Code
The same attestation scheme from how it works — implemented in Python, JavaScript, and Rust. Every sample on this page has actually been run and checked for a correct roundtrip and both required tampering paths (a reused signature over new code, and an honestly re-signed but measurement-mismatched quote); none of this is pseudocode. Remember: this is the attestation half only — see what a TEE is for why the actual hardware isolation can’t be shown as code at all.
Python
Uses cryptography, the standard, audited
Python cryptography library’s Ed25519 implementation.
import hashlib
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from cryptography.exceptions import InvalidSignature
def measure(code: str) -> bytes:
"""The "measurement" — a hash of the enclave's code."""
return hashlib.sha256(code.encode()).digest()
def make_quote(code: str, sk: Ed25519PrivateKey) -> dict:
"""R = measure(code), signed by the manufacturer key."""
measurement = measure(code)
signature = sk.sign(measurement)
return {"measurement": measurement, "signature": signature}
def verify_quote(quote: dict, pk, expected_measurement: bytes) -> dict:
"""Two independent checks: signature validity, and a measurement match."""
try:
pk.verify(quote["signature"], quote["measurement"])
signature_valid = True
except InvalidSignature:
signature_valid = False
measurement_matches = quote["measurement"] == expected_measurement
return {
"signature_valid": signature_valid,
"measurement_matches": measurement_matches,
"valid": signature_valid and measurement_matches,
}
# --- usage ---
manufacturer_sk = Ed25519PrivateKey.generate()
manufacturer_pk = manufacturer_sk.public_key()
honest_code = "function add(a, b) {\n return a + b;\n}"
tampered_code = "function add(a, b) {\n return a + b + 1;\n}"
expected = measure(honest_code)
honest_quote = make_quote(honest_code, manufacturer_sk)
assert verify_quote(honest_quote, manufacturer_pk, expected)["valid"]
# tampering path 1: reuse the old signature over the new measurement
fake_quote = {"measurement": measure(tampered_code), "signature": honest_quote["signature"]}
assert not verify_quote(fake_quote, manufacturer_pk, expected)["valid"]
# tampering path 2: honestly re-sign the tampered code — still rejected,
# because the measurement itself no longer matches what was expected
resigned_quote = make_quote(tampered_code, manufacturer_sk)
result = verify_quote(resigned_quote, manufacturer_pk, expected)
assert result["signature_valid"] and not result["measurement_matches"] and not result["valid"]
JavaScript
This is the same implementation running live in the demo on this site —
see
src/lib/attestation.js
in the site’s own repository. Uses
@noble/curves (Ed25519) and
@noble/hashes (SHA-256).
import { ed25519 } from '@noble/curves/ed25519.js';
import { sha256 } from '@noble/hashes/sha2.js';
// The "measurement" — a hash of the enclave's code.
function measure(code) {
return sha256(new TextEncoder().encode(code));
}
// R = measure(code), signed by the manufacturer key.
function makeQuote(code, manufacturerSecretKey) {
const measurement = measure(code);
const signature = ed25519.sign(measurement, manufacturerSecretKey);
return { measurement, signature };
}
// Two independent checks: signature validity, and a measurement match.
function verifyQuote(quote, manufacturerPublicKey, expectedMeasurement) {
const signatureValid = ed25519.verify(quote.signature, quote.measurement, manufacturerPublicKey);
const measurementMatches = toHex(quote.measurement) === toHex(expectedMeasurement);
return { signatureValid, measurementMatches, valid: signatureValid && measurementMatches };
}
function toHex(bytes) {
return Array.from(bytes).map((b) => b.toString(16).padStart(2, '0')).join('');
}
Rust
Uses ed25519-dalek, the RustCrypto
project’s audited Ed25519 implementation.
use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey};
use rand::rngs::OsRng;
use sha2::{Digest, Sha256};
/// The "measurement" — a hash of the enclave's code.
fn measure(code: &str) -> [u8; 32] {
Sha256::digest(code.as_bytes()).into()
}
struct Quote {
measurement: [u8; 32],
signature: Signature,
}
/// R = measure(code), signed by the manufacturer key.
fn make_quote(code: &str, sk: &SigningKey) -> Quote {
let measurement = measure(code);
let signature = sk.sign(&measurement);
Quote { measurement, signature }
}
struct VerifyResult {
signature_valid: bool,
measurement_matches: bool,
valid: bool,
}
/// Two independent checks: signature validity, and a measurement match.
fn verify_quote(quote: &Quote, pk: &VerifyingKey, expected: &[u8; 32]) -> VerifyResult {
let signature_valid = pk.verify("e.measurement, "e.signature).is_ok();
let measurement_matches = quote.measurement == *expected;
VerifyResult { signature_valid, measurement_matches, valid: signature_valid && measurement_matches }
}
fn main() {
let mut csprng = OsRng;
let manufacturer_sk = SigningKey::generate(&mut csprng);
let manufacturer_pk = manufacturer_sk.verifying_key();
let honest_code = "function add(a, b) {\n return a + b;\n}";
let tampered_code = "function add(a, b) {\n return a + b + 1;\n}";
let expected = measure(honest_code);
let honest_quote = make_quote(honest_code, &manufacturer_sk);
assert!(verify_quote(&honest_quote, &manufacturer_pk, &expected).valid);
// tampering path 1: reuse the old signature over the new measurement
let fake_quote = Quote { measurement: measure(tampered_code), signature: honest_quote.signature };
assert!(!verify_quote(&fake_quote, &manufacturer_pk, &expected).valid);
// tampering path 2: honestly re-sign the tampered code — still
// rejected, because the measurement no longer matches what was expected
let resigned_quote = make_quote(tampered_code, &manufacturer_sk);
let result = verify_quote(&resigned_quote, &manufacturer_pk, &expected);
assert!(result.signature_valid && !result.measurement_matches && !result.valid);
}
Sources: implements the construction derived on how it
works. The Python sample uses
cryptography; the JavaScript sample uses
@noble/curves and
@noble/hashes; the Rust
sample uses ed25519-dalek.