> For the complete documentation index, see [llms.txt](https://docs.enclaive.cloud/nitride/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.enclaive.cloud/nitride/documentation/concepts/totp.md). # TOTP **Time-based One-Time Passwords (TOTP)** are commonly used for user authentication, but in remote attestation, they can serve as a lightweight mechanism to ensure freshness and prevent replay attacks. Attestation technologies such as AMD SEV-SNP and Intel TDX offer hardware-based integrity and cryptographic identity, but they do not inherently prove the freshness of an attestation. By embedding a TOTP in the attestation payload, for example through a custom annotation, it becomes possible to confirm that the report was generated within a valid and recent time window. During provisioning, the attester and verifier share a TOTP secret. The attester includes a current TOTP value in the attestation. The verifier then independently calculates the expected TOTP and accepts the report only if it matches. This method offers a balance of simplicity and security: since the TOTP is embedded within the signed attestation and refreshes typically every 30 seconds and renders outdated reports invalid. It eliminates the need for nonce-based freshness checks while still guarding effectively against replay attacks. In practice, a confidential VM might include a TOTP token in its SEV-SNP attestation, allowing a verifier to confirm both the integrity and freshness of the attestation in a single step. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.enclaive.cloud/nitride/documentation/concepts/totp.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.