arc

Attestation Result Command

arc (attestation result command) allows:

• synthesising attestation results in EAR (EAT Attestation Result) format,
• cryptographically verifying and displaying the contents of an EAR
• printing the EAR header and payload without verification

Create

The create sub-command is used to synthesise an EAR given the full claims-set.

arc create \
    [--claims <file>] \
    [--skey <signing key>] \
    [--alg <alg>] \
    <jwt-file>

Parameters

Output

A one-liner saying success status and path of the JWT file that was created.

Verify

The verify sub-command is used to cryptographically verify and pretty-print the contents of a EAR, including the trustworthiness vector.

arc verify \
    [--pkey <file>] \
    [--alg <alg>] \
    [--verbose] \
    [--color] \
    <jwt-file>

Parameters

If the --pkey parameter is omitted or the default file name is specified, the key from the file will be used if it exists, ignoring the keys in the JWT header. Instead, if the file is missing, the public key and algorithm from the JWT header will be used.

Output

• Validation status of the cryptographic signature.

If successful:

• The EAR claims-set is printed to stdout.
• If present, the decoded trust vector is also printed to stdout (the exact format depends on --verbose and --color).

Print

The print sub-command is used to print the contents of a EAR, including the header. Neither EAR validation nor verification is executed.

arc verify <jwt-file>

Parameters

Output

If EAR is successfully parsed:

• The EAR header and payload are printed to stdout.