-
Notifications
You must be signed in to change notification settings - Fork 147
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change sim signing certs to use ECDSA #3480
Conversation
Current dependencies on/for this PR:
This comment was auto-generated by Graphite. |
Previously the sim signing certificates used RSA keys. Now they use ECDSA keys. Changing to ECDSA allows for re-use with DCAP data structures which happen to use ECDSA signatures.
f9a47b1
to
5446a86
Compare
Since I'm lacking a lot of context here, can you please elaborate on how these sim keys are going to be used in DCAP data structures? |
I changed description to say "quote signing" instead of the generic data structures. Normally we use the root CA provided by Intel to check a certificate chain created by the PCE (provisioning certificate enclave), this chain signs the quote generated by the QE (quoting enclave). In order to work in a simulated SGX environment we provide a fake certificate chain that creates and signs the DCAP quote, #3482. This PR is to update the certificates to use ECDSA so that all the sim logic in the DCAP quote is ECDSA signing. |
@nick-mobilecoin started a stack merge that includes this pull request via Graphite. |
@nick-mobilecoin merged this pull request with Graphite. |
Previously the sim signing certificates used RSA keys. Now they use
ECDSA keys. Changing to ECDSA allows for re-use with DCAP quote signing
which happen to use ECDSA signatures