Solved: Commands on how to create key

Desyllas__Dimitrios · ‎11-28-2017

I read all the required manuals to understand the Intel SGX so I decided to make my own enclave for edicational purpoce therefore I did:

https://github.com/pc-magas/myFirstEnclave

I manage to build my enclave and now I try to figure out how to sign it so I generate with either:

Using the command:
```
openssl genrsa -out $(KEY_FILE) 2048
```
Or using the ssh_keygen command

But in either case when I try to sign them with:

sgx_sign -key ^private_key_generated_above^ -enclave enclave.o -out enclave.so -config Enclave.config.xml

I get the response:

Key file format is not correct.

So I try to figure out how to sign my build enclave. Can you help me?

Ps I've also asked in https://stackoverflow.com/questions/47498426/sgx-sign-enclave-cannot-sign-the-build-enclave-key-file-format-is-not-correct

Hoang_N_Intel · ‎12-12-2017

Commands on how to create a key and sign with SGX are documented in the SGX Developer Reference at https://download.01.org/intel-sgx/linux-1.9/docs/Intel_SGX_SDK_Developer_Reference_Linux_1.9_Open_Source.pdf

Please refer to the section under "OpenSSL* Examples" for command to create a key and section under "Enclave Signer Usage Examples" for commands to sign with SGX.

View solution in original post

Hoang_N_Intel · ‎12-12-2017

Commands on how to create a key and sign with SGX are documented in the SGX Developer Reference at https://download.01.org/intel-sgx/linux-1.9/docs/Intel_SGX_SDK_Developer_Reference_Linux_1.9_Open_Source.pdf

Please refer to the section under "OpenSSL* Examples" for command to create a key and section under "Enclave Signer Usage Examples" for commands to sign with SGX.

SGX sign my enclave over GNU+Linux: Key file format is not correct.