doc/html/_usingi_k_g_f.html - platform/external/epid-sdk - Git at Google

 <!-- HTML header for doxygen 1.8.10-->
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
 <meta http-equiv="X-UA-Compatible" content="IE=9"/>
 <meta name="generator" content="Doxygen 1.8.14"/>
 <title>Intel&reg; Enhanced Privacy ID SDK: Managing Groups with iKGF</title>
 <link href="tabs.css" rel="stylesheet" type="text/css"/>
 <script type="text/javascript" src="jquery.js"></script>
 <script type="text/javascript" src="dynsections.js"></script>
 <link href="navtree.css" rel="stylesheet" type="text/css"/>
 <script type="text/javascript" src="resize.js"></script>
 <script type="text/javascript" src="navtreedata.js"></script>
 <script type="text/javascript" src="navtree.js"></script>
 <script type="text/javascript">
 /* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
   $(document).ready(initResizable);
 /* @license-end */</script>
 <link href="doxygen.css" rel="stylesheet" type="text/css" />
 <link href="epidstyle.css" rel="stylesheet" type="text/css"/>
 </head>
 <body>
 <div id="top"><!-- do not remove this div, it is closed by doxygen! -->
 <div id="titlearea">
 <table cellspacing="0" cellpadding="0">
  <tbody>
  <tr style="height: 56px;">
   <td id="projectalign" style="padding-left: 0.5em;">
    <div id="projectname"><a
                             onclick="storeLink('index.html')"
                             id="projectlink"
                             class="index.html"
                             href="index.html">Intel&reg; Enhanced Privacy ID SDK</a>
 &#160;<span id="projectnumber">6.0.1</span>
 </div>
   </td>
  </tr>
  </tbody>
 </table>
 </div>
 <!-- end header part -->
 <!-- Generated by Doxygen 1.8.14 -->
 </div><!-- top -->
 <div id="side-nav" class="ui-resizable side-nav-resizable">
   <div id="nav-tree">
     <div id="nav-tree-contents">
       <div id="nav-sync" class="sync"></div>
     </div>
   </div>
   <div id="splitbar" style="-moz-user-select:none;"
        class="ui-resizable-handle">
   </div>
 </div>
 <script type="text/javascript">
 /* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
 $(document).ready(function(){initNavTree('_usingi_k_g_f.html','');});
 /* @license-end */
 </script>
 <div id="doc-content">
 <div class="header">
   <div class="headertitle">
 <div class="title">Managing Groups with iKGF </div>  </div>
 </div><!--header-->
 <div class="contents">
 <div class="toc"><h3>Table of Contents</h3>
 <ul><li class="level1"><a href="#ContactingiKGF">Contacting iKGF</a></li>
 <li class="level1"><a href="#RevocationTools">Tools for Creating Revocation Requests</a><ul><li class="level2"><a href="#RevocationTools_revokegrp">Requesting Group Revocation</a></li>
 <li class="level2"><a href="#RevocationTools_revokekey">Requesting Private Key Revocation</a></li>
 <li class="level2"><a href="#RevocationTools_revokesig">Requesting Signature Revocation</a></li>
 </ul>
 </li>
 <li class="level1"><a href="#ExtractionTools">Tools for Extracting Keys from iKGF Files</a><ul><li class="level2"><a href="#ExtractionTools_extractgrps">Extracting Group Public Keys</a></li>
 <li class="level2"><a href="#ExtractionTools_extractkeys">Extracting Member Private Keys</a></li>
 </ul>
 </li>
 </ul>
 </div>
 <div class="textblock"><p>The issuer handles group membership and revocation. To provision devices with Intel&reg; EPID keys, you need to process data provided by the issuer. Also, in order to revoke a member, you have to generate a revocation request and send it to the issuer.</p>
 <p>This section assumes you are using iKGF as your issuer, and describes how to do the following:</p>
 <ul>
 <li>Create group revocation request for iKGF</li>
 <li>Create member private key revocation request for iKGF</li>
 <li>Create signature revocation request for iKGF</li>
 <li>Extract group public keys from iKGF files</li>
 <li>Extract member private keys from iKGF files</li>
 </ul>
 <p>After you send revocation requests with the issuer, the issuer updates the revocation lists as needed.</p>
 <p>The Intel&reg; EPID SDK provides tools designed to make it easier to generate revocation requests and extract keys from iKGF files.</p>
 <h1><a class="anchor" id="ContactingiKGF"></a>
 Contacting iKGF</h1>
 <p>If you want to use the Intel Key Generation Facility (iKGF) as the issuer, contact <a href="#" onclick="location.href='mai'+'lto:'+'inf'+'o@'+'dig'+'it'+'al-'+'cp'+'.co'+'m'; return false;">info@<span style="display: none;">.nosp@m.</span>digi<span style="display: none;">.nosp@m.</span>tal-c<span style="display: none;">.nosp@m.</span>p.co<span style="display: none;">.nosp@m.</span>m</a> to get started.</p>
 <h1><a class="anchor" id="RevocationTools"></a>
 Tools for Creating Revocation Requests</h1>
 <p>The Intel&reg; EPID SDK includes tools to help you request that iKGF add a revoked group, member private key, or signature to a revocation list.</p>
 <p>These tools are designed to create a revocation request in the specific format required by iKGF. After one of these tools generates a revocation request, the request must be submitted to the issuer in order for the revocation to take effect.</p>
 <p>To access the tools, go to <code>_install/epid-sdk/tools</code> in the SDK directory.</p>
 <p>You need to build the SDK before you can use these tools. For more information, refer to <a class="el" href="_building_sdk.html">Building from Source</a>.</p>
 <p>The following tools are available:</p>
 <table class="markdownTable">
 <tr class="markdownTableHead">
 <th class="markdownTableHeadNone">Tool  </th><th class="markdownTableHeadNone">Purpose ----------&mdash;   </th></tr>
 <tr class="markdownTableBody" class="markdownTableRowOdd">
 <td class="markdownTableBodyNone"><code>revokegrp</code>  </td><td class="markdownTableBodyNone">Create group revocation request   </td></tr>
 <tr class="markdownTableBody" class="markdownTableRowEven">
 <td class="markdownTableBodyNone"><code>revokekey</code>  </td><td class="markdownTableBodyNone">Create member private key revocation request   </td></tr>
 <tr class="markdownTableBody" class="markdownTableRowOdd">
 <td class="markdownTableBodyNone"><code>revokesig</code>  </td><td class="markdownTableBodyNone">Create signature revocation request   </td></tr>
 </table>
 <p><br />
 </p>
 <h2><a class="anchor" id="RevocationTools_revokegrp"></a>
 Requesting Group Revocation</h2>
 <p>The <code>revokegrp</code> tool adds a group to the revocation request file. </p><pre class="fragment">Usage: revokegrp [OPTION]...
 Revoke Intel(R) EPID group

 Options:
   --gpubkey=FILE
       load group public key from FILE (default: pubkey.bin)

   --capubkey=FILE
       load IoT Issuing CA public key from FILE

   --reason=NUM
       revocation reason (default: 0)

   --req=FILE
       append group revocation request to FILE (default: grprlreq.dat)

   -h, --help
       display this help and exit

   -v, --verbose
       print status messages to stdout
 </pre><p><br />
 </p>
 <h2><a class="anchor" id="RevocationTools_revokekey"></a>
 Requesting Private Key Revocation</h2>
 <p>The <code>revokekey</code> tool adds a member private key to the revocation request file. </p><pre class="fragment">Usage: revokekey [OPTION]
 Revoke Intel(R) EPID private key

 Options:
     --mprivkey=FILE
         load private key to revoke from FILE (default: mprivkey.dat)

     --req=FILE
         append private key revocation request to FILE (default: privreq.dat)

     -h, --help
         display this help and exit

     -v,--verbose
         print status messages to stdout

 The following options are only needed for compressed keys:

     --gpubkey=FILE
         load group public key from FILE (default: pubkey.bin)

     --capubkey=FILE
         load IoT Issuing CA public key from FILE
 </pre><p><br />
 </p>
 <h2><a class="anchor" id="RevocationTools_revokesig"></a>
 Requesting Signature Revocation</h2>
 <p>The <code>revokesig</code> tool creates a request to add a signature to the revocation request file.</p>
 <p><code>revokesig</code> only accepts valid signatures for addition to the revocation request. </p><pre class="fragment">Usage: revokesig [OPTION]...
 Revoke Intel(R) EPID signature

 Options:
   --sig=FILE
       load signature to revoke from FILE (default: sig.dat)

   --msg=MESSAGE
       MESSAGE used to generate signature to revoke

   --msgfile=FILE
       FILE containing message used to generate signature to revoke

   --gpubkey=FILE
       load group public key from FILE (default: pubkey.bin)

   --capubkey=FILE
       load IoT Issuing CA public key from FILE

   --req=FILE
       append signature revocation request to FILE (default: sigrlreq.dat)

   -h, --help
       display this help and exit

   -v, --verbose
       print status messages to stdout
 </pre><h1><a class="anchor" id="ExtractionTools"></a>
 Tools for Extracting Keys from iKGF Files</h1>
 <p>The Intel&reg; EPID SDK includes tools to help you extract individual keys from files provided by the Intel Key Generation Facility (iKGF).</p>
 <p>To access the tools, go to <code>_install/epid-sdk/tools</code> in the SDK directory.</p>
 <p>You need to build the SDK before you can use these tools. For more information, refer to <a class="el" href="_building_sdk.html">Building from Source</a>.</p>
 <p>The following tools are available:</p>
 <table class="markdownTable">
 <tr class="markdownTableHead">
 <th class="markdownTableHeadNone">Tool  </th><th class="markdownTableHeadNone">Purpose ------------&mdash;   </th></tr>
 <tr class="markdownTableBody" class="markdownTableRowOdd">
 <td class="markdownTableBodyNone"><code>extractgrps</code>  </td><td class="markdownTableBodyNone">Extracts group public keys   </td></tr>
 <tr class="markdownTableBody" class="markdownTableRowEven">
 <td class="markdownTableBodyNone"><code>extractkeys</code>  </td><td class="markdownTableBodyNone">Extracts member private keys   </td></tr>
 </table>
 <p><br />
 </p>
 <h2><a class="anchor" id="ExtractionTools_extractgrps"></a>
 Extracting Group Public Keys</h2>
 <p>The <code>extractgrps</code> tool extracts group public keys from the input file to the current directory. </p><pre class="fragment">Usage: extractgrps [OPTION]... [FILE] [NUM]
 Extract the first NUM group certs from FILE to current directory

 Options:
   -h, --help
       display this help and exit

   -v, --verbose
       print status messages to stdout
 </pre><p><br />
 </p>
 <h2><a class="anchor" id="ExtractionTools_extractkeys"></a>
 Extracting Member Private Keys</h2>
 <p>The <code>extractkeys</code> tool extracts member private keys from the input file to the current directory. </p><pre class="fragment">Usage: extractkeys [OPTION]... [FILE] [NUM]
 Extract the first NUM private keys from FILE to current directory.

 Options:
   -c, --compressed
       extract compressed keys

   -h, --help
       display this help and exit

   -v, --verbose
       print status messages to stdout</pre> </div></div><!-- contents -->
 </div><!-- doc-content -->
 <!-- HTML footer for doxygen 1.8.10-->
 <!-- start footer part -->
 <div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
   <ul>
     <li class="footer">
       &copy; 2016-2017 Intel Corporation
     </li>
   </ul>
 </div>
 </body>
 </html>
	<!-- HTML header for doxygen 1.8.10-->
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
	<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
	<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
	<meta http-equiv="X-UA-Compatible" content="IE=9"/>
	<meta name="generator" content="Doxygen 1.8.14"/>
	<title>Intel® Enhanced Privacy ID SDK: Managing Groups with iKGF</title>
	<link href="tabs.css" rel="stylesheet" type="text/css"/>
	<script type="text/javascript" src="jquery.js"></script>
	<script type="text/javascript" src="dynsections.js"></script>
	<link href="navtree.css" rel="stylesheet" type="text/css"/>
	<script type="text/javascript" src="resize.js"></script>
	<script type="text/javascript" src="navtreedata.js"></script>
	<script type="text/javascript" src="navtree.js"></script>
	<script type="text/javascript">
	/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
	$(document).ready(initResizable);
	/* @license-end */</script>
	<link href="doxygen.css" rel="stylesheet" type="text/css" />
	<link href="epidstyle.css" rel="stylesheet" type="text/css"/>
	</head>
	<body>
	<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
	<div id="titlearea">
	<table cellspacing="0" cellpadding="0">
	<tbody>
	<tr style="height: 56px;">
	<td id="projectalign" style="padding-left: 0.5em;">
	<div id="projectname"><a
	onclick="storeLink('index.html')"
	id="projectlink"
	class="index.html"
	href="index.html">Intel® Enhanced Privacy ID SDK</a>
	<span id="projectnumber">6.0.1</span>
	</div>
	</td>
	</tr>
	</tbody>
	</table>
	</div>
	<!-- end header part -->
	<!-- Generated by Doxygen 1.8.14 -->
	</div><!-- top -->
	<div id="side-nav" class="ui-resizable side-nav-resizable">
	<div id="nav-tree">
	<div id="nav-tree-contents">
	<div id="nav-sync" class="sync"></div>
	</div>
	</div>
	<div id="splitbar" style="-moz-user-select:none;"
	class="ui-resizable-handle">
	</div>
	</div>
	<script type="text/javascript">
	/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
	$(document).ready(function(){initNavTree('_usingi_k_g_f.html','');});
	/* @license-end */
	</script>
	<div id="doc-content">
	<div class="header">
	<div class="headertitle">
	<div class="title">Managing Groups with iKGF </div> </div>
	</div><!--header-->
	<div class="contents">
	<div class="toc"><h3>Table of Contents</h3>
	<ul><li class="level1"><a href="#ContactingiKGF">Contacting iKGF</a></li>
	<li class="level1"><a href="#RevocationTools">Tools for Creating Revocation Requests</a><ul><li class="level2"><a href="#RevocationTools_revokegrp">Requesting Group Revocation</a></li>
	<li class="level2"><a href="#RevocationTools_revokekey">Requesting Private Key Revocation</a></li>
	<li class="level2"><a href="#RevocationTools_revokesig">Requesting Signature Revocation</a></li>
	</ul>
	</li>
	<li class="level1"><a href="#ExtractionTools">Tools for Extracting Keys from iKGF Files</a><ul><li class="level2"><a href="#ExtractionTools_extractgrps">Extracting Group Public Keys</a></li>
	<li class="level2"><a href="#ExtractionTools_extractkeys">Extracting Member Private Keys</a></li>
	</ul>
	</li>
	</ul>
	</div>
	<div class="textblock"><p>The issuer handles group membership and revocation. To provision devices with Intel® EPID keys, you need to process data provided by the issuer. Also, in order to revoke a member, you have to generate a revocation request and send it to the issuer.</p>
	<p>This section assumes you are using iKGF as your issuer, and describes how to do the following:</p>
	<ul>
	<li>Create group revocation request for iKGF</li>
	<li>Create member private key revocation request for iKGF</li>
	<li>Create signature revocation request for iKGF</li>
	<li>Extract group public keys from iKGF files</li>
	<li>Extract member private keys from iKGF files</li>
	</ul>
	<p>After you send revocation requests with the issuer, the issuer updates the revocation lists as needed.</p>
	<p>The Intel® EPID SDK provides tools designed to make it easier to generate revocation requests and extract keys from iKGF files.</p>
	<h1><a class="anchor" id="ContactingiKGF"></a>
	Contacting iKGF</h1>
	<p>If you want to use the Intel Key Generation Facility (iKGF) as the issuer, contact <a href="#" onclick="location.href='mai'+'lto:'+'inf'+'o@'+'dig'+'it'+'al-'+'cp'+'.co'+'m'; return false;">info@<span style="display: none;">.nosp@m.</span>digi<span style="display: none;">.nosp@m.</span>tal-c<span style="display: none;">.nosp@m.</span>p.co<span style="display: none;">.nosp@m.</span>m</a> to get started.</p>
	<h1><a class="anchor" id="RevocationTools"></a>
	Tools for Creating Revocation Requests</h1>
	<p>The Intel® EPID SDK includes tools to help you request that iKGF add a revoked group, member private key, or signature to a revocation list.</p>
	<p>These tools are designed to create a revocation request in the specific format required by iKGF. After one of these tools generates a revocation request, the request must be submitted to the issuer in order for the revocation to take effect.</p>
	<p>To access the tools, go to <code>_install/epid-sdk/tools</code> in the SDK directory.</p>
	<p>You need to build the SDK before you can use these tools. For more information, refer to <a class="el" href="_building_sdk.html">Building from Source</a>.</p>
	<p>The following tools are available:</p>
	<table class="markdownTable">
	<tr class="markdownTableHead">
	<th class="markdownTableHeadNone">Tool </th><th class="markdownTableHeadNone">Purpose ----------— </th></tr>
	<tr class="markdownTableBody" class="markdownTableRowOdd">
	<td class="markdownTableBodyNone"><code>revokegrp</code> </td><td class="markdownTableBodyNone">Create group revocation request </td></tr>
	<tr class="markdownTableBody" class="markdownTableRowEven">
	<td class="markdownTableBodyNone"><code>revokekey</code> </td><td class="markdownTableBodyNone">Create member private key revocation request </td></tr>
	<tr class="markdownTableBody" class="markdownTableRowOdd">
	<td class="markdownTableBodyNone"><code>revokesig</code> </td><td class="markdownTableBodyNone">Create signature revocation request </td></tr>
	</table>
	<p><br />
	</p>
	<h2><a class="anchor" id="RevocationTools_revokegrp"></a>
	Requesting Group Revocation</h2>
	<p>The <code>revokegrp</code> tool adds a group to the revocation request file. </p><pre class="fragment">Usage: revokegrp [OPTION]...
	Revoke Intel(R) EPID group

	Options:
	--gpubkey=FILE
	load group public key from FILE (default: pubkey.bin)

	--capubkey=FILE
	load IoT Issuing CA public key from FILE

	--reason=NUM
	revocation reason (default: 0)

	--req=FILE
	append group revocation request to FILE (default: grprlreq.dat)

	-h, --help
	display this help and exit

	-v, --verbose
	print status messages to stdout
	</pre><p><br />
	</p>
	<h2><a class="anchor" id="RevocationTools_revokekey"></a>
	Requesting Private Key Revocation</h2>
	<p>The <code>revokekey</code> tool adds a member private key to the revocation request file. </p><pre class="fragment">Usage: revokekey [OPTION]
	Revoke Intel(R) EPID private key

	Options:
	--mprivkey=FILE
	load private key to revoke from FILE (default: mprivkey.dat)

	--req=FILE
	append private key revocation request to FILE (default: privreq.dat)

	-h, --help
	display this help and exit

	-v,--verbose
	print status messages to stdout

	The following options are only needed for compressed keys:

	--gpubkey=FILE
	load group public key from FILE (default: pubkey.bin)

	--capubkey=FILE
	load IoT Issuing CA public key from FILE
	</pre><p><br />
	</p>
	<h2><a class="anchor" id="RevocationTools_revokesig"></a>
	Requesting Signature Revocation</h2>
	<p>The <code>revokesig</code> tool creates a request to add a signature to the revocation request file.</p>
	<p><code>revokesig</code> only accepts valid signatures for addition to the revocation request. </p><pre class="fragment">Usage: revokesig [OPTION]...
	Revoke Intel(R) EPID signature

	Options:
	--sig=FILE
	load signature to revoke from FILE (default: sig.dat)

	--msg=MESSAGE
	MESSAGE used to generate signature to revoke

	--msgfile=FILE
	FILE containing message used to generate signature to revoke

	--gpubkey=FILE
	load group public key from FILE (default: pubkey.bin)

	--capubkey=FILE
	load IoT Issuing CA public key from FILE

	--req=FILE
	append signature revocation request to FILE (default: sigrlreq.dat)

	-h, --help
	display this help and exit

	-v, --verbose
	print status messages to stdout
	</pre><h1><a class="anchor" id="ExtractionTools"></a>
	Tools for Extracting Keys from iKGF Files</h1>
	<p>The Intel® EPID SDK includes tools to help you extract individual keys from files provided by the Intel Key Generation Facility (iKGF).</p>
	<p>To access the tools, go to <code>_install/epid-sdk/tools</code> in the SDK directory.</p>
	<p>You need to build the SDK before you can use these tools. For more information, refer to <a class="el" href="_building_sdk.html">Building from Source</a>.</p>
	<p>The following tools are available:</p>
	<table class="markdownTable">
	<tr class="markdownTableHead">
	<th class="markdownTableHeadNone">Tool </th><th class="markdownTableHeadNone">Purpose ------------— </th></tr>
	<tr class="markdownTableBody" class="markdownTableRowOdd">
	<td class="markdownTableBodyNone"><code>extractgrps</code> </td><td class="markdownTableBodyNone">Extracts group public keys </td></tr>
	<tr class="markdownTableBody" class="markdownTableRowEven">
	<td class="markdownTableBodyNone"><code>extractkeys</code> </td><td class="markdownTableBodyNone">Extracts member private keys </td></tr>
	</table>
	<p><br />
	</p>
	<h2><a class="anchor" id="ExtractionTools_extractgrps"></a>
	Extracting Group Public Keys</h2>
	<p>The <code>extractgrps</code> tool extracts group public keys from the input file to the current directory. </p><pre class="fragment">Usage: extractgrps [OPTION]... [FILE] [NUM]
	Extract the first NUM group certs from FILE to current directory

	Options:
	-h, --help
	display this help and exit

	-v, --verbose
	print status messages to stdout
	</pre><p><br />
	</p>
	<h2><a class="anchor" id="ExtractionTools_extractkeys"></a>
	Extracting Member Private Keys</h2>
	<p>The <code>extractkeys</code> tool extracts member private keys from the input file to the current directory. </p><pre class="fragment">Usage: extractkeys [OPTION]... [FILE] [NUM]
	Extract the first NUM private keys from FILE to current directory.

	Options:
	-c, --compressed
	extract compressed keys

	-h, --help
	display this help and exit

	-v, --verbose
	print status messages to stdout</pre> </div></div><!-- contents -->
	</div><!-- doc-content -->
	<!-- HTML footer for doxygen 1.8.10-->
	<!-- start footer part -->
	<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
	<ul>
	<li class="footer">
	© 2016-2017 Intel Corporation
	</li>
	</ul>
	</div>
	</body>
	</html>