# Usage
## Setup
Initialize the Enclave keypair by executing:
`./signatureproxy proxysetup -pkey <sealed_proxy_key.bin> > <proxy_public_key.pem>` 

## Sign
1. Create employee signature using `./signatureproxy employee -firm <firmware.bin> -ekey <employee_privat_key.pem> > <employee_signature.der>`
   This step can also be done using OpenSSL: `openssl dgst -sha256 -sign <employee_private_key.pem> -out <employee_signature.der> -in <firmware.bin>`
2. Use the signature proxy to resign the firmware using `./signatureproxy proxy -pkey <sealed_proxy_key.bin> -epub <employee_public_key.der> -firm <firmware.bin> > <proxy_signature.der>`
   The enclave verifies the employee signature and signs the firmware if the signature is valid.
3. Verify signature using `cat <proxy_signature.der> | ./signatureproxy embedded -firm <firmware.bin> -ppub <proxy_public_key.pem>` 
   This step can also be done using OpenSSL: `openssl dgst -sha256 -verify <proxy_public_key.pem> -signature <proxy-signature.der> <firmware.bin>`