Sample Issuer Material

Table of Contents

The Intel® EPID SDK does not include issuer APIs. That means you cannot generate the following items for validation:

  • Group public key, which corresponds to the issuing private key kept by the issuer
  • Member private keys
  • Signature based revocation list (SigRL)
  • Private key based revocation list (PrivRL)
  • Group based revocation list (GroupRL)

For validation purposes, you can use pre-generated sample data. This sample issuer material includes sample groups and revocation lists.

Sample compressed key material is not included in the package.

Sample Groups

Sample Group A

Group A (groupa) contains eight group members and sample revocation lists:


Members in Group A

Group Member Revocation Status
groupa/member0 Non-revoked
groupa/member1 Non-revoked
groupa/privrevokedmember0 Revoked in PrivRL
groupa/privrevokedmember1 Revoked in PrivRL
groupa/privrevokedmember2 Revoked in PrivRL
groupa/sigrevokedmember0 Revoked in SigRL
groupa/sigrevokedmember1 Revoked in SigRL
groupa/sigrevokedmember2 Revoked in SigRL


Revocation Lists for Group A

Description Directory Location Revoked Members
Private key based revocation list groupa/privrl.bin privrevokedmember0,
privrevokedmember1,
privrevokedmember2
Signature based revocation list groupa/sigrl.bin sigrevokedmember0,
sigrevokedmember1,
sigrevokedmember2
Empty private key based revocation list groupa/privrl_empty.bin None
Empty signature based revocation list groupa/sigrl_empty.bin None


Sample Group B

Group B (groupb) contains four group members and sample revocation lists:


Members in Group B

Group Member Revocation Status
groupb/member0 Non-revoked
groupb/member1 Non-revoked
groupb/privrevokedmember0 Revoked in PrivRL
groupb/sigrevokedmember0 Revoked in SigRL


Revocation Lists for Group B

Description Directory Location Revoked Members
Private key based revocation list groupb/privrl.bin privrevokedmember0
Signature based revocation list groupb/sigrl.bin sigrevokedmember0
Empty private key based revocation list groupb/privrl_empty.bin None
Empty signature based revocation list groupb/sigrl_empty.bin None

Group Based Revocation Lists

If an entire group is no longer valid, the issuer can revoke it using the group based revocation list. Two sample group based revocation lists are provided with the SDK.


Sample GrpRLs

Group Based Revocation List Description
grprl_empty.bin No entries
grprl.bin One entry in which groupb is revoked

Compressed Member Private Key

Sample Groups

Intel® EPID SDK supports use of compressed member private keys. The groups described here use compressed compressed member private keys but structuarlly corospond to groups described above.

Compressed Sample Group A

Group A (groupa) contains eight group members and sample revocation lists:


Members in Group A

Group Member Revocation Status
groupa/member0 Non-revoked
groupa/member1 Non-revoked
groupa/privrevokedmember0 Revoked in PrivRL
groupa/privrevokedmember1 Revoked in PrivRL
groupa/privrevokedmember2 Revoked in PrivRL
groupa/sigrevokedmember0 Revoked in SigRL
groupa/sigrevokedmember1 Revoked in SigRL
groupa/sigrevokedmember2 Revoked in SigRL


Revocation Lists for Group A

Description Directory Location Revoked Members
Private key based revocation list groupa/privrl.bin privrevokedmember0,
privrevokedmember1,
privrevokedmember2
Signature based revocation list groupa/sigrl.bin sigrevokedmember0,
sigrevokedmember1,
sigrevokedmember2
Empty private key based revocation list groupa/privrl_empty.bin None
Empty signature based revocation list groupa/sigrl_empty.bin None


Compressed Sample Group B

Group B (groupb) contains four group members and sample revocation lists:


Members in Group B

Group Member Revocation Status
groupb/member0 Non-revoked
groupb/member1 Non-revoked
groupb/privrevokedmember0 Revoked in PrivRL
groupb/sigrevokedmember0 Revoked in SigRL


Revocation Lists for Group B

Description Directory Location Revoked Members
Private key based revocation list groupb/privrl.bin privrevokedmember0
Signature based revocation list groupb/sigrl.bin sigrevokedmember0
Empty private key based revocation list groupb/privrl_empty.bin None
Empty signature based revocation list groupb/sigrl_empty.bin None

Compressed Group Based Revocation Lists

If an entire group is no longer valid, the issuer can revoke it using the group based revocation list. Two sample group based revocation lists are provided with the SDK.


Sample GrpRLs

Group Based Revocation List Description
grprl_empty.bin No entries
grprl.bin One entry in which groupb is revoked