Hi Anusha K:

you_w_ · ‎08-01-2017

Hi everyone:

I want to use the function sgx_rsa3072_sign and sgx_rsa3072_verify in my enclave, but how can I get a rsa key for these functions ?

I see the that key is defined as:

typedef struct _sgx_rsa3072_private_key_t
{
    uint8_t mod[SGX_RSA3072_KEY_SIZE];
    uint8_t exp[SGX_RSA3072_PRI_EXP_SIZE];
} sgx_rsa3072_private_key_t;

, but typically a rsa key seems like this:

RSAPrivateKey ::= SEQUENCE {
  version           Version,
  modulus           INTEGER,  -- n
  publicExponent    INTEGER,  -- e
  privateExponent   INTEGER,  -- d
  prime1            INTEGER,  -- p
  prime2            INTEGER,  -- q
  exponent1         INTEGER,  -- d mod (p-1)
  exponent2         INTEGER,  -- d mod (q-1)
  coefficient       INTEGER,  -- (inverse of q) mod p
  otherPrimeInfos   OtherPrimeInfos OPTIONAL
}

So I'm a little confused about this, any one who can tell me how to get a key that satisfied the request of

sgx_rsa3072_private_key_t, 

thanks!

Regards

you

Anusha_K_Intel · ‎08-01-2017

Hi,

You can use openssl to Generate a 3072-bit RSA private key. Use the following command:

openssl genrsa -out private_key.pem -3 3072

And more information is given in page 20 here

you_w_ · ‎08-01-2017

Hi Anusha K:

Thanks. But I find that the length of modulus & privateExponent do not mach.

mod: 385

EXP: 384

So how can I use it ?

Kind regards

you

you_w_ · ‎08-01-2017

Hi Anusha：

I find that the beginning Byte of mod is always 0x00, So is that means that I can use it from the second Byte?

Thank you！

Regards

you

What is the key format used by sgx_rsa3072_sign ?