miti
/
linux-sgx-trts-modified


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293
							<!-- HTML header for doxygen 1.8.10-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.8.11"/>
<title>Intel&reg; Enhanced Privacy ID SDK: Sample Issuer Material</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="navtree.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="resize.js"></script>
<script type="text/javascript" src="navtreedata.js"></script>
<script type="text/javascript" src="navtree.js"></script>
<script type="text/javascript">
  $(document).ready(initResizable);
  $(window).load(resizeHeight);
</script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
<link href="epidstyle.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
 <tbody>
 <tr style="height: 56px;">
  <td id="projectalign" style="padding-left: 0.5em;">
   <div id="projectname"><a 
                            onclick="storeLink('index.html')"
                            id="projectlink" 
                            class="index.html" 
                            href="index.html">Intel&reg; Enhanced Privacy ID SDK</a>
&#160;<span id="projectnumber">3.0.0</span>
</div>
  </td>
 </tr>
 </tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.8.11 -->
</div><!-- top -->
<div id="side-nav" class="ui-resizable side-nav-resizable">
  <div id="nav-tree">
    <div id="nav-tree-contents">
      <div id="nav-sync" class="sync"></div>
    </div>
  </div>
  <div id="splitbar" style="-moz-user-select:none;" 
       class="ui-resizable-handle">
  </div>
</div>
<script type="text/javascript">
$(document).ready(function(){initNavTree('IssuerMaterial.html','');});
</script>
<div id="doc-content">
<div class="header">
  <div class="headertitle">
<div class="title">Sample Issuer Material </div>  </div>
</div><!--header-->
<div class="contents">
<div class="toc"><h3>Table of Contents</h3>
<ul><li class="level1"><a href="#IssuerMaterial_Groups">Sample Groups</a><ul><li class="level2"><a href="#IssuerMaterial_Groups_groupa">Sample Group A</a></li>
<li class="level2"><a href="#IssuerMaterial_Groups_groupb">Sample Group B</a></li>
</ul>
</li>
<li class="level1"><a href="#IssuerMaterial_GroupRls">Group Based Revocation Lists</a></li>
<li class="level1"><a href="#IssuerMaterial_CmpGroups">Compressed Member Private Key</a><ul><li class="level2"><a href="#IssuerMaterial_CmpGroups_groupa">Compressed Sample Group A</a></li>
<li class="level2"><a href="#IssuerMaterial_CmpGroups_groupb">Compressed Sample Group B</a></li>
</ul>
</li>
<li class="level1"><a href="#IssuerMaterial_CmpGroupRls">Compressed Group Based Revocation Lists</a></li>
</ul>
</div>
<div class="textblock"><p>The Intel&reg; EPID SDK does not include issuer APIs. That means you cannot generate the following items for validation:</p>
<ul>
<li>Group public key, which corresponds to the issuing private key kept by the issuer</li>
<li>Member private keys</li>
<li>Signature based revocation list (SigRL)</li>
<li>Private key based revocation list (PrivRL)</li>
<li>Group based revocation list (GroupRL)</li>
</ul>
<p>For validation purposes, you can use pre-generated sample data. This sample issuer material includes sample groups and revocation lists.</p>
<p>Sample compressed key material is not included in the package.</p>
<h1><a class="anchor" id="IssuerMaterial_Groups"></a>
Sample Groups</h1>
<h2><a class="anchor" id="IssuerMaterial_Groups_groupa"></a>
Sample Group A</h2>
<p>Group A (<code>groupa</code>) contains eight group members and sample revocation lists:</p>
<p><br />
</p>
<h3>Members in Group A</h3>
<table class="doxtable">
<tr>
<th>Group Member </th><th>Revocation Status  </th></tr>
<tr>
<td>groupa/member0 </td><td>Non-revoked </td></tr>
<tr>
<td>groupa/member1 </td><td>Non-revoked </td></tr>
<tr>
<td>groupa/privrevokedmember0 </td><td>Revoked in PrivRL </td></tr>
<tr>
<td>groupa/privrevokedmember1 </td><td>Revoked in PrivRL </td></tr>
<tr>
<td>groupa/privrevokedmember2 </td><td>Revoked in PrivRL </td></tr>
<tr>
<td>groupa/sigrevokedmember0 </td><td>Revoked in SigRL </td></tr>
<tr>
<td>groupa/sigrevokedmember1 </td><td>Revoked in SigRL </td></tr>
<tr>
<td>groupa/sigrevokedmember2 </td><td>Revoked in SigRL </td></tr>
</table>
<p><br />
</p>
<h3>Revocation Lists for Group A</h3>
<table class="doxtable">
<tr>
<th>Description </th><th>Directory Location </th><th>Revoked Members  </th></tr>
<tr>
<td>Private key based revocation list </td><td><code>groupa/privrl.bin</code> </td><td>privrevokedmember0, <br />
 privrevokedmember1, <br />
 privrevokedmember2 </td></tr>
<tr>
<td>Signature based revocation list </td><td><code>groupa/sigrl.bin</code> </td><td>sigrevokedmember0, <br />
 sigrevokedmember1, <br />
 sigrevokedmember2 </td></tr>
<tr>
<td>Empty private key based revocation list </td><td><code>groupa/privrl_empty.bin</code> </td><td>None </td></tr>
<tr>
<td>Empty signature based revocation list </td><td><code>groupa/sigrl_empty.bin</code> </td><td>None </td></tr>
</table>
<p><br />
</p>
<h2><a class="anchor" id="IssuerMaterial_Groups_groupb"></a>
Sample Group B</h2>
<p>Group B (<code>groupb</code>) contains four group members and sample revocation lists:</p>
<p><br />
</p>
<h3>Members in Group B</h3>
<table class="doxtable">
<tr>
<th>Group Member </th><th>Revocation Status  </th></tr>
<tr>
<td>groupb/member0 </td><td>Non-revoked </td></tr>
<tr>
<td>groupb/member1 </td><td>Non-revoked </td></tr>
<tr>
<td>groupb/privrevokedmember0 </td><td>Revoked in PrivRL </td></tr>
<tr>
<td>groupb/sigrevokedmember0 </td><td>Revoked in SigRL </td></tr>
</table>
<p><br />
</p>
<h3>Revocation Lists for Group B</h3>
<table class="doxtable">
<tr>
<th>Description </th><th>Directory Location </th><th>Revoked Members  </th></tr>
<tr>
<td>Private key based revocation list </td><td><code>groupb/privrl.bin</code> </td><td>privrevokedmember0 </td></tr>
<tr>
<td>Signature based revocation list </td><td><code>groupb/sigrl.bin</code> </td><td>sigrevokedmember0 </td></tr>
<tr>
<td>Empty private key based revocation list </td><td><code>groupb/privrl_empty.bin</code> </td><td>None </td></tr>
<tr>
<td>Empty signature based revocation list </td><td><code>groupb/sigrl_empty.bin</code> </td><td>None </td></tr>
</table>
<h1><a class="anchor" id="IssuerMaterial_GroupRls"></a>
Group Based Revocation Lists</h1>
<p>If an entire group is no longer valid, the issuer can revoke it using the group based revocation list. Two sample group based revocation lists are provided with the SDK.</p>
<p><br />
</p>
<h3>Sample GrpRLs</h3>
<table class="doxtable">
<tr>
<th>Group Based Revocation List </th><th>Description  </th></tr>
<tr>
<td><code>grprl_empty.bin</code> </td><td>No entries </td></tr>
<tr>
<td><code>grprl.bin</code> </td><td>One entry in which <code>groupb</code> is revoked </td></tr>
</table>
<h1><a class="anchor" id="IssuerMaterial_CmpGroups"></a>
Compressed Member Private Key</h1>
<p>Sample Groups</p>
<p>Intel&reg; EPID SDK supports use of compressed member private keys. The groups described here use compressed compressed member private keys but structuarlly corospond to groups described above.</p>
<h2><a class="anchor" id="IssuerMaterial_CmpGroups_groupa"></a>
Compressed Sample Group A</h2>
<p>Group A (<code>groupa</code>) contains eight group members and sample revocation lists:</p>
<p><br />
</p>
<h3>Members in Group A</h3>
<table class="doxtable">
<tr>
<th>Group Member </th><th>Revocation Status  </th></tr>
<tr>
<td>groupa/member0 </td><td>Non-revoked </td></tr>
<tr>
<td>groupa/member1 </td><td>Non-revoked </td></tr>
<tr>
<td>groupa/privrevokedmember0 </td><td>Revoked in PrivRL </td></tr>
<tr>
<td>groupa/privrevokedmember1 </td><td>Revoked in PrivRL </td></tr>
<tr>
<td>groupa/privrevokedmember2 </td><td>Revoked in PrivRL </td></tr>
<tr>
<td>groupa/sigrevokedmember0 </td><td>Revoked in SigRL </td></tr>
<tr>
<td>groupa/sigrevokedmember1 </td><td>Revoked in SigRL </td></tr>
<tr>
<td>groupa/sigrevokedmember2 </td><td>Revoked in SigRL </td></tr>
</table>
<p><br />
</p>
<h3>Revocation Lists for Group A</h3>
<table class="doxtable">
<tr>
<th>Description </th><th>Directory Location </th><th>Revoked Members  </th></tr>
<tr>
<td>Private key based revocation list </td><td><code>groupa/privrl.bin</code> </td><td>privrevokedmember0, <br />
 privrevokedmember1, <br />
 privrevokedmember2 </td></tr>
<tr>
<td>Signature based revocation list </td><td><code>groupa/sigrl.bin</code> </td><td>sigrevokedmember0, <br />
 sigrevokedmember1, <br />
 sigrevokedmember2 </td></tr>
<tr>
<td>Empty private key based revocation list </td><td><code>groupa/privrl_empty.bin</code> </td><td>None </td></tr>
<tr>
<td>Empty signature based revocation list </td><td><code>groupa/sigrl_empty.bin</code> </td><td>None </td></tr>
</table>
<p><br />
</p>
<h2><a class="anchor" id="IssuerMaterial_CmpGroups_groupb"></a>
Compressed Sample Group B</h2>
<p>Group B (<code>groupb</code>) contains four group members and sample revocation lists:</p>
<p><br />
</p>
<h3>Members in Group B</h3>
<table class="doxtable">
<tr>
<th>Group Member </th><th>Revocation Status  </th></tr>
<tr>
<td>groupb/member0 </td><td>Non-revoked </td></tr>
<tr>
<td>groupb/member1 </td><td>Non-revoked </td></tr>
<tr>
<td>groupb/privrevokedmember0 </td><td>Revoked in PrivRL </td></tr>
<tr>
<td>groupb/sigrevokedmember0 </td><td>Revoked in SigRL </td></tr>
</table>
<p><br />
</p>
<h3>Revocation Lists for Group B</h3>
<table class="doxtable">
<tr>
<th>Description </th><th>Directory Location </th><th>Revoked Members  </th></tr>
<tr>
<td>Private key based revocation list </td><td><code>groupb/privrl.bin</code> </td><td>privrevokedmember0 </td></tr>
<tr>
<td>Signature based revocation list </td><td><code>groupb/sigrl.bin</code> </td><td>sigrevokedmember0 </td></tr>
<tr>
<td>Empty private key based revocation list </td><td><code>groupb/privrl_empty.bin</code> </td><td>None </td></tr>
<tr>
<td>Empty signature based revocation list </td><td><code>groupb/sigrl_empty.bin</code> </td><td>None </td></tr>
</table>
<h1><a class="anchor" id="IssuerMaterial_CmpGroupRls"></a>
Compressed Group Based Revocation Lists</h1>
<p>If an entire group is no longer valid, the issuer can revoke it using the group based revocation list. Two sample group based revocation lists are provided with the SDK.</p>
<p><br />
</p>
<h3>Sample GrpRLs</h3>
<table class="doxtable">
<tr>
<th>Group Based Revocation List </th><th>Description  </th></tr>
<tr>
<td><code>grprl_empty.bin</code> </td><td>No entries </td></tr>
<tr>
<td><code>grprl.bin</code> </td><td>One entry in which <code>groupb</code> is revoked </td></tr>
</table>
</div></div><!-- contents -->
</div><!-- doc-content -->
<!-- HTML footer for doxygen 1.8.10-->
<!-- start footer part -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
  <ul>
    <li class="footer">
      &copy; 2016 Intel Corporation
    </li>
  </ul>
</div>
</body>
</html>