arc (attestation result command) allows:
- synthesising attestation results in EAR (EAT Attestation Result) format,
- cryptographically verifying and displaying the contents of an EAR
The create sub-command is used to synthesise an EAR given the full claims-set.
arc create \
[--claims <file>] \
[--skey <signing key>] \
[--alg <alg>] \
<jwt-file>| parameter | meaning |
|---|---|
--claims |
EAR claims-set in JSON (default to ${PWD}/ear-claims.json) |
--skey |
signing key in JWK format (default to ${PWD}/skey.json) |
--alg |
JWS algorithm |
<jwt-file> |
the signed EAR claims-set in JWT format |
A one-liner saying success status and path of the JWT file that was created.
The verify sub-command is used to cryptographically verify and pretty-print the contents of a EAR, including the trustworthiness vector.
arc verify \
[--pkey <file>] \
[--alg <alg>] \
[--verbose] \
[--color] \
<jwt-file>| parameter | meaning |
|---|---|
--pkey |
verification key in JWK format (default to ${PWD}/pkey.json) |
--alg |
JWS algorithm |
--verbose |
trustworthiness vector detailed report (default is brief) |
--color |
trustworthiness vector report colourises the tiers (default is B&W) |
<jwt-file> |
a JWT wrapping an EAR claims-set |
- Validation status of the cryptographic signature.
If successful:
- The EAR claims-set is printed to stdout.
- If present, the decoded trust vector is also printed to stdout (the exact format depends on
--verboseand--color).