代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/secGear 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 4320c1816627fbeff32c4388c36b31eeea24d629 Mon Sep 17 00:00:00 2001
From: gaoyusong <gaoyusong1@huawei.com>
Date: Mon, 15 Nov 2021 12:39:39 +0800
Subject: [PATCH] optimize the private key usage of the single-step signature
method
Signed-off-by: gaoyusong <gaoyusong1@huawei.com>
---
docs/sign_tool.md | 3 ++-
examples/helloworld/enclave/config_cloud.ini | 1 +
examples/seal_data/enclave/config_cloud.ini | 1 +
tools/sign_tool/sign_tool.sh | 3 ++-
4 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/docs/sign_tool.md b/docs/sign_tool.md
index a092f19..1da6d06 100644
--- a/docs/sign_tool.md
+++ b/docs/sign_tool.md
@@ -47,7 +47,8 @@ The tool supports the following two modes:
The dump command is used to generate metadata for sgx signed enclave.
-i <file> input parameter, which is enclave to be signed for digest/sign command, and signed enclave for
dump command.
- -k <file> private key required for single-step method.
+ -k <file> private key required for single-step method. NOTE: single-step method is only for the dubug mode,
+ plaintext private key does exist in the production environment.
-m <file> additional config_cloud.ini for trustzone.
-o <file> output parameter, the sign command outputs signed enclave, the digest command outputs signing
material, the dump command outputs data containing the SIGStruct metadata for the SGX signed
diff --git a/examples/helloworld/enclave/config_cloud.ini b/examples/helloworld/enclave/config_cloud.ini
index 552f59c..0960436 100644
--- a/examples/helloworld/enclave/config_cloud.ini
+++ b/examples/helloworld/enclave/config_cloud.ini
@@ -27,6 +27,7 @@ encryptKeyLen = 3072
signType = 1
;;;
;private key for signing TA
+;this private key is only for the dubug mode so plaintext private key does exist in the production environment
;[private key owned by yourself]
signKey = ../../examples/helloworld/enclave/cert/private_key.pem
;;;
diff --git a/examples/seal_data/enclave/config_cloud.ini b/examples/seal_data/enclave/config_cloud.ini
index f0c0e39..2b8a79c 100644
--- a/examples/seal_data/enclave/config_cloud.ini
+++ b/examples/seal_data/enclave/config_cloud.ini
@@ -27,6 +27,7 @@ encryptKeyLen = 3072
signType = 1
;;;
;private key for signing TA
+;this private key is only for the dubug mode so plaintext private key does exist in the production environment
;[private key owned by yourself]
signKey = ../../examples/seal_data/enclave/cert/private_key.pem
;;;
diff --git a/tools/sign_tool/sign_tool.sh b/tools/sign_tool/sign_tool.sh
index 0435a67..daca711 100755
--- a/tools/sign_tool/sign_tool.sh
+++ b/tools/sign_tool/sign_tool.sh
@@ -31,7 +31,8 @@ print_help(){
echo " The dump command is used to generate metadata for sgx signed enclave."
echo "-i <file> input parameter, which is enclave to be signed for digest/sign command, and signed enclave for"
echo " dump command."
- echo "-k <file> private key required for single-step method."
+ echo "-k <file> private key required for single-step method. NOTE: single-step method is only for the dubug mode,"
+ echo " plaintext private key does exist in the production environment."
echo "-m <file> additional config_cloud.ini for trustzone."
echo "-o <file> output parameter, the sign command outputs signed enclave, the digest command outputs signing"
echo " material, the dump command outputs data containing the SIGStruct metadata for the SGX signed"
--
2.23.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手