does anyone know what these multiple key in the RemoteAttestation SampelCode are used for?
What does SK, VK, MK and SMK mean? Does SK stand for Storage-Key or Signing-Key? What are the use, cases for all of that 4 key-types? In dont find online any detailed information!
sgx_ra_init_exAPI to provide a callback function to generate the remote attestation keys used in the SIGMA protocol (SMK) and returned by the API
sgx_ra_get_keys(SK, MK, and VK). The decision to use a different KDF is a policy of the ISV, but it should be approved by the ISV’s security process.
Okay thanks, for that information.
I have another question. I saw the RemoteAttestation example. If i wanna communicate over the secure communication channel (established in the Remot-Attestation process), should i therefor use the SK-Key to sign the data? The background is: i wanna communicate information after the result-message (sent from SP to Enclave), back from the enclave to the SP. The Enclave has received a so called secret from the SP (which is in the result message). As i see it the message was only to demonstrate, that i can protect information with the sk-key right? So if i wanna send a message back to the SP afterward, there are no advantages to put the secret in that message, right? My message has only a payload field and a MAC-field (mac over payload with sk-key). i dont wanna encrypt my payload but i wanna ensure i is from the enclave, so am i processing right?
Selvaraj, Surenthar (Intel) wrote:
- SK (Signing Key/Symmetric Key)
- MK (Master Key/Masking Key)
- SMK (SIGMA protocol)
you explained what SK, MK and SMK stand for, but left out VK. What does VK mean?