#aws #nitro-enclaves #enclaves #attestation #evervault


A Rust library for attesting enclaves according to the Evervault Attestation scheme. This crate is used to generate ffi bindings.

11 releases

0.6.3 Sep 7, 2023
0.6.2 Aug 31, 2023
0.6.0 Apr 25, 2023
0.5.0-beta Feb 7, 2023
0.4.0 Jan 31, 2023

#280 in FFI

Download history 9/week @ 2023-06-03 12/week @ 2023-06-10 23/week @ 2023-06-17 47/week @ 2023-06-24 13/week @ 2023-07-01 33/week @ 2023-07-08 9/week @ 2023-07-15 59/week @ 2023-07-22 3/week @ 2023-07-29 12/week @ 2023-08-05 5/week @ 2023-08-12 106/week @ 2023-08-19 499/week @ 2023-08-26 526/week @ 2023-09-02 81/week @ 2023-09-09 266/week @ 2023-09-16

1,373 downloads per month



Attestation Doc Validation

This library exposes the high level functions required by Evervault Clients to attest a Cage per the defined Attestation Protocol.

The library has been design to allow for bindings to be generated for multiple languages on top of the Rust crate, and should also expose enough logic to be composable for alternative Nitro Enclaves Attestation protocols.

The project makes use of cargo make to provide high level workflows, which can be found in the Makefile.toml.


The project is split into 2 core modules:

  • attestation_doc.rs covers all validation and parsing relating to Nitro Enclaves attestation documents.
  • cert.rs covers all validation and parsing of X509 certs. This is to allow clients to pass off the raw pem or der encoded certs from their enclave connection to be attested.

Two high level helpers are exposed from lib.rs:

  • attestation_doc_validation::parse_cert — This is a helper for parsing bytes into an X509 instance and is reasonably generic.
  • attestation_doc_validation::validate_attestation_doc_in_cert — This drives the entire Evervault Attestation Protocol.

The underlying API is exposed through submodules. You can read more about the APIs exposed in our docs.


~395K SLoC