Attestation Explorer

Use this tool to validate an attestation document from a AWS Nitro Enclave in CBOR/COSE format. An attestation from a secure enclave proves that data was processed within an enclave.

Attestations may contain sensitive information. We don't record anything uploaded here, but you should be careful where you share them.

Drag to upload attestation document
Attestation is valid
CertExpired

Module ID

- Issuing Nitro hypervisor module ID
Guide
Start enclaves with docker run
Guide
Store enclave images in a container registry

Creation Timestamp

- When the document was created

Certificate Chain

- Validate that the document is tied to a valid root of trust

PCRs

- Values of all locked and non-zero PCRs at the moment the attestation document was generated
Guide
KMS key policies using PCR values

Nonce

(base64) - Optional value used as a proof of authenticity that your data is the subject of the attestation document
Guide
Include a nonce in your attestations to avoid replays

User Data

(base64) - Optional additional user data signed by the enclave
Guide
Reference data in your attestations for signing operations

Public Key

(base64) - Optional DER-encoded key you can use to encrypt data to be read by the enclave