Skip to content

tinfoilsh/verifier

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

360 Commits
.github
.github
 
 
attestation
attestation
 
 
client
client
 
 
config
config
 
 
examples
examples
 
 
github
github
 
 
rootfetch
rootfetch
 
 
sigstore
sigstore
 
 
util
util
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

Tinfoil Verifier

Portable remote-attestation verifier & secure HTTP client for enclave-backed services.

Build Status

Overview

Tinfoil Verifier is a Go library that verifies the integrity of remote enclaves (AMD SEV-SNP & Intel TDX) and binds that verification to TLS connections. It also ships a drop-in secure http.Client that performs attestation transparently.

Features

  • Hardware-rooted remote attestation for AMD SEV-SNP & Intel TDX
  • Self-contained with no external attestation service
  • Secure HTTP client with automatic TLS certificate pinning
  • Sigstore integration for code provenance verification
  • Attested HPKE public keys for use with EHBP clients
  • Swift bindings via gomobile for iOS/macOS integration

Installation

go get github.com/tinfoilsh/verifier@latest

Quick Start

import "github.com/tinfoilsh/verifier/client"

// 1. Create a client
tinfoilClient := client.NewSecureClient("enclave.example.com", "org/repo")

// 2. Perform HTTP requests – attestation happens automatically
resp, err := tinfoilClient.Get("/api/data", nil)
if err != nil {
    log.Fatal(err)
}
log.Printf("Status: %s, Body: %s", resp.Status, string(resp.Body))

To verify manually and expose the verification state:

groundTruth, err := tinfoilClient.Verify()
if err != nil {
    log.Fatal(err)
}
// Access verified measurements and keys
log.Printf("TLS Cert Fingerprint: %s", groundTruth.TLSPublicKey)
log.Printf("HPKE Public Key: %s", groundTruth.HPKEPublicKey)

Secure HTTP Client

The client package wraps net/http and adds:

  1. Attestation gate – the first request verifies the enclave.
  2. TLS pinning – the enclave-generated certificate fingerprint is pinned for the session.
  3. Round-tripping helpers – convenience Get, Post methods.
headers := map[string]string{"Content-Type": "application/json"}
body    := []byte(`{"key": "value"}`)

resp, err := tinfoilClient.Post("/api/submit", headers, body)

For advanced usage retrieve the underlying *http.Client:

httpClient, err := tinfoilClient.HTTPClient()

Remote Attestation

Tinfoil Verifier currently supports two platforms:

Platform Technique Docs
AMD SEV-SNP VCEK certificates & SNP report validation AMD Spec
Intel TDX TDX quote validation & TD report checks Intel Guide

Verification Flow

sequenceDiagram
    participant Client
    participant Enclave
    participant TrustRoot
    participant Sigstore

    Client->>Enclave: Request attestation
    Enclave-->>Client: Report + TLS pubkey
    Client->>TrustRoot: Verify signature chain
    Client->>Sigstore: Fetch reference measurement
    Client->>Client: Compare measurements & pin cert
Loading

Note: The Bundled Verification flow aggregates all these steps into a single request via Tinfoil ATC.

Bundled Verification

You can fetch a pre-aggregated bundle from Tinfoil ATC (air-traffic-control) that contains all verification data in a single request:

Note: Bundled verification currently supports AMD SEV-SNP only. Intel TDX support is coming soon.

// Single-request verification via ATC
groundTruthJSON, err := client.VerifyFromATCJSON("org/repo", nil)
if err != nil {
    log.Fatal(err)
}

// Or via your own bundle proxy URL
groundTruthJSON, err := client.VerifyFromATCURLJSON("https://proxy.example.com", "org/repo", nil)

If you've already fetched the bundle yourself:

groundTruthJSON, err := client.VerifyFromBundleJSON(bundleJSON, "org/repo", nil)

JavaScript / TypeScript / WASM

JavaScript / TypeScript SDK

For production JavaScript/TypeScript applications, use the tinfoil-js package, which provides:

  • OpenAI-compatible API with built-in verification
  • Native JavaScript verification implementation
  • EHBP (Encrypted HTTP Body Protocol) for end-to-end encryption
  • Support for browsers, Node.js 20+, Deno, Bun, and Cloudflare Workers
  • Comprehensive verification reporting with step-by-step diagnostics
npm install tinfoil

See the tinfoil-js documentation for usage examples.

Auditing the Verification Code

  1. Certificate chain – see /attestation/genoa_cert_chain.pem
  2. Attestation verification – platform-specific attestation logic:
  3. Measurement comparison – see Measurement.Equals() in /attestation/attestation.go
  4. Code provenance verification – Sigstore/Rekor integration in /sigstore/sigstore.go
  5. End-to-end verification flowclient.Verify() in /client/client.go

Reporting Vulnerabilities

Please report security vulnerabilities by either:

We aim to respond to (legitimate) security reports within 24 hours.

About

Tinfoil client-side enclave and runtime verifier

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

21 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases 48

v0.11.3 Latest
Feb 17, 2026
+ 47 releases

Packages

No packages published

Contributors 7

Languages