page_type: sample languages:
Intel® SGX Attestation sample code demonstrates how to generate a quote from an SGX enclave using Open Enclave SDK / Intel SDK and then get it validated by Microsoft Azure Attestation. The "enclave held data" for the quote is populated with public key component that's held within the enclave.
The components used in the sample code are outlined in the following diagram:
The flow is:
See code sample to perform SGX attestation using Open Enclave SDK
See code sample to perform SGX attestation using Intel SDK
The Microsoft Azure Attestation service (MAA) allows users to manage their own attestation provider instance. Furthermore, MAA enables users to operate their instance in Isolated mode. This means:
The user must manage an X509 certificate for each private key. Additionally, to share a signed request with the MAA service, the user must create a specific JWT format as defined in the MAA documentation here. The JWT format is described in great detail in RFC 7519.
See a code sample to manage trusted signing certificates and keys for Isolated providers here