Step 4: Verify the enclave and interact with the server

Step 4.1: Download the verifier

Download the verifier binary using:

wget http://public.artifacts.marlin.pro/projects/enclaves/verifier && chmod +x ./verifier

Step 4.2: Run the verifier

For this step, you would need the PCRs from step 2 as well as the IP of the enclave from step 3.

Run the verifier using

./verifier --endpoint http://<ip>:1300/attestation/raw --public key.pub --pcr0 "cfa7554f87ba13620037695d62a381a2d876b74c2e1b435584fe5c02c53393ac1c5cd5a8b6f92e866f9a65af751e0462" --pcr1 "bcdf05fefccaa8e55bf2c8d6dee9e79bbff31e34bf28a99aa19e6b29c37ee80b214a414b7607236edf26fcb78654e63f" --pcr2 "20caae8a6a69d9b1aecdf01a0b9c5f3eafd1f06cb51892bf47cef476935bfe77b5b75714b68a69146d650683a217c5b3" --max-age 300

The verifier queries the attestation server running on port 1300 for an attestation. It then verifies the attestation including whether the PCRs match the cli parameters. If verification is successful, it stores the public key of the enclave in key.pub.

Step 4.3: Interact with the server

Run

curl <ip>:4000

You should see Hello World! printed on the console.

caution

To keep it simple, the response above is not authenticated. A production deployment would use signed responses that are verifiable against the public key obtained in step 4.2.

Step 4.1: Download the verifier​

Step 4.2: Run the verifier​

Step 4.3: Interact with the server​

Step 4.1: Download the verifier

Step 4.2: Run the verifier

Step 4.3: Interact with the server