trust-center - npm explorer

npm install trust-center

![trust-center](https://trust.multifactor.com "trust-center")

Multifactor Trust Center

![GitHub issues](https://github.com/multifactor/trust-center/issues)
![GitHub tag](https://github.com/multifactor/trust-center/tags)
![GitHub release](https://github.com/multifactor/trust-center/releases)
![NPM release](https://www.npmjs.com/package/trust-center)

Site |
Docs |
Contributing |
Security |
Multifactor |
Author

The Multifactor Trust Center provides tools for interacting with trusted computing devices such as Intel SGX and AWS Nitro enclaves. Validate attestation documents, verify cryptographic proofs, and encrypt secrets for use in enclaves using PGP, either manually via the online portal (trust.multifactor.com) or programmatically via the trust-center SDK. The trust center is entirely open source, requires no network connectivity, and is hosted on GitHub pages to ensure public auditability.

Demo

Try using the link below to validate this AWS Nitro attestation document using the online portal, which will check that its signatures are valid and that the PCR0 value matches the value passed in the URL:

https://trust.multifactor.com/?pcr0=1595770e76cea659a5650a88b965b053eb66a0ce5a60a460223d50ff1d16b394d2651b130a38af4ccd818ad8cf42c963#/nitro

Download

$3

Download Latest Release

Installation

$3

Get the latest tag with SRI from jsDelivr (recommended), or include the latest version automatically like so:

$3

npm install trust-center

$3

const trust-center = require('trust-center');

Note: The SDK uses crypto.X509Certificate for certificate validation and thus requires Node.js v15.6.0 or later.

Usage

The following code snippet uses the trust-center SDK to verify an AWS Nitro attestation document and then encrypt a secret for use within the enclave.

``



// add required dependencies

const trust = require('trust-center')

const fs = require('fs')

const path = require('path')



// load attestation document in CBOR format

const attestationDocument = fs.readFileSync(path.join(__dirname, 'attestation.cbor'))

// parse and validate attestation document

const attestationResult = await trust.enclaves.nitro.verifyAttestation(attestationDocument)



// verify attestation document validity

if (!attestationResult.valid) throw new Error('Failed to validate enclave attestation: ' + attestationResult.reason)

// check that pcr0 matches desired enclave image file hash

if (attestationResult.attr.pcr0 !== '1595770e76cea659a5650a88b965b053eb66a0ce5a60a460223d50ff1d16b394d2651b130a38af4ccd818ad8cf42c963') throw new Error('Failed to validate enclave attestation')



// encrypt secret for enclave using PGP

const encrypted = await trust.secrets.encryptForEnclave(attestationResult, 'my secret')

console.log(encrypted) // -> '-----BEGIN PGP MESSAGE ... END PGP MESSAGE-----'