Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change sim signing certs to use ECDSA #3480

Merged
merged 1 commit into from
Aug 8, 2023
Merged

Change sim signing certs to use ECDSA #3480

merged 1 commit into from
Aug 8, 2023

Conversation

nick-mobilecoin
Copy link
Collaborator

@nick-mobilecoin nick-mobilecoin commented Aug 7, 2023
edited
Loading

Previously the sim signing certificates used RSA keys. Now they use
ECDSA keys. Changing to ECDSA allows for re-use with DCAP quote signing
which happen to use ECDSA signatures

@nick-mobilecoin
Copy link
Collaborator Author

nick-mobilecoin commented Aug 7, 2023
edited
Loading

Current dependencies on/for this PR:

This comment was auto-generated by Graphite.

@nick-mobilecoin
Change sim signing certs to use ECDSA
5446a86 
Previously the sim signing certificates used RSA keys. Now they use
ECDSA keys. Changing to ECDSA allows for re-use with DCAP data
structures which happen to use ECDSA signatures.
@nick-mobilecoin nick-mobilecoin marked this pull request as ready for review August 7, 2023 21:38
This was referenced Aug 8, 2023
Merged
Merged
@eranrund
Copy link
Contributor

eranrund commented Aug 8, 2023

Since I'm lacking a lot of context here, can you please elaborate on how these sim keys are going to be used in DCAP data structures?

@nick-mobilecoin
Copy link
Collaborator Author

Since I'm lacking a lot of context here, can you please elaborate on how these sim keys are going to be used in DCAP data structures?

I changed description to say "quote signing" instead of the generic data structures.

Normally we use the root CA provided by Intel to check a certificate chain created by the PCE (provisioning certificate enclave), this chain signs the quote generated by the QE (quoting enclave).
These enclaves are built and signed by Intel and only work on actual SGX hardware. These certificate chains use ECDSA some other signatures inside the DCAP quote also use EDCDSA.

In order to work in a simulated SGX environment we provide a fake certificate chain that creates and signs the DCAP quote, #3482. This PR is to update the certificates to use ECDSA so that all the sim logic in the DCAP quote is ECDSA signing.

@nick-mobilecoin
Copy link
Collaborator Author

@nick-mobilecoin started a stack merge that includes this pull request via Graphite.

@nick-mobilecoin nick-mobilecoin merged commit b0dcf56 into master Aug 8, 2023
20 checks passed
@nick-mobilecoin
Copy link
Collaborator Author

@nick-mobilecoin merged this pull request with Graphite.

@nick-mobilecoin nick-mobilecoin deleted the nick/ecdsa-sim-certs branch August 8, 2023 20:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eranrund eranrund eranrund approved these changes

@dolanbernard dolanbernard Awaiting requested review from dolanbernard

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@nick-mobilecoin @eranrund