Attestation
Sealed class hierarchy representing different types of cryptographic attestation for device authentication.
Attestation provides a mechanism to verify the authenticity and integrity of cryptographic keys and the security environment in which they are generated and stored. This sealed class defines the available attestation modes that can be used during device registration and authentication.
The attestation system supports two primary modes:
None: No attestation verification, suitable for software-based keys
Default: Hardware-backed attestation with challenge verification
Attestation is particularly important in high-security environments where it's necessary to prove that keys are generated and stored in trusted hardware security modules (HSM) or secure enclaves rather than software-based keystores.
Key security benefits:
Verifies hardware-backed key generation
Proves keys cannot be extracted from secure storage
Validates the integrity of the authentication environment
Enables compliance with security standards and regulations
Example usage:
// No attestation (software keys)
val noAttestation = Attestation.None
// Hardware attestation with challenge
val challenge = generateSecureChallenge()
val hwAttestation = Attestation.Default(challenge)
// Conditional attestation based on device capability
val attestation = Attestation.fromBoolean(
value = deviceSupportsHardwareAttestation(),
challenge = serverChallenge
)Since
1.0.0
Parameters
Optional cryptographic challenge used for attestation verification. When provided, this challenge must be included in the attestation statement to prove freshness and prevent replay attacks.