SignVerifyTutorial.html 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239
  1. <!-- HTML header for doxygen 1.8.10-->
  2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  3. <html xmlns="http://www.w3.org/1999/xhtml">
  4. <head>
  5. <meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
  6. <meta http-equiv="X-UA-Compatible" content="IE=9"/>
  7. <meta name="generator" content="Doxygen 1.8.11"/>
  8. <title>Intel&reg; Enhanced Privacy ID SDK: Signing and Verification Tutorial</title>
  9. <link href="tabs.css" rel="stylesheet" type="text/css"/>
  10. <script type="text/javascript" src="jquery.js"></script>
  11. <script type="text/javascript" src="dynsections.js"></script>
  12. <link href="navtree.css" rel="stylesheet" type="text/css"/>
  13. <script type="text/javascript" src="resize.js"></script>
  14. <script type="text/javascript" src="navtreedata.js"></script>
  15. <script type="text/javascript" src="navtree.js"></script>
  16. <script type="text/javascript">
  17. $(document).ready(initResizable);
  18. $(window).load(resizeHeight);
  19. </script>
  20. <link href="doxygen.css" rel="stylesheet" type="text/css" />
  21. <link href="epidstyle.css" rel="stylesheet" type="text/css"/>
  22. </head>
  23. <body>
  24. <div id="top"><!-- do not remove this div, it is closed by doxygen! -->
  25. <div id="titlearea">
  26. <table cellspacing="0" cellpadding="0">
  27. <tbody>
  28. <tr style="height: 56px;">
  29. <td id="projectalign" style="padding-left: 0.5em;">
  30. <div id="projectname"><a
  31. onclick="storeLink('index.html')"
  32. id="projectlink"
  33. class="index.html"
  34. href="index.html">Intel&reg; Enhanced Privacy ID SDK</a>
  35. &#160;<span id="projectnumber">3.0.0</span>
  36. </div>
  37. </td>
  38. </tr>
  39. </tbody>
  40. </table>
  41. </div>
  42. <!-- end header part -->
  43. <!-- Generated by Doxygen 1.8.11 -->
  44. </div><!-- top -->
  45. <div id="side-nav" class="ui-resizable side-nav-resizable">
  46. <div id="nav-tree">
  47. <div id="nav-tree-contents">
  48. <div id="nav-sync" class="sync"></div>
  49. </div>
  50. </div>
  51. <div id="splitbar" style="-moz-user-select:none;"
  52. class="ui-resizable-handle">
  53. </div>
  54. </div>
  55. <script type="text/javascript">
  56. $(document).ready(function(){initNavTree('SignVerifyTutorial.html','');});
  57. </script>
  58. <div id="doc-content">
  59. <div class="header">
  60. <div class="headertitle">
  61. <div class="title">Signing and Verification Tutorial </div> </div>
  62. </div><!--header-->
  63. <div class="contents">
  64. <div class="toc"><h3>Table of Contents</h3>
  65. <ul><li class="level1"><a href="#SignVerifyTutorial_Signmmsg">Creating an Intel&reg; EPID Signature of a Given Message</a></li>
  66. <li class="level1"><a href="#SignVerifyTutorial_Verifysig">Verifying an Intel&reg; EPID Signature</a></li>
  67. <li class="level1"><a href="#SignVerifyTutorial_Basename">Linking Intel&reg; EPID Signatures from the Same Member</a></li>
  68. <li class="level1"><a href="#SignVerifyTutorial_VerificationFailures">Expected Failures</a></li>
  69. <li class="level1"><a href="#SignVerifyTutorial_Revocation_Group">Revocation</a><ul><li class="level2"><a href="#SignVerifyTutorial_GroupRevocation">Detecting Revoked Group from Group Revocation List</a></li>
  70. <li class="level2"><a href="#SignVerifyTutorial_KeyRevocation">Detecting Revoked Member from Private Key Based Revocation List</a></li>
  71. <li class="level2"><a href="#SignVerifyTutorial_SigRevocation">Detecting Revoked Member from Signature Based Revocation List</a></li>
  72. </ul>
  73. </li>
  74. </ul>
  75. </div>
  76. <div class="textblock"><p>The Intel&reg; EPID SDK provides example tools to show you how to use the Intel&reg; EPID SDK APIs. These examples are called <em>signmsg</em> and <em>verifysig</em>.</p>
  77. <p>You can build these examples using the instructions in <a class="el" href="BuildingSdk.html">Building from Source</a>. The tutorial assumes <code>_install/epid-sdk/example</code> is the current directory.</p>
  78. <p>All command lines in this tutorial use posix command line conventions; for other systems, adjust accordingly.</p>
  79. <p>For the code used in this tutorial, refer to <a class="el" href="Examples.html">Walkthroughs of Examples Showing API Usage</a>.</p>
  80. <dl class="section note"><dt>Note</dt><dd>The data for running this tutorial is pre-generated. Once the samples are built, the data is in the <code>_install/epid-sdk/example/data</code> directory. See <a class="el" href="IssuerMaterial.html">Sample Issuer Material</a>.</dd></dl>
  81. <h1><a class="anchor" id="SignVerifyTutorial_Signmmsg"></a>
  82. Creating an Intel® EPID Signature of a Given Message</h1>
  83. <p>The example application <em>signmsg</em> shows you how to create an Intel&reg; EPID signature of a given message. </p><pre class="fragment">$ ./signmsg -h
  84. Usage: signmsg [OPTION]...
  85. Create Intel(R) EPID signature of message
  86. Options:
  87. --sig=FILE
  88. write signature to FILE (default: sig.dat)
  89. --msg=MESSAGE
  90. MESSAGE to sign
  91. --bsn=BASENAME
  92. BASENAME to sign with (default: random)
  93. --sigrl=FILE
  94. load signature based revocation list from FILE
  95. --gpubkey=FILE
  96. load group public key from FILE (default: pubkey.bin)
  97. --mprivkey=FILE
  98. load member private key from FILE (default: mprivkey.dat)
  99. --mprecmpi=FILE
  100. load pre-computed member data from FILE
  101. --mprecmpo=FILE
  102. write pre-computed member data to FILE
  103. --capubkey=FILE
  104. load IoT Issuing CA public key from FILE (default: cacert.bin)
  105. --hashalg={SHA-256 | SHA-384 | SHA-512}
  106. use specified hash algorithm (default: SHA-512)
  107. -h, --help
  108. display this help and exit
  109. -v, --verbose
  110. print status messages to stdout
  111. </pre><p>To sign a message, a group member in good standing uses the following command: </p><pre class="fragment">$ ./signmsg --msg="test0"
  112. </pre><p>The above command signs a message "test0". <em>signmsg</em> uses default options for the group public key, member private key, hash algorithm and IoT Issuing CA public key. All other parameters that are not given are ignored. The command produces a signature file: <code>sig.dat</code></p>
  113. <h1><a class="anchor" id="SignVerifyTutorial_Verifysig"></a>
  114. Verifying an Intel® EPID Signature</h1>
  115. <p>The example application <em>verifysig</em> shows you how to verify that a given Intel&reg; EPID signature is produced by a member in good standing. </p><pre class="fragment">$ ./verifysig -h
  116. Usage: verifysig [OPTION]...
  117. Verify signature was created by group member in good standing
  118. Options:
  119. --sig=FILE
  120. load signature from FILE (default: sig.dat)
  121. --msg=MESSAGE
  122. MESSAGE that was signed (default: empty)
  123. --bsn=BASENAME
  124. BASENAME used in signature (default: random)
  125. --privrl=FILE
  126. load private key revocation list from FILE
  127. --sigrl=FILE
  128. load signature based revocation list from FILE
  129. --grprl=FILE
  130. load group revocation list from FILE
  131. (default: grprl.bin)
  132. --verifierrl=FILE
  133. load verifier revocation list from FILE
  134. --gpubkey=FILE
  135. load group public key from FILE (default: pubkey.bin)
  136. --vprecmpi=FILE
  137. load pre-computed verifier data from FILE
  138. --vprecmpo=FILE
  139. write pre-computed verifier data to FILE
  140. --capubkey=FILE
  141. load IoT Issuing CA public key from FILE
  142. (default: cacert.bin)
  143. --hashalg={SHA-256 | SHA-384 | SHA-512}
  144. use specified hash algorithm for 2.0 groups (default: SHA-512)
  145. -h, --help
  146. display this help and exit
  147. -v, --verbose
  148. print status messages to stdout
  149. </pre><p>To verify that a signature is from a member in good standing, the verifier uses the following command: </p><pre class="fragment">$ ./verifysig --msg="test0"
  150. signature verified successfully
  151. </pre><p>This verifies that the default signature file <code>sig.dat</code> is generated for the message "test0" by a member in good standing. <em>verifysig</em> uses default inputs for group public key, hash algorithm and IoT Issuing CA public key. All other parameters are ignored. The output <code>verifysig: signature verified successfully</code> denotes that the verification is successful.</p>
  152. <h1><a class="anchor" id="SignVerifyTutorial_Basename"></a>
  153. Linking Intel® EPID Signatures from the Same Member</h1>
  154. <p>A name based signature is created using the additional parameter of a basename. If the member uses the same basename, the verifier can mathematically link signatures generated by the member, showing that the signatures are from the same member.</p>
  155. <p>To validate a signature with a basename, you need to use the same basename for signing and verification. The mechanism for ensuring that the member and verifier use the same basename is outside the scope of the SDK.</p>
  156. <p>If a basename is not provided, then the member uses a random basename and the signature generated by the member is anonymous.</p>
  157. <p>For more general information on why you might want to use a basename, refer to <a class="el" href="Basenames.html#name_based">Name Based Signatures</a>.</p>
  158. <dl class="section warning"><dt>Warning</dt><dd>The use of a name-based signature creates a platform unique pseudonymous identifier. Because it reduces the member's privacy, the user should be notified when it is used and should have control over its use.</dd></dl>
  159. <p>To sign message "test0" with a basename "base0": </p><pre class="fragment">$ ./signmsg --msg="test0" --bsn="base0"
  160. </pre><p>To verify the signature: </p><pre class="fragment">$ ./verifysig --msg="test0" --bsn="base0"
  161. verifysig: signature verified successfully
  162. </pre><p>To validate a signature, you need to use the same message for signing and verification. The mechanism for ensuring that the member and verifier use the same message is outside the scope of the SDK.</p>
  163. <p>Member and verifier must also use the same hash algorithm and basename, if applicable.</p>
  164. <h1><a class="anchor" id="SignVerifyTutorial_VerificationFailures"></a>
  165. Expected Failures</h1>
  166. <p>The signature verification process fails if there is a parameter mismatch between sign and verify operations. Here are some examples.</p>
  167. <p>Verification fails if there is a mismatch in the message: </p><pre class="fragment">$ ./signmsg --msg="test0"
  168. $ ./verifysig --msg="test1"
  169. verifysig: signature verification failed: invalid signature
  170. </pre><p>Verification fails if there is a mismatch in the basename: </p><pre class="fragment">$ ./signmsg --msg="test0" --bsn="base0"
  171. $ ./verifysig --msg="test0" --bsn="base1"
  172. verifysig: signature verification failed: invalid signature
  173. </pre><p>The Intel&reg; EPID SDK supports the following hash algorithms: SHA-256, SHA-384, SHA-512. The selected hash algorithm must be the same for both sign and verify. Mismatch in hash algorithm results in verification failure: </p><pre class="fragment">$ ./signmsg --msg="test0" --hashalg=SHA-256
  174. $ ./verifysig --msg="test0" --hashalg=SHA-384
  175. verifysig: signature verification failed: invalid signature
  176. </pre><h1><a class="anchor" id="SignVerifyTutorial_Revocation_Group"></a>
  177. Revocation</h1>
  178. <p>Revocation lists are data structures used by the verifier to identify members that are no longer approved members of the group.</p>
  179. <p>The verifier obtains the member private key based revocation list (PrivRL), signature based revocation list (SigRL), and group based revocation list (GroupRL) from the issuer. The verifier can also maintain its own verifier blacklist (VerifierRL).</p>
  180. <h2><a class="anchor" id="SignVerifyTutorial_GroupRevocation"></a>
  181. Detecting Revoked Group from Group Revocation List</h2>
  182. <p>Verification of a signature fails if it is generated by a member of a group that is revoked in the group revocation list.</p>
  183. <p>For example, </p><pre class="fragment">$ ./signmsg --msg="test0" --gpubkey=data/groupb/pubkey.bin --mprivkey=data/groupb/member0/mprivkey.dat
  184. $ ./verifysig --msg="test0" --grprl=data/grprl.bin --gpubkey=data/groupb/pubkey.bin
  185. verifysig: signature verification failed: signature revoked in GroupRl
  186. </pre><p>The verification fails because <b>groupb</b> is revoked and is an entry in the group revocation list (<code>grprl.bin</code>).</p>
  187. <h2><a class="anchor" id="SignVerifyTutorial_KeyRevocation"></a>
  188. Detecting Revoked Member from Private Key Based Revocation List</h2>
  189. <p>Verification of a signature fails if it is generated by a member whose private key is revoked in a private-key based revocation list.</p>
  190. <p>For example, </p><pre class="fragment">$ ./signmsg --msg=test0 --gpubkey=data/groupa/pubkey.bin --mprivkey=data/groupa/privrevokedmember0/mprivkey.dat
  191. $ ./verifysig --msg=test0 --privrl=data/groupa/privrl.bin --gpubkey=data/groupa/pubkey.bin
  192. verifysig: signature verification failed: signature revoked in PrivRl
  193. </pre><p>The verification fails because the private key of <b>privrevokedmember0</b> is revoked and is an entry in the private key based revocation list of <b>groupa</b> (<code>privrl.bin</code>).</p>
  194. <h2><a class="anchor" id="SignVerifyTutorial_SigRevocation"></a>
  195. Detecting Revoked Member from Signature Based Revocation List</h2>
  196. <p>Verification of a signature fails if it is generated by a member whose signature is revoked in a signature based revocation list. </p><pre class="fragment">$ ./signmsg --msg="test1" --sigrl=data/groupa/sigrl.bin --gpubkey=data/groupa/pubkey.bin --mprivkey=data/groupa/sigrevokedmember0/mprivkey.dat
  197. signmsg: signature revoked in SigRL
  198. $ ./verifysig --msg="test1" --sigrl=data/groupa/sigrl.bin --gpubkey=data/groupa/pubkey.bin
  199. verifysig: signature verification failed: signature revoked in SigRl
  200. </pre><p>The message "test1" is signed by <em>signmsg</em> with a warning <code>signmsg: signature revoked in SigRL</code>. This means that the signature of <b>sigrevokedmember0</b> is revoked in the signature based revocation list. The verification fails because the signature was generated by <b>sigrevokedmember0</b>, which is revoked and is an entry in the signature based revocation list of <b>groupa</b> (<code>sigrl.bin</code>). </p>
  201. </div></div><!-- contents -->
  202. </div><!-- doc-content -->
  203. <!-- HTML footer for doxygen 1.8.10-->
  204. <!-- start footer part -->
  205. <div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
  206. <ul>
  207. <li class="footer">
  208. &copy; 2016 Intel Corporation
  209. </li>
  210. </ul>
  211. </div>
  212. </body>
  213. </html>