A Node.js web service for processing Intel SGX and TDX DCAP quotes, extracting platform identifiers, and generating JWT tokens for verified enclaves.
This service validates SGX and TDX quotes, extracts the PPID (Platform Provisioning ID), checks against a whitelist, and returns a JWT token for authenticated enclaves. It's designed for Intel SGX and TDX attestation workflows.
- Quote Processing: Validates SGX and TDX DCAP quotes in hexadecimal format
- PPID Extraction: Extracts Platform Provisioning ID from quote data
- Machine ID Generation: Creates unique machine identifiers from PPID
- Whitelist Verification: Checks machine IDs against a whitelist taken from proofofcloud database of verified machines
- JWT Generation: Issues RS256-signed JWT tokens for verified quotes
Processes an SGX or TDX quote and returns verification results.
Request Body:
{
"quote": "hex_encoded_sgx_or_tdx_quote"
}Response:
{
"machineId": "truncated_sha256_of_ppid",
"label": "machine label",
"jwt": "rs256_signed_jwt_token"
}Verifies JWT token generated for the provided quote.
Request Body:
{
"quote": "hex_encoded_sgx_or_tdx_quote",
"jwt": "hex_encoded_sgx_or_tdx_quote"
}Response:
{
"valid": "true|false",
"keyId": "key id of the signer",
"label": "machine label",
}Health check endpoint that returns service status.
sudo docker run \
-d \
--rm \
-p 8080:8080 \
-v /var/run/docker.sock:/var/run/docker.sock \
ghcr.io/proofofcloud/trust-server:sha-f0da9229689b0f6f44fb08ab20170e8f92f0f316
The service will run on http://localhost:8080