1. Enclave's signing keys are generated on your own using tools like OpenSSL. This is an RSA asymmetric key pair. The `enclave_signing_key.pem` is the **private key** that is used by the `sgx_sign` tool to generate the signature of the enclave. The private key is crucial for the proof of the identity of the enclave provider. 2. We do not need a private key to **verify** the signature as we use **public key** instead. The public key is calculated from the private key directly and is embedded in the enclave's measurement which, upon the enclave is loaded, the hardware will verify the enclave measurement. Tampered `enclave.so` will be rejected.
Hope this helps :) -- Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/690#issuecomment-1537066323 You are receiving this because you are subscribed to this thread. Message ID: <apache/incubator-teaclave/issues/690/[email protected]>
