- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First of all, I'm extremely happy to see that IAS is up for open testing. Kudos!
So I registered and got assigned a Report Key (an RSA public key as it appears), which, according to the API doc, can be used to verify the Attestation Verification Reports returned by IAS. But I'm wondering what is the real benefit of having individually assigned report keys. A critical question is whether Intel is endorsing the report keys. In other words, is there a way to verify if a given report key is indeed issued by Intel? If not, I didn't see any benefit of issuing report key, since Intel can simply sign all reports using a single key and publish the corresponding public key, which is much simpler. So I assume the report keys must be endorsed by Intel somehow. Am I right?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Report Key is used to sign the attestation report from the Intel Attestation Server. The intent is for the remote service provider to verify the signature of the report. The public key is provided to the developers in an email they receive after registering their certificate with Development Services for an SPID. The key is the same for everybody.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SGX provides sgx_remote() with which the programmers can readily generate a remote attestation request in an enclave program through a single API. It uses sgx_getkey() and sgx_getreport() to get a report key and create a report. By specifying the socket information of a target enclave, a challenger can issue a remote attestation to check
(1) the correctness of the target program (based on the hash of EPC contents) and
(2) whether it is actually running inside an enclave on the SGX-enabled platform (MAC with report key)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kuppusamy R. (Intel) wrote:
SGX provides sgx_remote() with which the programmers can readily generate a remote attestation request in an enclave program through a single API. It uses sgx_getkey() and sgx_getreport() to get a report key and create a report. By specifying the socket information of a target enclave, a challenger can issue a remote attestation to check
(1) the correctness of the target program (based on the hash of EPC contents) and
(2) whether it is actually running inside an enclave on the SGX-enabled platform (MAC with report key)
Thanks. I'm not sure if we're talking about the same thing. I know there is a Report Key on SGX that works exactly as you describe. However what I'm asking here is the key assigned to me when registering for EPID. I received another so called "report key" from email, along with my SPID. I think they just happen to have the same name.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Report Key is used to sign the attestation report from the Intel Attestation Server. The intent is for the remote service provider to verify the signature of the report. The public key is provided to the developers in an email they receive after registering their certificate with Development Services for an SPID. The key is the same for everybody.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kuppusamy R. (Intel) wrote:
The Report Key is used to sign the attestation report from the Intel Attestation Server. The intent is for the remote service provider to verify the signature of the report. The public key is provided to the developers in an email they receive after registering their certificate with Development Services for an SPID. The key is the same for everybody.
Thank you! "The key is the same for everybody. " is exactly what I'm looking for. Perfect.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page