KeyOperationAttestation

Contains an HSM-generated attestation about a key operation. For more information, see Verifying attestations.

JSON representation
{
  "format": enum (AttestationFormat),
  "content": string,
  "certChains": {
    object (CertificateChains)
  }
}
Fields
format

enum (AttestationFormat)

Output only. The format of the attestation data.

content

string (bytes format)

Output only. The attestation data provided by the HSM when the key operation was performed.

A base64-encoded string.

certChains

object (CertificateChains)

Output only. The certificate chains needed to validate the attestation

AttestationFormat

Attestation formats provided by the HSM.

Enums
ATTESTATION_FORMAT_UNSPECIFIED Not specified.
CAVIUM_V1_COMPRESSED

Cavium HSM attestation compressed with gzip. Note that this format is defined by Cavium and subject to change at any time.

See https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html.

CAVIUM_V2_COMPRESSED Cavium HSM attestation V2 compressed with gzip. This is a new format introduced in Cavium's version 3.2-08.

CertificateChains

Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2.

JSON representation
{
  "caviumCerts": [
    string
  ],
  "googleCardCerts": [
    string
  ],
  "googlePartitionCerts": [
    string
  ]
}
Fields
caviumCerts[]

string

Cavium certificate chain corresponding to the attestation.

googleCardCerts[]

string

Google card certificate chain corresponding to the attestation.

googlePartitionCerts[]

string

Google partition certificate chain corresponding to the attestation.