https://community.intel.com/t5/Intel-Software-Guard-Extensions/key-usage-difference/m-p/1167541#M3095 <P><SPAN style="font-size: 1em;">Who can explain clearly about the following key usage and difference? It is strange I can't find any </SPAN><SPAN style="font-size: 1em;">explanations</SPAN><SPAN style="font-size: 13.008px;">&nbsp;</SPAN><SPAN style="font-size: 1em;">in the document.</SPAN></P> <P>SGX_RA_KEY_MK, SGX_RA_KEY_SK, &nbsp;SGX_RA_VK.</P> <P><SPAN style="font-size: 1em;">Launch key,&nbsp;</SPAN><SPAN style="font-size: 1em;">Provisioning key,&nbsp;</SPAN><SPAN style="font-size: 1em;">Provisioning seal key, </SPAN><SPAN style="font-size: 1em;">Report key, </SPAN><SPAN style="font-size: 1em;">Seal key.</SPAN></P> <P>Thanks,</P> <P>Peter</P> Wed, 16 Aug 2017 10:16:27 GMT peter_c_1 2017-08-16T10:16:27Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/key-usage-difference/m-p/1167541#M3095 <P><SPAN style="font-size: 1em;">Who can explain clearly about the following key usage and difference? It is strange I can't find any </SPAN><SPAN style="font-size: 1em;">explanations</SPAN><SPAN style="font-size: 13.008px;">&nbsp;</SPAN><SPAN style="font-size: 1em;">in the document.</SPAN></P> <P>SGX_RA_KEY_MK, SGX_RA_KEY_SK, &nbsp;SGX_RA_VK.</P> <P><SPAN style="font-size: 1em;">Launch key,&nbsp;</SPAN><SPAN style="font-size: 1em;">Provisioning key,&nbsp;</SPAN><SPAN style="font-size: 1em;">Provisioning seal key, </SPAN><SPAN style="font-size: 1em;">Report key, </SPAN><SPAN style="font-size: 1em;">Seal key.</SPAN></P> <P>Thanks,</P> <P>Peter</P> Wed, 16 Aug 2017 10:16:27 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/key-usage-difference/m-p/1167541#M3095 peter_c_1 2017-08-16T10:16:27Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/key-usage-difference/m-p/1167542#M3096 <P>Hi Peter,</P> <UL style="color: rgb(96, 96, 96); font-size: 13.008px;"> <LI>SK (Signing Key/Symmetric Key)</LI> <LI>MK (Master Key/Masking Key)</LI> <LI>SMK (SIGMA protocol)</LI> <LI>VK: Verification key</LI> <LI>ISV can use the&nbsp;sgx_ra_init_ex&nbsp;API to provide a callback function to generate the remote attestation keys used in the SIGMA protocol (SMK) and returned by the API&nbsp;sgx_ra_get_keys&nbsp;(SK, MK, and VK).&nbsp;The decision to use a different KDF is a policy of the ISV, but it should be approved by the ISV’s security process.&nbsp;</LI> <LI>sgx_ ra_derive_secret_keys_t function takes the Diffie-Hellman shared secret as input to allow the ISV enclave to generate their own derived shared keys (SMK, SK, MK and VK).</LI> <LI>VK is derived &nbsp;from the Diffie-Hellman shared secret elliptic curve field element between the service provider and &nbsp;the application enclave.<BR /> VK &nbsp;= AES-CMAC (0x00, gab &nbsp;x coordinate|| 0x03)</LI> <LI>Remote Attestation context was generated by sgx_ra_init, the returned&nbsp;<SPAN style="font-weight: 700;">SGX_RA_ KEY_MK, SGX_RA_KEY_SK</SPAN>&nbsp;or&nbsp;<SPAN style="font-weight: 700;">SGX_RA_VK</SPAN>&nbsp;is derived from the Diffie-Hellman shared secret elliptic curve field element between the service provider and the application enclave using the following Key Derivation Function (KDF): <UL> <LI>KDK = AES-CMAC(key0, gab x-coordinate)</LI> <LI>SGX_RA_KEY_VK = AES-CMAC(KDK, 0x01||’VK’||0x00||0x80||0x00)</LI> <LI>SGX_RA_KEY_MK = AES-CMAC(KDK, 0x01||’MK’||0x00||0x80||0x00)</LI> <LI>SGX_RA_KEY_SK = AES-CMAC(KDK, 0x01||’SK’||0x00||0x80||0x00)</LI> </UL> </LI> <LI>The key0 used in the key extraction operation is 16 bytes of 0x00. The plain text used in the Key derivation calculation is the Diffie-Hellman shared secret elliptic curve field element in Little Endian format.</LI> <LI>The plain text used in each key calculation includes: <UL> <LI>a counter (0x01)</LI> <LI>a label: the ASCII representation of one of the strings 'VK', 'MK' or 'SK' in Little Endian format</LI> <LI>a bit length (0x80)</LI> </UL> </LI> </UL> <P>&nbsp;</P> <P>Regards</P> <P>Shivananda</P> Thu, 17 Aug 2017 05:59:12 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/key-usage-difference/m-p/1167542#M3096 Shivananda_H_Intel 2017-08-17T05:59:12Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/key-usage-difference/m-p/1167543#M3097 <P>Hi&nbsp;<SPAN style="font-size: 12px;">Shivananda,</SPAN></P> <P><SPAN style="font-size: 12px;">Thanks for your reply firstly. but I am still confused about key usage. I want to know&nbsp;where/when/how to use them? Hope we have some documents about key usage.</SPAN></P> <P><SPAN style="font-size: 12px;">Another question, which key (</SPAN><SPAN style="font-size: 12px;">Launch key,&nbsp;Provisioning key,&nbsp;Provisioning seal key, Report key, Seal key.) </SPAN><SPAN style="font-size: 12px;">is device-specific key?</SPAN></P> <P><SPAN style="font-size: 12px;">Thanks,</SPAN><BR /> <SPAN style="font-size: 12px;">Peter</SPAN></P> <P>&nbsp;</P> Fri, 18 Aug 2017 08:09:57 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/key-usage-difference/m-p/1167543#M3097 peter_c_1 2017-08-18T08:09:57Z