Tag: Google

  • Work with Google Integrity verdicts on .NET C#

    There are no clear examples of how an Attestation statement can be verified on C# locally.
    Spent sometime to get it working.

    var decryptionKey = Convert.FromBase64String("<DECRYPTION KEY");
    var verificationKey = Convert.FromBase64String("<VERIFICATION KEY");
    var signedAttestationStatement = "<ATTESTATION STATEMENT";
    var ecDsa = ECDsa.Create();
    ecDsa.ImportSubjectPublicKeyInfo(new ReadOnlySpan<byte(verificationKey), out _);
    var decrypted = Jose.JWT.Decode(signedAttestationStatement, decryptionKey);
    var payload = Jose.JWT.Decode(decrypted, ecDsa);