Hi Sai Krishna Katakam,
I will go through the links you provided to figure out how to provision SKR and user data in JWT.
Here, I want to ask another question. As the initial question posted, I have installed the Attestation Client and can obtain the JWT token.
station_client$ sudo ./AttestationClient -o token
eyJhbGiLCJraWQiOiJKMHBBUGRmWFhIcVdXaW1nckg4NTN3TUlkaDUvZkxlMXo2dVNYWVBYQ2EwPSIsInR5cCI6IkpXVC
...
...
iI6IjEuMCJ9.uIGgXtjMswlHNhXiR27riErCU6fgCmvIvf3LtpiAFDyFMe_UitM4Zmkx_SGA_lgOtm9-uL2T45BUKmKlKv6VpUVIjHj2NPqXRi3eOjGmhGW6doiFlXyNN3td3gEbY16qobM6BiBAEMhxUrpQUQPF07GnX8KWGqZGvpy6UDtgmyOVK5Ztu9fUYinDd3Nnj6OssQI0dZk5jU87avzRtNinLTxKdREiRw00gyfJdYfpdUfSDMEGMcVv-S-LU4iydYaIHrfccgoaqJT3ukK74VgjbcwT2n5Dze54cgCGTnws9wqKt9G8zFF6amwrcouNLCsvxYDUNMp-r4BjA4-anw2XFg
With the parser, I can obtain the following info.:
{
"alg": "RS256",
"jku": "https://sharedeus2.eus2.attest.azure.net/certs",
"kid": "J0pAPdfXXHqWWimgrH853wMIdh5/fLe1z6uSXYPXCa0=",
"typ": "JWT"
}.{
"exp": 1727800337,
"iat": 1727771537,
"iss": "https://sharedeus2.eus2.attest.azure.net",
"jti": "9ce7081d108f631cf73b39b4cae5549d0a5bd5f946ea30c46ae9dead15e0b928",
"nbf": 1727771537,
"secureboot": true,
"x-ms-attestation-type": "azurevm",
"x-ms-azurevm-attestation-protocol-ver": "2.0",
"x-ms-azurevm-attested-pcrs": [
...
...
} ] }, "x-ms-ver": "1.0" }.[Signature]
After searching some documents, I found that the signing certs and the JWT signature should be :
Signing certs:
"jku": "https://sharedeus2.eus2.attest.azure.net/certs"
Signature:
iI6IjEuMCJ9.uIGgXtjMswlHNhXiR27riErCU6fgCmvIvf3LtpiAFDyFMe_UitM4Zmkx_SGA_lgOtm9-uL2T45BUKmKlKv6VpUVIjHj2NPqXRi3eOjGmhGW6doiFlXyNN3td3gEbY16qobM6BiBAEMhxUrpQUQPF07GnX8KWGqZGvpy6UDtgmyOVK5Ztu9fUYinDd3Nnj6OssQI0dZk5jU87avzRtNinLTxKdREiRw00gyfJdYfpdUfSDMEGMcVv-S-LU4iydYaIHrfccgoaqJT3ukK74VgjbcwT2n5Dze54cgCGTnws9wqKt9G8zFF6amwrcouNLCsvxYDUNMp-r4BjA4-anw2XFg
If correct, my question is, how can I verify the JWT signature with the signing certs? I think there should be a code of practice.
I have searched some documents, and I found this document (https://learn.microsoft.com/en-us/azure/attestation/overview) and the code samples (https://github.com/Azure-Samples/microsoft-azure-attestation/blob/e7f296ee2ca1dd93b75acdc6bab0cc9a6a20c17c/sgx.attest.sample.oe.sdk/validatequotes.net/MaaQuoteValidator.cs#L62-L65) it given is not so clear.