Paul Zinselmeyer
fded121689
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 59s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m4s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 54s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 32s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 9s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 9s
|
||
|---|---|---|
| .. | ||
| employee_keys | ||
| src | ||
| test | ||
| .gitkeep | ||
| flake.lock | ||
| flake.nix | ||
| Makefile | ||
| README.md | ||
Usage
Setup
Initialize the Enclave keypair by executing:
./signatureproxy proxysetup -pkey <sealed_proxy_key.bin> > <proxy_public_key.pem>
Sign
- Create employee signature using
./signatureproxy employee -firm <firmware.bin> -ekey <employee_privat_key.pem> > <employee_signature.der>This step can also be done using OpenSSL:openssl dgst -sha256 -sign <employee_private_key.pem> -out <employee_signature.der> -in <firmware.bin> - Use the signature proxy to resign the firmware using
./signatureproxy proxy -pkey <sealed_proxy_key.bin> -epub <employee_public_key.der> -firm <firmware.bin> > <proxy_signature.der>The enclave verifies the employee signature and signs the firmware if the signature is valid. - Verify signature using
cat <proxy_signature.der> | ./signatureproxy embedded -firm <firmware.bin> -ppub <proxy_public_key.pem>This step can also be done using OpenSSL:openssl dgst -sha256 -verify <proxy_public_key.pem> -signature <proxy-signature.der> <firmware.bin>