linux-sgx-trts-modified/external/epid/doc/html/SignVerifyTutorial.html

<!-- HTML header for doxygen 1.8.10-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.8.11"/>
<title>Intel&reg; Enhanced Privacy ID SDK: Signing and Verification Tutorial</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="navtree.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="resize.js"></script>
<script type="text/javascript" src="navtreedata.js"></script>
<script type="text/javascript" src="navtree.js"></script>
<script type="text/javascript">
  $(document).ready(initResizable);
  $(window).load(resizeHeight);
</script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
<link href="epidstyle.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
 <tbody>
 <tr style="height: 56px;">
  <td id="projectalign" style="padding-left: 0.5em;">
   <div id="projectname"><a 
                            onclick="storeLink('index.html')"
                            id="projectlink" 
                            class="index.html" 
                            href="index.html">Intel&reg; Enhanced Privacy ID SDK</a>
&#160;<span id="projectnumber">2.0.0</span>
</div>
  </td>
 </tr>
 </tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.8.11 -->
</div><!-- top -->
<div id="side-nav" class="ui-resizable side-nav-resizable">
  <div id="nav-tree">
    <div id="nav-tree-contents">
      <div id="nav-sync" class="sync"></div>
    </div>
  </div>
  <div id="splitbar" style="-moz-user-select:none;" 
       class="ui-resizable-handle">
  </div>
</div>
<script type="text/javascript">
$(document).ready(function(){initNavTree('SignVerifyTutorial.html','');});
</script>
<div id="doc-content">
<div class="header">
  <div class="headertitle">
<div class="title">Signing and Verification Tutorial </div>  </div>
</div><!--header-->
<div class="contents">
<div class="toc"><h3>Table of Contents</h3>
<ul><li class="level1"><a href="#SignVerifyTutorial_Signmmsg">Creating an Intel&reg; EPID Signature of a Given Message</a></li>
<li class="level1"><a href="#SignVerifyTutorial_Verifysig">Verifying an Intel&reg; EPID Signature</a></li>
<li class="level1"><a href="#SignVerifyTutorial_Basename">Linking Intel&reg; EPID Signatures from the Same Member</a></li>
<li class="level1"><a href="#SignVerifyTutorial_VerificationFailures">Expected Failures</a></li>
<li class="level1"><a href="#SignVerifyTutorial_Revocation_Group">Revocation</a><ul><li class="level2"><a href="#SignVerifyTutorial_GroupRevocation">Detecting Revoked Group from Group Revocation List</a></li>
<li class="level2"><a href="#SignVerifyTutorial_KeyRevocation">Detecting Revoked Member from Private Key Based Revocation List</a></li>
<li class="level2"><a href="#SignVerifyTutorial_SigRevocation">Detecting Revoked Member from Signature Based Revocation List</a></li>
</ul>
</li>
</ul>
</div>
<div class="textblock"><p>The Intel&reg; EPID SDK provides example tools to show you how to use the Intel&reg; EPID SDK APIs. These examples are called <em>signmsg</em> and <em>verifysig</em>.</p>
<p>You can build these examples using the instructions in <a class="el" href="BuildingSdk.html">Building From Source</a>. The tutorial assumes <code>_install/epid-sdk/example</code> is the current directory.</p>
<p>All command lines in this tutorial use posix command line conventions; for other systems, adjust accordingly.</p>
<p>For the code used in this tutorial, refer to <a href="examples.html"><b>Examples</b></a>.</p>
<dl class="section note"><dt>Note</dt><dd>The data for running this tutorial is pre-generated. Once the samples are built, the data is in the <code>_install/epid-sdk/example/data</code> directory. See <a class="el" href="IssuerMaterial.html">Sample Issuer Material</a>.</dd></dl>
<h1><a class="anchor" id="SignVerifyTutorial_Signmmsg"></a>
Creating an Intel® EPID Signature of a Given Message</h1>
<p>The example application <em>signmsg</em> shows you how to create an Intel&reg; EPID Signature of a given message. </p><pre class="fragment">$ ./signmsg -h
Usage: signmsg [OPTION]...
Create Intel(R) EPID signature of message

Options:

--sig=FILE            write signature to FILE (default: sig.dat)
--msg=MESSAGE         MESSAGE to sign
--bsn=BASENAME        BASENAME to sign with (default: random)
--sigrl=FILE          load signature based revocation list from FILE
--gpubkey=FILE        load group public key from FILE
                        (default: pubkey.bin)
--mprivkey=FILE       load member private key from FILE
                        (default: mprivkey.dat)
--mprecmpi=FILE       load pre-computed member data from FILE
--mprecmpo=FILE       write pre-computed member data to FILE
--hashalg=NAME        SHA-256 | SHA-384 | SHA-512 (default: SHA-512)
--capubkey=FILE       load IoT Issuing CA public key from FILE
                        (default: cacert.bin)
-h,--help             display this help and exit
-v,--verbose          print status messages to stdout
</pre><p>To sign a message, a group member in good standing uses the following command: </p><pre class="fragment">$ ./signmsg --msg="test0"
</pre><p>The above command signs a message "test0". <em>signmsg</em> uses default options for the group public key, member private key, and hash algorithm (SHA-512). All other parameters that are not given are ignored. The command produces a signature file: <code>sig.dat</code></p>
<h1><a class="anchor" id="SignVerifyTutorial_Verifysig"></a>
Verifying an Intel® EPID Signature</h1>
<p>The example application <em>verifysig</em> shows you how to verify that a given Intel&reg; EPID Signature is produced by a member in good standing. </p><pre class="fragment">$ ./verifysig -h
Usage: verifysig [OPTION]...
Verify signature was created by group member in good standing

Options:

--sig=FILE            load signature from FILE (default: sig.dat)
--msg=MESSAGE         MESSAGE that was signed (default: empty)
--bsn=BASENAME        BASENAME used in signature (default: random)
--privrl=FILE         load private key based revocation list from FILE
--sigrl=FILE          load signature based revocation list from FILE
--grprl=FILE          load group revocation list from FILE
                        (default: grprl.bin)
--verifierrl=FILE     load verifier revocation list from FILE
--gpubkey=FILE        load group public key from FILE (default: pubkey.bin)
--vprecmpi=FILE       load pre-computed verifier data from FILE
--vprecmpo=FILE       write pre-computed verifier data to FILE
--hashalg=NAME        SHA-256 | SHA-384 | SHA-512 (default: SHA-512)
--capubkey=FILE       load IoT Issuing CA public key from FILE
                        (default: cacert.bin)
-h,--help             display this help and exit
-v,--verbose          print status messages to stdout
</pre><p>To verify that a signature is from a member in good standing, the verifier uses the following command: </p><pre class="fragment">$ ./verifysig --msg="test0"
signature verified successfully
</pre><p>This verifies that the default signature file <code>sig.dat</code> is generated for the message "test0" by a member in good standing. <em>verifysig</em> uses default inputs for group public key and hash algorithm (SHA-512). All other parameters are ignored. The output <code>verifysig: signature verified successfully</code> denotes that the verification is successful.</p>
<h1><a class="anchor" id="SignVerifyTutorial_Basename"></a>
Linking Intel® EPID Signatures from the Same Member</h1>
<p>A name-based signature is a type of signature that gives the verifier the ability to link Intel&reg; EPID signatures from the same member, reducing the member's privacy.</p>
<p>The verifier can ask the member to sign a message with a basename that the verifier chooses. If the member uses the name-based signature option (i.e., in cases where a basename is specified), then all the signatures created by the member using the same basename are linkable by the verifier.</p>
<dl class="section warning"><dt>Warning</dt><dd>The use of a name-based signature creates a platform unique pseudonymous identifier. Because it reduces the member's privacy, the user should be notified when it is used and should have control over its use.</dd></dl>
<p>A name-based signature is created using the additional parameter of a basename. If the member uses the same basename, the verifier can mathematically link signatures generated by the member, showing that the signatures are from the same member.</p>
<p>If basename is not provided, then the member uses a random basename and the signature generated by the member is anonymous.</p>
<p>To Sign message "test0" with a basename "base0": </p><pre class="fragment">$ ./signmsg --msg="test0" --bsn="base0"
</pre><p>To verify the signature: </p><pre class="fragment">$ ./verifysig --msg="test0" --bsn="base0"
verifysig: signature verified successfully
</pre><h1><a class="anchor" id="SignVerifyTutorial_VerificationFailures"></a>
Expected Failures</h1>
<p>The signature verification process fails if there is a parameter mismatch between sign and verify operations. Here are some examples.</p>
<p>Verification fails if there is a mismatch in the message: </p><pre class="fragment">$ ./signmsg --msg="test0"
$ ./verifysig --msg="test1"
verifysig: signature verification failed: invalid signature
</pre><p>Verification fails if there is a mismatch in the basename: </p><pre class="fragment">$ ./signmsg --msg="test0" --bsn="base0"
$ ./verifysig --msg="test0" --bsn="base1"
verifysig: signature verification failed: invalid signature
</pre><p>The Intel&reg; EPID SDK supports the following hash algorithms: SHA-256, SHA-384, SHA-512. The selected hash algorithm must be the same for both sign and verify. Mismatch in hash algorithm results in verification failure: </p><pre class="fragment">$ ./signmsg --msg="test0" --hashalg=SHA-256
$ ./verifysig --msg="test0" --hashalg=SHA-384
verifysig: signature verification failed: invalid signature
</pre><h1><a class="anchor" id="SignVerifyTutorial_Revocation_Group"></a>
Revocation</h1>
<p>Revocation lists are data structures used by the verifier to identify members that are no longer approved members of the group.</p>
<p>The verifier obtains the member private key based revocation list (PrivRL), signature based revocation list (SigRL), and group based revocation list (GroupRL) from the issuer. The verifier can also maintain its own verifier blacklist (VerifierRL).</p>
<h2><a class="anchor" id="SignVerifyTutorial_GroupRevocation"></a>
Detecting Revoked Group from Group Revocation List</h2>
<p>Verification of a signature fails if it is generated by a member of a group that is revoked in the group revocation list.</p>
<p>For example, </p><pre class="fragment">$ ./signmsg --msg="test0" --gpubkey=data/groupb/pubkey.bin --mprivkey=data/groupb/member0/mprivkey.dat
$ ./verifysig --msg="test0" --grprl=data/grprl.bin --gpubkey=data/groupb/pubkey.bin
verifysig: signature verification failed: signature revoked in GroupRl
</pre><p>The verification fails because <b>groupb</b> is revoked and is an entry in the group revocation list (<code>grprl.bin</code>).</p>
<h2><a class="anchor" id="SignVerifyTutorial_KeyRevocation"></a>
Detecting Revoked Member from Private Key Based Revocation List</h2>
<p>Verification of a signature fails if it is generated by a member whose private key is revoked in a private-key based revocation list.</p>
<p>For example, </p><pre class="fragment">$ ./signmsg --msg=test0 --gpubkey=data/groupa/pubkey.bin --mprivkey=data/groupa/privrevokedmember0/mprivkey.dat
$ ./verifysig --msg=test0 --privrl=data/groupa/privrl.bin --gpubkey=data/groupa/pubkey.bin
verifysig: signature verification failed: signature revoked in PrivRl
</pre><p>The verification fails because the private key of <b>privrevokedmember0</b> is revoked and is an entry in the private key based revocation list of <b>groupa</b> (<code>privrl.bin</code>).</p>
<h2><a class="anchor" id="SignVerifyTutorial_SigRevocation"></a>
Detecting Revoked Member from Signature Based Revocation List</h2>
<p>Verification of a signature fails if it is generated by a member whose signature is revoked in a signature based revocation list. </p><pre class="fragment">$ ./signmsg --msg="test1" --sigrl=data/groupa/sigrl.bin --gpubkey=data/groupa/pubkey.bin --mprivkey=data/groupa/sigrevokedmember0/mprivkey.dat
signmsg: signature revoked in SigRL
$ ./verifysig --msg="test1" --sigrl=data/groupa/sigrl.bin --gpubkey=data/groupa/pubkey.bin
verifysig: signature verification failed: signature revoked in SigRl
</pre><p>The message "test1" is signed by <em>signmsg</em> with a warning <code>signmsg: signature revoked in SigRL</code>. This means that the signature of <b>sigrevokedmember0</b> is revoked in the signature based revocation list. The verification fails because the signature was generated by <b>sigrevokedmember0</b>, which is revoked and is an entry in the signature based revocation list of <b>groupa</b> (<code>sigrl.bin</code>). </p>
</div></div><!-- contents -->
</div><!-- doc-content -->
<!-- HTML footer for doxygen 1.8.10-->
<!-- start footer part -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
  <ul>
    <li class="footer">
      &copy; 2016 Intel Corporation
    </li>
  </ul>
</div>
</body>
</html>