Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Fan
Beginner
172 Views

What's the usage of the Report Key assigned when registering for IAS

Jump to solution

First of all, I'm extremely happy to see that IAS is up for open testing. Kudos!

So I registered and got assigned a Report Key (an RSA public key as it appears), which, according to the API doc, can be used to verify the Attestation Verification Reports returned by IAS. But I'm wondering what is the real benefit of having individually assigned report keys. A critical question is whether Intel is endorsing the report keys. In other words, is there a way to verify if a given report key is indeed issued by Intel? If not, I didn't see any benefit of issuing report key, since Intel can simply sign all reports using a single key and publish the corresponding public key, which is much simpler. So I assume the report keys must be endorsed by Intel somehow. Am I right?

0 Kudos
1 Solution
172 Views

The Report Key is used to sign the attestation report from the Intel Attestation Server. The intent is for the remote service provider to verify the signature of the report. The public key is provided to the developers in an email they receive after registering their certificate with Development Services for an SPID. The key is the same for everybody. 

View solution in original post

4 Replies
172 Views

SGX provides sgx_remote() with which the programmers can readily generate a remote attestation request in an enclave program through a single API. It uses sgx_getkey() and sgx_getreport() to get a report key and create a report. By specifying the socket information of a target enclave, a challenger can issue a remote attestation to check

(1) the correctness of the target program (based on the hash of EPC contents) and

(2) whether it is actually running inside an enclave on the SGX-enabled platform (MAC with report key)

Fan
Beginner
172 Views

Kuppusamy R. (Intel) wrote:

SGX provides sgx_remote() with which the programmers can readily generate a remote attestation request in an enclave program through a single API. It uses sgx_getkey() and sgx_getreport() to get a report key and create a report. By specifying the socket information of a target enclave, a challenger can issue a remote attestation to check

(1) the correctness of the target program (based on the hash of EPC contents) and

(2) whether it is actually running inside an enclave on the SGX-enabled platform (MAC with report key)

Thanks. I'm not sure if we're talking about the same thing. I know there is a Report Key on SGX that works exactly as you describe. However what I'm asking here is the key assigned to me when registering for EPID. I received another so called "report key" from email, along with my SPID. I think they just happen to have the same name.  

173 Views

The Report Key is used to sign the attestation report from the Intel Attestation Server. The intent is for the remote service provider to verify the signature of the report. The public key is provided to the developers in an email they receive after registering their certificate with Development Services for an SPID. The key is the same for everybody. 

View solution in original post

Fan
Beginner
172 Views

Kuppusamy R. (Intel) wrote:

The Report Key is used to sign the attestation report from the Intel Attestation Server. The intent is for the remote service provider to verify the signature of the report. The public key is provided to the developers in an email they receive after registering their certificate with Development Services for an SPID. The key is the same for everybody. 

Thank you! "The key is the same for everybody. " is exactly what I'm looking for. Perfect.

Reply