|
1 | 1 | # **python-ear** |
2 | | - |
3 | | -A Python library that implements the [draft-fv-rats-ear](https://datatracker.ietf.org/doc/draft-fv-rats-ear/) specification, focusing on Evidence and Attestation Results (EAR) in Remote Attestation Procedures (RATS). This library enables secure handling of attestation claims using Concise Binary Object Representation (CBOR) Web Tokens (CWT) and JSON Web Tokens (JWT). |
4 | | - |
5 | | ---- |
6 | | - |
7 | | -## **Overview** |
8 | | - |
9 | | -The goal of this project is to align open-source verifiers with the RATS architecture by defining standardized evidence formats and attestation results, facilitating seamless integration with other projects such as **Keylime**. |
10 | | - |
11 | | -This implementation was initiated as part of the **Veraison Mentorship** under the Linux Foundation Mentorship Program (**LFX Mentorship**), focusing on the following capabilities: |
12 | | - |
13 | | -- **Populating EAR Claims-Sets:** Define and populate claims that represent evidence and attestation results. |
14 | | -- **Signing EAR Claims-Sets:** Support signing using private keys, ensuring data integrity and authenticity. |
15 | | -- **Encoding and Decoding:** |
16 | | - - Encode signed EAR claims as **CWT** (Concise Binary Object Representation Web Tokens) or **JWT** (JSON Web Tokens). |
17 | | - - Decode signed EARs from CWT or JWT formats, enabling interoperability between different systems. |
18 | | -- **Signature Verification:** Verify signatures using public keys to ensure the authenticity of claims. |
19 | | -- **Accessing Claims:** Provide interfaces to access and manage EAR claims efficiently. |
20 | | - |
21 | | -This library is developed in Python and makes use of existing packages for CWT and JWT management, static code analysis, and testing. |
22 | | - |
23 | | ---- |
24 | | - |
25 | | -## **Key Features** |
26 | | - |
27 | | -1. **Standards Compliance:** |
28 | | - Implements draft-fv-rats-ear as per IETF specifications to ensure compatibility with the RATS architecture. |
29 | | - |
30 | | -2. **Token Management:** |
31 | | - - **CWT Support:** Utilizes [python-cwt](https://python-cwt.readthedocs.io/en/stable/) for handling CBOR Web Tokens. |
32 | | - - **JWT Support:** Uses [python-jose](https://pypi.org/project/python-jose/) for JSON Web Tokens management. |
33 | | - |
34 | | -3. **Security:** |
35 | | - - Supports signing of EAR claims with private keys and verification with public keys. |
36 | | - - Adopts secure cryptographic practices for token creation and verification. |
37 | | - |
38 | | -4. **Static Analysis and Code Quality:** |
39 | | - - Ensures code quality using linters and static analysis tools. |
40 | | - - Maintains type safety and code consistency. |
41 | | - |
42 | | -5. **Testing:** |
43 | | - - Comprehensive unit tests using `pytest` to validate all functionalities. |
44 | | - |
45 | | ---- |
46 | | - |
47 | | -## **Technical Stack** |
48 | | - |
49 | | -### **Token Creation and Management** |
50 | | - |
51 | | -- **CWT:** [python-cwt](https://python-cwt.readthedocs.io/en/stable/) |
52 | | -- **JWT:** [python-jose](https://pypi.org/project/python-jose/) |
53 | | - |
54 | | -### **Code Formatting and Styling** |
55 | | - |
56 | | -- **black:** Ensures consistent code formatting. |
57 | | -- **isort:** Manages import statements. |
58 | | - |
59 | | -### **Linting and Static Analysis** |
60 | | - |
61 | | -- **flake8:** For PEP 8 compliance and linting. |
62 | | -- **mypy:** Static type checking. |
63 | | -- **pyright:** Advanced type checking for Python. |
64 | | -- **pylint:** Code analysis for error detection and enforcing coding standards. |
65 | | - |
66 | | -### **Testing** |
67 | | - |
68 | | -- **pytest:** Framework for writing and executing tests. |
0 commit comments