You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by ms...@apache.org on 2019/12/24 23:02:09 UTC

[incubator-teaclave] branch master updated: [keys] Cleanup keys/certs and update README.md (#191)

This is an automated email from the ASF dual-hosted git repository.

mssun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git


The following commit(s) were added to refs/heads/master by this push:
     new 9138c5d  [keys] Cleanup keys/certs and update README.md (#191)
9138c5d is described below

commit 9138c5d8f1af8ebc8fb7f39bf0cdaa88a6321373
Author: Mingshen Sun <bo...@mssun.me>
AuthorDate: Tue Dec 24 15:02:03 2019 -0800

    [keys] Cleanup keys/certs and update README.md (#191)
---
 keys/README.md           | 33 +++++++++------------------------
 keys/auditors/README.md  | 26 --------------------------
 keys/sp_root_ca_cert.pem | 13 -------------
 keys/sp_root_ca_key.pem  |  8 --------
 4 files changed, 9 insertions(+), 71 deletions(-)

diff --git a/keys/README.md b/keys/README.md
index 9c551ea..e967463 100644
--- a/keys/README.md
+++ b/keys/README.md
@@ -1,26 +1,11 @@
-# Testing Keys/Certificates
+# Keys and Certificates in Teaclave
 
-This directory contains keys/certificates that are used in the prototype. Note
-that these are only testing keys. Do not use them in production.
+This directory contains keys and certificates used in the Teaclave platform.
+Note that these are only for demonstration. *DO NOT use them in production.*
 
-* AttestationReportSigningCACert.pem:
-	- Intel Attestation Service (IAS) certificate obtained from
-	  [here](https://software.intel.com/sites/default/files/managed/7b/de/RK_PUB.zip).
-* ca.crt:
-	- clients are authenticated during mutual TLS communications, so we need to
-	  (offline) issue certificates to them. This is the CA certificate for
-testing purpose.
-* client.crt:
-	- client's certificate used in mutual TLS authentication (issued by
-	  ca.crt).
-* client.pkcs8:
-	- client's private key used in mutual TLS authentication (matching
-	  client.crt).
-* mr_signer:
-	- SHA256 digest of the big endian format modulus of the RSA public key of
-	  the enclave’s signing key. The value we put here matches our [testing
-signing key](../build/Enclave_private.pem).
-
-After the registration with IAS, you will be issued a service provider ID
-(SPID) via email. You need to provide an spid.txt file containing your SPID
-string such as ``ABCDEFGHIJKLMNOPQRSTUVWXYZ012345`` in this directory.
+- `enclave_signing_key.pem`: private key to sign SGX enclaves
+- `ias_root_ca_cert.pem`: attestation report root CA certificate for Intel SGX
+  Attestation Service, obtained from the
+  [service website](https://api.portal.trustedservices.intel.com/EPID-attestation)
+- `auditors`: contains auditors' keys to sign the *enclave info* for mutual
+  attestation
diff --git a/keys/auditors/README.md b/keys/auditors/README.md
deleted file mode 100644
index 377041b..0000000
--- a/keys/auditors/README.md
+++ /dev/null
@@ -1,26 +0,0 @@
-# Auditors' Credentials
-
-[Here](../docs/mutual_attestation.md) explains why we need auditors for MesaTEE
-enclaves. And this directory contains three demo auditors for testing purposes.
-Each auditor has his/her own asymmetric key pair and will sign MesaTEE enclaves
-only if the enclaves can pass the audting process:
-
-```
-openssl dgst -sha256 -sign private.pem -out sign.sha256 enclave_info.toml
-```
-
-The enclave_info.toml above contains the MRSIGNER (enclave signer's identity)
-and MRENCLAVE (enclave's measurement) value pairs of all MesaTEE enclaves. A
-sample entry looks like:
-
-```
-kms
-
-mrsigner->value:
-0x83 0xd7 0x19 0xe7 0x7d 0xea 0xca 0x14 0x70 0xf6 0xba 0xf6 0x2a 0x4d 0x77 0x43
-0x03 0xc8 0x99 0xdb 0x69 0x02 0x0f 0x9c 0x70 0xee 0x1d 0xfc 0x08 0xc7 0xce 0x9e
-
-metadata->enclave_css.body.enclave_hash.m:
-0xe3 0x2d 0x40 0xa9 0xf0 0x29 0xb3 0xba 0xa1 0xf7 0xf9 0x15 0xcc 0x2b 0x35 0xa4
-0xb6 0xe6 0xe1 0x67 0x67 0xbb 0x8b 0x53 0x94 0x1e 0x59 0x63 0xe2 0x1e 0x35 0xb5
-```
diff --git a/keys/sp_root_ca_cert.pem b/keys/sp_root_ca_cert.pem
deleted file mode 100644
index 9fd9291..0000000
--- a/keys/sp_root_ca_cert.pem
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB5DCCAYugAwIBAgIJAKiaGxooa8n+MAoGCCqGSM49BAMCME8xCzAJBgNVBAYT
-AlVTMQswCQYDVQQIDAJDQTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkg
-THRkMRAwDgYDVQQDDAdNZXNhVEVFMB4XDTE4MDkwNjIxNDA0MloXDTI4MDkwMzIx
-NDA0MlowTzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMSEwHwYDVQQKDBhJbnRl
-cm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMMB01lc2FURUUwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAARtVTSgYRO4705gIYA8jLI3mLdGsVmpYFoE8EIWPxWy
-OgAw5qC6Yr4XFjtQuCF8COYCa8QREeYDZTR9xvqsdZT0o1AwTjAdBgNVHQ4EFgQU
-rPy6Pz/NV6jhmu7gK8EtWCnSiUowHwYDVR0jBBgwFoAUrPy6Pz/NV6jhmu7gK8Et
-WCnSiUowDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBCrqD8MQpzw6h5
-YzUgaOSirSRHP4ttNq6e5r0QWMbeqAIgPqY/wh+deICX84whZExBgKEMnAHA23X5
-KHk00RMV/vY=
------END CERTIFICATE-----
diff --git a/keys/sp_root_ca_key.pem b/keys/sp_root_ca_key.pem
deleted file mode 100644
index 47ee811..0000000
--- a/keys/sp_root_ca_key.pem
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN EC PARAMETERS-----
-BggqhkjOPQMBBw==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIIYNTGhDVj0XKpNhlaHZhv8R8kZopjQg+3lLUiKWJpe2oAoGCCqGSM49
-AwEHoUQDQgAEbVU0oGETuO9OYCGAPIyyN5i3RrFZqWBaBPBCFj8VsjoAMOagumK+
-FxY7ULghfAjmAmvEERHmA2U0fcb6rHWU9A==
------END EC PRIVATE KEY-----


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org