Assignment 7 sgximpl: readme compilation hint
This commit is contained in:
parent
f088d661af
commit
ff8779256c
1 changed files with 11 additions and 18 deletions
|
@ -1,18 +1,3 @@
|
||||||
<<<<<<< HEAD
|
|
||||||
# Usage
|
|
||||||
## Setup
|
|
||||||
Initialize the Enclave keypair by executing:
|
|
||||||
`./signatureproxy proxysetup -pkey <sealed_proxy_key.bin> > <proxy_public_key.pem>`
|
|
||||||
|
|
||||||
## Sign
|
|
||||||
1. Create employee signature using `./signatureproxy employee -firm <firmware.bin> -ekey <employee_privat_key.pem> > <employee_signature.der>`
|
|
||||||
This step can also be done using OpenSSL: `openssl dgst -sha256 -sign <employee_private_key.pem> -out <employee_signature.der> -in <firmware.bin>`
|
|
||||||
2. Use the signature proxy to resign the firmware using `./signatureproxy proxy -pkey <sealed_proxy_key.bin> -epub <employee_public_key.der> -firm <firmware.bin> > <proxy_signature.der>`
|
|
||||||
The enclave verifies the employee signature and signs the firmware if the signature is valid.
|
|
||||||
3. Verify signature using `cat <proxy_signature.der> | ./signatureproxy embedded -firm <firmware.bin> -ppub <proxy_public_key.pem>`
|
|
||||||
This step can also be done using OpenSSL: `openssl dgst -sha256 -verify <proxy_public_key.pem> -signature <proxy-signature.der> <firmware.bin>`
|
|
||||||
|
|
||||||
=======
|
|
||||||
# Signature Relay for firmware
|
# Signature Relay for firmware
|
||||||
|
|
||||||
Documentation of
|
Documentation of
|
||||||
|
@ -45,7 +30,15 @@ out
|
||||||
└── obj <- here are the object files generated by the compiling process
|
└── obj <- here are the object files generated by the compiling process
|
||||||
```
|
```
|
||||||
|
|
||||||
## Usage
|
# Usage
|
||||||
|
## Setup
|
||||||
|
Initialize the Enclave keypair by executing:
|
||||||
|
`./signatureproxy proxysetup -pkey <sealed_proxy_key.bin> > <proxy_public_key.pem>`
|
||||||
|
|
||||||
|
## Sign
|
||||||
>>>>>>> c1d9d30 (Assignment 7 sgximpl: README.md compiling)
|
1. Create employee signature using `./signatureproxy employee -firm <firmware.bin> -ekey <employee_privat_key.pem> > <employee_signature.der>`
|
||||||
|
This step can also be done using OpenSSL: `openssl dgst -sha256 -sign <employee_private_key.pem> -out <employee_signature.der> -in <firmware.bin>`
|
||||||
|
2. Use the signature proxy to resign the firmware using `./signatureproxy proxy -pkey <sealed_proxy_key.bin> -epub <employee_public_key.der> -firm <firmware.bin> > <proxy_signature.der>`
|
||||||
|
The enclave verifies the employee signature and signs the firmware if the signature is valid.
|
||||||
|
3. Verify signature using `cat <proxy_signature.der> | ./signatureproxy embedded -firm <firmware.bin> -ppub <proxy_public_key.pem>`
|
||||||
|
This step can also be done using OpenSSL: `openssl dgst -sha256 -verify <proxy_public_key.pem> -signature <proxy-signature.der> <firmware.bin>`
|
||||||
|
|
Loading…
Reference in a new issue