Aracılığıyla paylaş

Azure.Security.Attestation Namespace



Attestation Client for the Microsoft Azure Attestation service.

The Attestation client contains the implementation of the "Attest" family of MAA apis.


Attestation Client for the Microsoft Azure Attestation service.

The Attestation client contains the implementation of the "Attest" family of MAA apis.


Configuration options for the attestation client.


AttestationData represents a BinaryData object passed as an input to the Attestation Service.

AttestationData comes in two forms: Binary and JSON. To distinguish between the two, when an AttestationData object is created, the caller provides an indication that the input binary data will be treated as either JSON or Binary.

The AttestationData is reflected in the generated AttestationResult in two possible ways. If the AttestationData is Binary, then the AttestationData is reflected in the EnclaveHeldData claim. If the AttestationData is JSON, then the AttestationData is expressed as JSON in the RuntimeClaims or InittimeClaims claim.


Factory class for creating Attestation Service Model types, used for Mocking.


Represents the data sent to the Attestation Service for a call to the AttestOpenEnclave(AttestationRequest, CancellationToken) or AttestSgxEnclave(AttestationRequest, CancellationToken) APIs.

An Attestation Request has three elements:

  • Evidence: The attestation evidence generated from inside the target environment (often an Intel SGX or OpenEnclave enclave). The 'Evidence' is normally an SGX Quote, an OpenEnclave Report, or OpenEnclave Evidence.
  • InitTime Data: Data presented at the time that the target environment was initialized.
  • Runtime Data: Data presented at the time that the Evidence was created.

The "Evidence" MUST be provided in an Attest call, however both Runtime Data and InitTime data are optional.


Represents a response from an Attestation Service API.


A Microsoft Azure Attestation response token body - the body of a response token issued by MAA.


Represents a certificate/key ID pair, used to validate a AttestationToken.


Represents an Attestation Token object.


An AttestationSigningKey encapsulates the two pieces of information necessary to sign a token:

  • Signing Key: the key used to sign the token
  • Signing Certificate: an X.509 certificate which wraps the public key part of the Signing Key.

Note that the Attestation Service only supports validation of tokens which are signed with an X.509 certificate, it does not support arbitrary signing keys.

Represents the arguments used when asking the caller to validate an attestation token.


Exception thrown when a call to ValidateToken(AttestationTokenValidationOptions, IReadOnlyList<AttestationSigner>, CancellationToken) fails.

Normally, the only way that this exception will be thrown is if the customer's TokenValidated event delegate indicates a validation failure.


Declares the options used for validating an attestation token.

When validating a JSON Web Token, there are a number of options that can be configured. For instance if the returned token is going to be validated by a relying party, there is no need for the client to validate the token.

Similarly, because the expiration time of the token is relative to the clock on the server, it may be necessary to introduce a level of "leeway" when determining if a token is expired or not.


The result of a policy certificate modification.


The result of a policy certificate modification.


The StoredAttestationPolicy.


Attestation request for Trusted Platform Module (TPM) attestation.


Attestation response for Trusted Platform Module (TPM) attestation.



The AttestationType.


The result of the operation.


The result of the operation.



The Microsoft Azure Attestation service version.