Key Attestation Authority.
    • The Validity "not before" time indicates when the Key Attestation Statement was signed.
    • The Key Usage extension may contain the following bits:
      • Digital Signature: sign key usage claim
      • Key Encipherment: unwrap key usage claim
      • Data Encipherment: decrypt key usage claim
      • Key Agreement: agree key usage claim
        The following extensions may be included, containing claims:
      fortanixKeyGeneratedInDSM = 1.3.6.1.4.1.49690.2.4.1.1
      fortanixKeyNeverExportable = 1.3.6.1.4.1.49690.2.4.1.2
      

3.3 Claims

3.3.1 Claims About the Protection Properties of the DSM Cluster

The fortanixClusterNodeEnrollmentPolicy extension

This claim indicates the policy that applies to nodes in the DSM cluster. The policy is a list of policy items, all of which must be met in order for a node to become part of the cluster.
The claim value is the following ASN.1 type:

ClusterNodeEnrollmentPolicy ::= SEQUENCE SIZE (1..MAX) OF NodeEnrollmentPolicyItem

NodeEnrollmentPolicyItem ::= SEQUENCE {
  policyItem  OBJECT IDENTIFIER,
  qualifiers  ANY DEFINED BY policyItem OPTIONAL
}

The following is a list of defined policy items:

  • Minimum protection profile:
    fortanixNodeEnrollmentPolicyItemMinimumProtectionProfile = 1.3.6.1.4.1.49690.2.5.1
    
    The above policy item has the following qualifiers:
    MinimumProtectionProfile ::= CHOICE {
     wellKnown  OBJECT IDENTIFIER,
    }
    
    This policy item indicates that the node must be protected in at least the manner described in the protection profile.
    The following well-known protection profiles are defined:
    fortanixFX2200 = 1.3.6.1.4.1.49690.2.5.1.1
    
    This protection profile includes the following minimum requirements:
    • The computing environment is protected using an Intel SGX Trusted Execution Environment of one of the following SGX types:
      • Standard
      • Scalable with Cryptographic Integrity
    • The node is a Fortanix FX2200 appliance.
    • The node is compliant with at least FIPS 140-2 or 140-3 hardware level 2.
  • Site operator approval required
    fortanixNodeEnrollmentPolicyItemSiteOperatorApprovalRequired = 1.3.6.1.4.1.49690.2.5.2
    
    • This policy item has no qualifiers.
    • This policy item indicates that a site operator must approve the enrollment of nodes into the cluster.

3.3.2 Claims About the Target Key

Key Usage Claims

Key usage claims indicate for which purposes the Target Key may be used. DSM will not use the Target Key for any purposes not claimed.

  • sign: the Target Key can be used to generate digital signatures.
  • unwrap: the Target Key can be used to decrypt (unwrap) other cryptographic keys.
  • decrypt: the Target Key can be used to decrypt data.
  • agree: the Target Key can be used for key agreement.

The following are the key usage claims:

  • fortanixKeyGeneratedInDSM: This claim indicates that the Target Key was generated in DSM. The claim value is the empty ASN.1 SEQUENCE.
  • fortanixKeyNeverExportable: This claim indicates that the Target Key was never exported from DSM and may not be exported in the future. This prohibition also includes export in encrypted form. The claim value is the empty ASN.1 SEQUENCE.

4.0 Verify the Key Attestation Statements

All of the following steps should be performed prior to relying on the Target Key.

4.1 Validate the Authority Chain

The first step is to verify the authority chain. The objective is to ensure that the authority chain ends in Fortanix Attestation and Provisioning Root CA.

The authority chain must be built using the standard X.509 Certification path building procedure and the standard [ST1] X.509 Certification path validation procedure must be used to verify that the authority chain forms a valid path. The path-building and validation procedure should be called with the following inputs:

  • Target certificate: the Key Attestation Authority Certificate
  • Collection of certificates that may be useful in building the path: the Key Attestation CA Certificates
  • Trust list: the Fortanix Attestation and Provisioning Root CA Certificate
  • Initial user acceptable policy set: initialized with fortanixKeyAttestationPkiCertificatePolicy

4.2 Validate the Key Attestation Authority Certificate

  • If the Key Attestation Authority Certificate contains a Key Usage extension, check that digital signature is allowed.
  • If the Key Attestation Authority Certificate contains a Basic Constraints extension, check that CA is set to false.
  • Check that the Key Attestation Authority Certificate contains an Extended Key Usage extension, and that extension includes fortanixKeyAttestationSigning.

4.3 Validate the Key Attestation Statement

The next step is to ensure that the Fortanix DSM Key Attestation Statement is valid and properly signed by the Key Attestation Authority Certificate. The exact method for verifying this depends on the attestation statement format:

  • For x509_certificate format, since the attestation statement is formatted as an X.509 certificate, the X.509 Certification path validation procedure can be used to verify that the attestation statement is signed by the Fortanix DSM Key Attestation Authority. The procedure should be called with the following inputs:
    • Certification path: the Key Attestation Statement
    • Trust anchor information: the previously identified Key Attestation Authority Certificate
    • user-initial-policy-set: any-policy
NOTE
  • A trust anchor consists only of a name and a public key, but some software implementations of the X.509 Certification path validation procedure may incorrectly try to validate the trust anchor certificate.
  • This is not the same as combining the steps from Section 4.1: Validate the Authority Chain and Section 4.2: Validate the Key Attestation Authority Certificate and performing the X.509 Certification path validation procedure on the Key Attestation Statement with the Fortanix Attestation and Provisioning Root CA as the trust anchor. The Key Attestation Authority Certificate is not a CA since it does not have the right basic constraints and key usage extensions and, as such, cannot be used as an intermediate CA in the path.
  • The user should check that the Key Attestation Statement's "not before" time is within the validity of the Key Attestation Authority Certificate.

4.4. Validating the Claims

The Key Attestation Authority Certificate and Key Attestation Statement must be checked for claims that are of interest.

5.0 Download the Key Provenance Attestation Certificate

After a Fortanix DSM Cluster Key Attestation Authority is set up successfully for a DSM cluster, it can issue Key Attestation Certificates for keys residing on that cluster. The issued Key Attestation would contain claims about the target key. You can download the Key Attestation Certificate from the Fortanix DSM UI.

Perform the following steps:

  1. Click the security object containing the asymmetric key that you want to download the certificate for.
  2. On the right side of the screen, click the DOWNLOAD CERTIFICATE option.
    Download Button.png
    Figure 2: Download Button

    A JSON file will be automatically downloaded to your system.

    The name of the downloaded certificate follows the format: key_attestation_<key UUID>.json.

    Where, "Key UUID" represents the unique identifier of the security object.

    NOTE
    The Key Attestation Certificates can be issued only for RSA and EC keys.

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful