The Intel(R) Enhanced Privacy ID Software Development Kit
Clone or download
mav-intel Release SDK 7.0.0
Added
-----

- The SDK now includes a command-line tool to create join requests
  used for join based provisioning.

- The SDK now includes a command-line tool to create member pairing
  pre-computation blobs from issuer material so that device
  manufacturers can more easily pre-provision devices.

- The `EpidMemberWritePrecomp` API was reintroduced to allow the
  pairing pre-computation blob to be serialized. The serialized blob
  can be used speed up future sessions.

- Full signature pre-computation was added to non-split member to speed up
  signing for constrained devices.

Changed
-------

- The SDK has been updated to support split signatures aligned with
  TPM 2.0 v1.38. Signatures created in split-signature mode can only
  be verified with a split-signature aware verifier. The SDK builds in
  non-split mode by default.

- Verifier API updated to support split and non-split signatures.

    - Parameters changed
        - `EpidVerify`
    - Removed or made private
        - `EpidVerifyBasicSig`
        - `EpidNrVerify`
        - `EpidCheckPrivRlEntry`

- SDK functions now use the hash algorithm encoded in the group ID by
  default. You can still override the default hash algorithm using
  `EpidMemberSetHashAlg` or `EpidVerifierSetHashAlg`.

Known Issues
------------

- Only the SHA-256 hash algorithm is supported when using the SDK with
  the IBM TPM simulator due to a defect in version 1119 of the
  simulator.

- Basenames are limited to 124 bytes in TPM mode.

- Scons build will not work natively on ARM. You can still build using
  `make` or cross compile.

- Compressed private keys are not supported.
Latest commit 12537a2 Sep 24, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
doc Release SDK 7.0.0 Sep 24, 2018
epid Release SDK 7.0.0 Sep 24, 2018
example Release SDK 7.0.0 Sep 24, 2018
ext Release SDK 7.0.0 Sep 24, 2018
parts-site Release SDK 7.0.0 Sep 24, 2018
tools Release SDK 7.0.0 Sep 24, 2018
CHANGELOG.md Release SDK 7.0.0 Sep 24, 2018
LICENSE.txt Release SDK 6.0.0 Dec 7, 2017
Makefile.in Release SDK 7.0.0 Sep 24, 2018
NOTICE.txt Release SDK 7.0.0 Sep 24, 2018
README.md Release SDK 7.0.0 Sep 24, 2018
SConstruct Release SDK 7.0.0 Sep 24, 2018
configure Release SDK 7.0.0 Sep 24, 2018

README.md

Intel(R) EPID SDK

The Intel(R) Enhanced Privacy ID Software Development Kit

Intel(R) EPID SDK enables adding Intel(R) EPID support to applications and platforms.

Intel(R) EPID is a cryptographic protocol which enables the remote authentication of a trusted platform whilst preserving the user's privacy.

  • For a given public key there are many (e.g., millions) of private keys. The key holders form a group.

  • Any key holder may sign against the one public key.

  • No one can tell which private key signed the data. This is the privacy property.

You can use Intel(R) EPID as a foundational building block for a multitude of security solutions.

Prerequisites

What's New in This Release

See CHANGELOG.md.

Documentation

See doc/index.html to browse the html documentation.

License

See LICENSE.txt.

Math Primitives

The source code used for math primitives in the Intel(R) EPID SDK is a subset of the Intel(R) IPP Cryptography library (version 2018 Update 2) written in pure C and not optimized for performance. For higher performance, you can use the commercial version of the IPP Cryptography library, which is available at https://software.intel.com/articles/download-ipp-cryptography-libraries.

More information on the optimized versions of Intel(R) IPP Cryptography library, including mitigations for a potential side-channel issue are available at https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060&languageid=en-fr.