Generate Hash

Generating hash is the first step in the 2-Steps signing process.To generate hash, use the following steps:

1. Right-click on project root, go to Software Guard Extensions Tools menu → Two StepSigne Enclave → Generate Hash

   

   Two StepSigne Enclave - Generate Hash

2. In the Generate Hash dialog, enter the required inputs to the corresponding fields:
   • Enter the path to the compiled enclave to be signed in the Enclave Path field. Click Select Enclave to open a file dialog to select the enclave.
   • In the Hash File Location field , enter the path of the output file that will contain signing materials. By default this file has the same file name as the unsigned enclave, with .hex extension added. To change the path, click Select File Path to open a file dialog to select the file path.
   • In the Configuration File path field, enter the path of the configuration filefor the generated hash. Click Select Config to open a dialog to select from all enclave configuration files in the project (similar with the one of the command Update Config).

3. Click OK after you fill in all the fields. The Intel(R) SGX SDK is launched under the hood with the provided parameters and the hash file is generated. A dialog box appears to confirm the completion:

   

   Generating Hash Completion Dialog

You complete the first step, generating hash, in the two step signing enclave. The *.hex file may be signed with the external facility, which generates a signature for it and a public verification key.

If you click OK, the Generate Signed Enclave dialog appears. The required fileds in this dialog have been pre-configured with the paths of the unsigned enclave, the configuration file and of the *.hex file. To generated the final signed enclave ready for production immediately, click OK.

Generate Signed Enclave Dialog with Pre-configurations

If you click Cancel in the Generate Signed Enclave dialog, you can continue the signing process later using the Generate Signed Enclave command.