Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signing enclave images with HSM/KSM #204

Open
yoavj1 opened this issue Nov 24, 2020 · 3 comments
Open

Signing enclave images with HSM/KSM #204

yoavj1 opened this issue Nov 24, 2020 · 3 comments
Labels
enhancement New feature or request

Comments

@yoavj1
Copy link

yoavj1 commented Nov 24, 2020

Currently the only option to sign an enclave image is to pass the private key and the certificate to build-enclave command. However, it prevents storing the key in a secure storage like HSM or KSM, and using it only for signing without retrieving the key itself.
One solution is to allow to add the signature after the enclave was created, so the signature can be produced independently from the enclave creation.
@petreeftime petreeftime added the enhancement New feature or request label Nov 24, 2020
@petreeftime petreeftime mentioned this issue Nov 24, 2020
Closed
@petreeftime
Copy link
Contributor

Thank you for the feature request. There are two topics here:

  1. Signing with an AWS KMS asymmetric key (and/or maybe a key from an HSM or Nitro Enclave :) ).
  2. Attaching/replacing a signature to an already created image.

@gal-fordefi
Copy link

gal-fordefi commented Aug 8, 2022
edited

@petreeftime I guess that now, that you merged awslabs/aws-nitro-enclaves-cose#5, it's possible to add the requested functionality to the CLI.

@petreeftime
Copy link
Contributor

Yes, it should be possible to add support for this.

This was referenced Aug 29, 2022
Open
Closed
@eugkoira eugkoira mentioned this issue Apr 12, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@petreeftime @yoavj1 @gal-fordefi