Attestation
From MgmtWiki
Full Title or Meme
Attestation in computing devices typically means a statement from a Trust Authority about the security of statements made by some other computing device.
Context
A Remote Attestation Service was proposed as a service that would accept statements from a TPM to verify that the code running on the computer was that approved by the manufacturer.
References
- Also see wiki page Attested for details of an Attestation.
Solutions
- Verifying hardware-backed key pairs with Key Attestation in Android for Smartphones.
Key Attestation gives you more confidence that the keys you use in your app are stored in a device's hardware-backed keystore. The link describes how to verify the properties of hardware-backed keys and how to interpret the schema of the attestation certificate's extension data.
- attestKey(_:clientDataHash:completionHandler:) Asks Apple to attest to the validity of a generated cryptographic key.