hiroki-chen commented on issue #690: URL: https://github.com/apache/incubator-teaclave/issues/690#issuecomment-1537066323
1. Enclave's signing keys are generated on your own using tools like OpenSSL. This is an RSA asymmetric key pair. The `enclave_signing_key.pem` is the **private key** that is used by the `sgx_sign` tool to generate the signature of the enclave. The private key is crucial for the proof of the identity of the enclave provider. 2. We do not need a private key to **verify** the signature as we use **public key** instead. The public key is calculated from the private key directly and is embedded in the enclave's measurement which, upon the enclave is loaded, the hardware will verify the enclave measurement. Tampered `enclave.so` will be rejected. Hope this helps :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
