RubNoobs/Systemsicherheit
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Systemsicherheit/7-SGX_Hands-on
History
Sascha Tommasone 192c1b5a52
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m2s
Details
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m0s
Details
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 59s
Details
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 31s
Details
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 8s
Details
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 8s
Details
[Assignment-7] embedded_device
2024-07-06 17:38:02 +02:00
..
employee_keys [Assignment-7] add keys of alice 2024-07-06 14:57:50 +02:00
src [Assignment-7] embedded_device 2024-07-06 17:38:02 +02:00
test [Assignment-7] Flake + App base 2024-07-03 16:16:24 +02:00
.gitkeep [Assignment-7] Flake + App base 2024-07-03 16:16:24 +02:00
flake.lock [Assignment-7] Flake + App base 2024-07-03 16:16:24 +02:00
flake.nix [Assignment-7] Flake + App base 2024-07-03 16:16:24 +02:00
Makefile [Assignment-7] Flake + App base 2024-07-03 16:16:24 +02:00
README.md [Assignment-7] app restructure and cleanup 2024-07-06 17:25:34 +02:00

README.md

Usage

Setup

Initialize the Enclave keypair by executing: ./signatureproxy proxysetup -pkey <sealed_proxy_key.bin> > <proxy_public_key.pem>

Sign

  1. Create employee signature using ./signatureproxy employee -firm <firmware.bin> -ekey <employee_privat_key.pem> > <employee_signature.der> This step can also be done using OpenSSL: openssl dgst -sha256 -sign <employee_private_key.pem> -out <employee_signature.der> -in <firmware.bin>
  2. Use the signature proxy to resign the firmware using ./signatureproxy proxy -pkey <sealed_proxy_key.bin> -epub <employee_public_key.der> -firm <firmware.bin> > <proxy_signature.der> The enclave verifies the employee signature and signs the firmware if the signature is valid.
  3. Verify signature using cat <proxy_signature.der> | ./signatureproxy embedded -firm <firmware.bin> -ppub <proxy_public_key.pem> This step can also be done using OpenSSL: openssl dgst -sha256 -verify <proxy_public_key.pem> -signature <proxy-signature.der> <firmware.bin>