What is Infrastructure certificate ? - Githubissues

aws / aws-nitro-enclaves-nsm-api

This provides a library for interacting with the Nitro Secure Module, which provides Nitro Enclaves with attestation capability.

Apache License 2.0

62 stars 43 forks source link

What is Infrastructure certificate ? #26

Closed msnitish closed 2 years ago

msnitish commented 2 years ago

In the attestation process explanation page, the section explaining about the structure of Attestation document has the certificate field. I would like to understand more about this.

certificate: cert, ; the infrastructure certificate used to sign this ; document, DER encoded

What does infrastructure certificate mean ?
What kind of information is included inside this infrastructure certificate ?

axlprv commented 2 years ago

Hi @msnitish!

What does infrastructure certificate mean ?

The infrastructure certificate is a X509 end-entity certificate used to sign the attestation document.

What kind of information is included inside this infrastructure certificate ?

The infrastructure certificate includes basic information:

Subject
- CN = ...nitro-enclaves
- OU = AWS
- O = Amazon
- L = Seattle
- ST = Washington
- C = US
Key Usage = keyCertSign
Serial = serial number between 1 and 2^160
Validity
- Not Before
- Not After
Basic Constraints
- CA = true
- Path Length = 0