linux-sgx-trts-modified/external/epid-sdk-3.0.0/doc/html/SignVerifyTutorial.html

<!-- HTML header for doxygen 1.8.10-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.8.11"/>
<title>Intel&reg; Enhanced Privacy ID SDK: Signing and Verification Tutorial</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="navtree.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="resize.js"></script>
<script type="text/javascript" src="navtreedata.js"></script>
<script type="text/javascript" src="navtree.js"></script>
<script type="text/javascript">
  $(document).ready(initResizable);
  $(window).load(resizeHeight);
</script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
<link href="epidstyle.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
 <tbody>
 <tr style="height: 56px;">
  <td id="projectalign" style="padding-left: 0.5em;">
   <div id="projectname"><a 
                            onclick="storeLink('index.html')"
                            id="projectlink" 
                            class="index.html" 
                            href="index.html">Intel&reg; Enhanced Privacy ID SDK</a>
&#160;<span id="projectnumber">3.0.0</span>
</div>
  </td>
 </tr>
 </tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.8.11 -->
</div><!-- top -->
<div id="side-nav" class="ui-resizable side-nav-resizable">
  <div id="nav-tree">
    <div id="nav-tree-contents">
      <div id="nav-sync" class="sync"></div>
    </div>
  </div>
  <div id="splitbar" style="-moz-user-select:none;" 
       class="ui-resizable-handle">
  </div>
</div>
<script type="text/javascript">
$(document).ready(function(){initNavTree('SignVerifyTutorial.html','');});
</script>
<div id="doc-content">
<div class="header">
  <div class="headertitle">
<div class="title">Signing and Verification Tutorial </div>  </div>
</div><!--header-->
<div class="contents">
<div class="toc"><h3>Table of Contents</h3>
<ul><li class="level1"><a href="#SignVerifyTutorial_Signmmsg">Creating an Intel&reg; EPID Signature of a Given Message</a></li>
<li class="level1"><a href="#SignVerifyTutorial_Verifysig">Verifying an Intel&reg; EPID Signature</a></li>
<li class="level1"><a href="#SignVerifyTutorial_Basename">Linking Intel&reg; EPID Signatures from the Same Member</a></li>
<li class="level1"><a href="#SignVerifyTutorial_VerificationFailures">Expected Failures</a></li>
<li class="level1"><a href="#SignVerifyTutorial_Revocation_Group">Revocation</a><ul><li class="level2"><a href="#SignVerifyTutorial_GroupRevocation">Detecting Revoked Group from Group Revocation List</a></li>
<li class="level2"><a href="#SignVerifyTutorial_KeyRevocation">Detecting Revoked Member from Private Key Based Revocation List</a></li>
<li class="level2"><a href="#SignVerifyTutorial_SigRevocation">Detecting Revoked Member from Signature Based Revocation List</a></li>
</ul>
</li>
</ul>
</div>
<div class="textblock"><p>The Intel&reg; EPID SDK provides example tools to show you how to use the Intel&reg; EPID SDK APIs. These examples are called <em>signmsg</em> and <em>verifysig</em>.</p>
<p>You can build these examples using the instructions in <a class="el" href="BuildingSdk.html">Building from Source</a>. The tutorial assumes <code>_install/epid-sdk/example</code> is the current directory.</p>
<p>All command lines in this tutorial use posix command line conventions; for other systems, adjust accordingly.</p>
<p>For the code used in this tutorial, refer to <a class="el" href="Examples.html">Walkthroughs of Examples Showing API Usage</a>.</p>
<dl class="section note"><dt>Note</dt><dd>The data for running this tutorial is pre-generated. Once the samples are built, the data is in the <code>_install/epid-sdk/example/data</code> directory. See <a class="el" href="IssuerMaterial.html">Sample Issuer Material</a>.</dd></dl>
<h1><a class="anchor" id="SignVerifyTutorial_Signmmsg"></a>
Creating an Intel® EPID Signature of a Given Message</h1>
<p>The example application <em>signmsg</em> shows you how to create an Intel&reg; EPID signature of a given message. </p><pre class="fragment">$ ./signmsg -h
Usage: signmsg [OPTION]...
Create Intel(R) EPID signature of message

Options:
  --sig=FILE
      write signature to FILE (default: sig.dat)

  --msg=MESSAGE
      MESSAGE to sign

  --bsn=BASENAME
      BASENAME to sign with (default: random)

  --sigrl=FILE
      load signature based revocation list from FILE

  --gpubkey=FILE
      load group public key from FILE (default: pubkey.bin)

  --mprivkey=FILE
      load member private key from FILE (default: mprivkey.dat)

  --mprecmpi=FILE
      load pre-computed member data from FILE

  --mprecmpo=FILE
      write pre-computed member data to FILE

  --capubkey=FILE
      load IoT Issuing CA public key from FILE (default: cacert.bin)

  --hashalg={SHA-256 | SHA-384 | SHA-512}
      use specified hash algorithm (default: SHA-512)

  -h, --help
      display this help and exit

  -v, --verbose
      print status messages to stdout
</pre><p>To sign a message, a group member in good standing uses the following command: </p><pre class="fragment">$ ./signmsg --msg="test0"
</pre><p>The above command signs a message "test0". <em>signmsg</em> uses default options for the group public key, member private key, hash algorithm and IoT Issuing CA public key. All other parameters that are not given are ignored. The command produces a signature file: <code>sig.dat</code></p>
<h1><a class="anchor" id="SignVerifyTutorial_Verifysig"></a>
Verifying an Intel® EPID Signature</h1>
<p>The example application <em>verifysig</em> shows you how to verify that a given Intel&reg; EPID signature is produced by a member in good standing. </p><pre class="fragment">$ ./verifysig -h
Usage: verifysig [OPTION]...
Verify signature was created by group member in good standing

Options:
  --sig=FILE
      load signature from FILE (default: sig.dat)

  --msg=MESSAGE
      MESSAGE that was signed (default: empty)

  --bsn=BASENAME
      BASENAME used in signature (default: random)

  --privrl=FILE
      load private key revocation list from FILE

  --sigrl=FILE
      load signature based revocation list from FILE

  --grprl=FILE
      load group revocation list from FILE
       (default: grprl.bin)

  --verifierrl=FILE
      load verifier revocation list from FILE

  --gpubkey=FILE
      load group public key from FILE (default: pubkey.bin)

  --vprecmpi=FILE
      load pre-computed verifier data from FILE

  --vprecmpo=FILE
      write pre-computed verifier data to FILE

  --capubkey=FILE
      load IoT Issuing CA public key from FILE
   (default: cacert.bin)

  --hashalg={SHA-256 | SHA-384 | SHA-512}
      use specified hash algorithm for 2.0 groups (default: SHA-512)

  -h, --help
  display this help and exit

  -v, --verbose
      print status messages to stdout
</pre><p>To verify that a signature is from a member in good standing, the verifier uses the following command: </p><pre class="fragment">$ ./verifysig --msg="test0"
signature verified successfully
</pre><p>This verifies that the default signature file <code>sig.dat</code> is generated for the message "test0" by a member in good standing. <em>verifysig</em> uses default inputs for group public key, hash algorithm and IoT Issuing CA public key. All other parameters are ignored. The output <code>verifysig: signature verified successfully</code> denotes that the verification is successful.</p>
<h1><a class="anchor" id="SignVerifyTutorial_Basename"></a>
Linking Intel® EPID Signatures from the Same Member</h1>
<p>A name based signature is created using the additional parameter of a basename. If the member uses the same basename, the verifier can mathematically link signatures generated by the member, showing that the signatures are from the same member.</p>
<p>To validate a signature with a basename, you need to use the same basename for signing and verification. The mechanism for ensuring that the member and verifier use the same basename is outside the scope of the SDK.</p>
<p>If a basename is not provided, then the member uses a random basename and the signature generated by the member is anonymous.</p>
<p>For more general information on why you might want to use a basename, refer to <a class="el" href="Basenames.html#name_based">Name Based Signatures</a>.</p>
<dl class="section warning"><dt>Warning</dt><dd>The use of a name-based signature creates a platform unique pseudonymous identifier. Because it reduces the member's privacy, the user should be notified when it is used and should have control over its use.</dd></dl>
<p>To sign message "test0" with a basename "base0": </p><pre class="fragment">$ ./signmsg --msg="test0" --bsn="base0"
</pre><p>To verify the signature: </p><pre class="fragment">$ ./verifysig --msg="test0" --bsn="base0"
verifysig: signature verified successfully
</pre><p>To validate a signature, you need to use the same message for signing and verification. The mechanism for ensuring that the member and verifier use the same message is outside the scope of the SDK.</p>
<p>Member and verifier must also use the same hash algorithm and basename, if applicable.</p>
<h1><a class="anchor" id="SignVerifyTutorial_VerificationFailures"></a>
Expected Failures</h1>
<p>The signature verification process fails if there is a parameter mismatch between sign and verify operations. Here are some examples.</p>
<p>Verification fails if there is a mismatch in the message: </p><pre class="fragment">$ ./signmsg --msg="test0"
$ ./verifysig --msg="test1"
verifysig: signature verification failed: invalid signature
</pre><p>Verification fails if there is a mismatch in the basename: </p><pre class="fragment">$ ./signmsg --msg="test0" --bsn="base0"
$ ./verifysig --msg="test0" --bsn="base1"
verifysig: signature verification failed: invalid signature
</pre><p>The Intel&reg; EPID SDK supports the following hash algorithms: SHA-256, SHA-384, SHA-512. The selected hash algorithm must be the same for both sign and verify. Mismatch in hash algorithm results in verification failure: </p><pre class="fragment">$ ./signmsg --msg="test0" --hashalg=SHA-256
$ ./verifysig --msg="test0" --hashalg=SHA-384
verifysig: signature verification failed: invalid signature
</pre><h1><a class="anchor" id="SignVerifyTutorial_Revocation_Group"></a>
Revocation</h1>
<p>Revocation lists are data structures used by the verifier to identify members that are no longer approved members of the group.</p>
<p>The verifier obtains the member private key based revocation list (PrivRL), signature based revocation list (SigRL), and group based revocation list (GroupRL) from the issuer. The verifier can also maintain its own verifier blacklist (VerifierRL).</p>
<h2><a class="anchor" id="SignVerifyTutorial_GroupRevocation"></a>
Detecting Revoked Group from Group Revocation List</h2>
<p>Verification of a signature fails if it is generated by a member of a group that is revoked in the group revocation list.</p>
<p>For example, </p><pre class="fragment">$ ./signmsg --msg="test0" --gpubkey=data/groupb/pubkey.bin --mprivkey=data/groupb/member0/mprivkey.dat
$ ./verifysig --msg="test0" --grprl=data/grprl.bin --gpubkey=data/groupb/pubkey.bin
verifysig: signature verification failed: signature revoked in GroupRl
</pre><p>The verification fails because <b>groupb</b> is revoked and is an entry in the group revocation list (<code>grprl.bin</code>).</p>
<h2><a class="anchor" id="SignVerifyTutorial_KeyRevocation"></a>
Detecting Revoked Member from Private Key Based Revocation List</h2>
<p>Verification of a signature fails if it is generated by a member whose private key is revoked in a private-key based revocation list.</p>
<p>For example, </p><pre class="fragment">$ ./signmsg --msg=test0 --gpubkey=data/groupa/pubkey.bin --mprivkey=data/groupa/privrevokedmember0/mprivkey.dat
$ ./verifysig --msg=test0 --privrl=data/groupa/privrl.bin --gpubkey=data/groupa/pubkey.bin
verifysig: signature verification failed: signature revoked in PrivRl
</pre><p>The verification fails because the private key of <b>privrevokedmember0</b> is revoked and is an entry in the private key based revocation list of <b>groupa</b> (<code>privrl.bin</code>).</p>
<h2><a class="anchor" id="SignVerifyTutorial_SigRevocation"></a>
Detecting Revoked Member from Signature Based Revocation List</h2>
<p>Verification of a signature fails if it is generated by a member whose signature is revoked in a signature based revocation list. </p><pre class="fragment">$ ./signmsg --msg="test1" --sigrl=data/groupa/sigrl.bin --gpubkey=data/groupa/pubkey.bin --mprivkey=data/groupa/sigrevokedmember0/mprivkey.dat
signmsg: signature revoked in SigRL
$ ./verifysig --msg="test1" --sigrl=data/groupa/sigrl.bin --gpubkey=data/groupa/pubkey.bin
verifysig: signature verification failed: signature revoked in SigRl
</pre><p>The message "test1" is signed by <em>signmsg</em> with a warning <code>signmsg: signature revoked in SigRL</code>. This means that the signature of <b>sigrevokedmember0</b> is revoked in the signature based revocation list. The verification fails because the signature was generated by <b>sigrevokedmember0</b>, which is revoked and is an entry in the signature based revocation list of <b>groupa</b> (<code>sigrl.bin</code>). </p>
</div></div><!-- contents -->
</div><!-- doc-content -->
<!-- HTML footer for doxygen 1.8.10-->
<!-- start footer part -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
  <ul>
    <li class="footer">
      &copy; 2016 Intel Corporation
    </li>
  </ul>
</div>
</body>
</html>