1 <!-- HTML header for doxygen 1.8.10--> 2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 3 <html xmlns="http://www.w3.org/1999/xhtml"> 4 <head> 5 <meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/> 6 <meta http-equiv="X-UA-Compatible" content="IE=9"/> 7 <meta name="generator" content="Doxygen 1.8.14"/> 8 <title>Intel® Enhanced Privacy ID SDK: Managing Groups with iKGF</title> 9 <link href="tabs.css" rel="stylesheet" type="text/css"/> 10 <script type="text/javascript" src="jquery.js"></script> 11 <script type="text/javascript" src="dynsections.js"></script> 12 <link href="navtree.css" rel="stylesheet" type="text/css"/> 13 <script type="text/javascript" src="resize.js"></script> 14 <script type="text/javascript" src="navtreedata.js"></script> 15 <script type="text/javascript" src="navtree.js"></script> 16 <script type="text/javascript"> 17 /* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */ 18 $(document).ready(initResizable); 19 /* @license-end */</script> 20 <link href="doxygen.css" rel="stylesheet" type="text/css" /> 21 <link href="epidstyle.css" rel="stylesheet" type="text/css"/> 22 </head> 23 <body> 24 <div id="top"><!-- do not remove this div, it is closed by doxygen! --> 25 <div id="titlearea"> 26 <table cellspacing="0" cellpadding="0"> 27 <tbody> 28 <tr style="height: 56px;"> 29 <td id="projectalign" style="padding-left: 0.5em;"> 30 <div id="projectname"><a 31 onclick="storeLink('index.html')" 32 id="projectlink" 33 class="index.html" 34 href="index.html">Intel® Enhanced Privacy ID SDK</a> 35  <span id="projectnumber">6.0.1</span> 36 </div> 37 </td> 38 </tr> 39 </tbody> 40 </table> 41 </div> 42 <!-- end header part --> 43 <!-- Generated by Doxygen 1.8.14 --> 44 </div><!-- top --> 45 <div id="side-nav" class="ui-resizable side-nav-resizable"> 46 <div id="nav-tree"> 47 <div id="nav-tree-contents"> 48 <div id="nav-sync" class="sync"></div> 49 </div> 50 </div> 51 <div id="splitbar" style="-moz-user-select:none;" 52 class="ui-resizable-handle"> 53 </div> 54 </div> 55 <script type="text/javascript"> 56 /* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */ 57 $(document).ready(function(){initNavTree('_usingi_k_g_f.html','');}); 58 /* @license-end */ 59 </script> 60 <div id="doc-content"> 61 <div class="header"> 62 <div class="headertitle"> 63 <div class="title">Managing Groups with iKGF </div> </div> 64 </div><!--header--> 65 <div class="contents"> 66 <div class="toc"><h3>Table of Contents</h3> 67 <ul><li class="level1"><a href="#ContactingiKGF">Contacting iKGF</a></li> 68 <li class="level1"><a href="#RevocationTools">Tools for Creating Revocation Requests</a><ul><li class="level2"><a href="#RevocationTools_revokegrp">Requesting Group Revocation</a></li> 69 <li class="level2"><a href="#RevocationTools_revokekey">Requesting Private Key Revocation</a></li> 70 <li class="level2"><a href="#RevocationTools_revokesig">Requesting Signature Revocation</a></li> 71 </ul> 72 </li> 73 <li class="level1"><a href="#ExtractionTools">Tools for Extracting Keys from iKGF Files</a><ul><li class="level2"><a href="#ExtractionTools_extractgrps">Extracting Group Public Keys</a></li> 74 <li class="level2"><a href="#ExtractionTools_extractkeys">Extracting Member Private Keys</a></li> 75 </ul> 76 </li> 77 </ul> 78 </div> 79 <div class="textblock"><p>The issuer handles group membership and revocation. To provision devices with Intel® EPID keys, you need to process data provided by the issuer. Also, in order to revoke a member, you have to generate a revocation request and send it to the issuer.</p> 80 <p>This section assumes you are using iKGF as your issuer, and describes how to do the following:</p> 81 <ul> 82 <li>Create group revocation request for iKGF</li> 83 <li>Create member private key revocation request for iKGF</li> 84 <li>Create signature revocation request for iKGF</li> 85 <li>Extract group public keys from iKGF files</li> 86 <li>Extract member private keys from iKGF files</li> 87 </ul> 88 <p>After you send revocation requests with the issuer, the issuer updates the revocation lists as needed.</p> 89 <p>The Intel® EPID SDK provides tools designed to make it easier to generate revocation requests and extract keys from iKGF files.</p> 90 <h1><a class="anchor" id="ContactingiKGF"></a> 91 Contacting iKGF</h1> 92 <p>If you want to use the Intel Key Generation Facility (iKGF) as the issuer, contact <a href="#" onclick="location.href='mai'+'lto:'+'inf'+'o@'+'dig'+'it'+'al-'+'cp'+'.co'+'m'; return false;">info@<span style="display: none;">.nosp@m.</span>digi<span style="display: none;">.nosp@m.</span>tal-c<span style="display: none;">.nosp@m.</span>p.co<span style="display: none;">.nosp@m.</span>m</a> to get started.</p> 93 <h1><a class="anchor" id="RevocationTools"></a> 94 Tools for Creating Revocation Requests</h1> 95 <p>The Intel® EPID SDK includes tools to help you request that iKGF add a revoked group, member private key, or signature to a revocation list.</p> 96 <p>These tools are designed to create a revocation request in the specific format required by iKGF. After one of these tools generates a revocation request, the request must be submitted to the issuer in order for the revocation to take effect.</p> 97 <p>To access the tools, go to <code>_install/epid-sdk/tools</code> in the SDK directory.</p> 98 <p>You need to build the SDK before you can use these tools. For more information, refer to <a class="el" href="_building_sdk.html">Building from Source</a>.</p> 99 <p>The following tools are available:</p> 100 <table class="markdownTable"> 101 <tr class="markdownTableHead"> 102 <th class="markdownTableHeadNone">Tool </th><th class="markdownTableHeadNone">Purpose ----------— </th></tr> 103 <tr class="markdownTableBody" class="markdownTableRowOdd"> 104 <td class="markdownTableBodyNone"><code>revokegrp</code> </td><td class="markdownTableBodyNone">Create group revocation request </td></tr> 105 <tr class="markdownTableBody" class="markdownTableRowEven"> 106 <td class="markdownTableBodyNone"><code>revokekey</code> </td><td class="markdownTableBodyNone">Create member private key revocation request </td></tr> 107 <tr class="markdownTableBody" class="markdownTableRowOdd"> 108 <td class="markdownTableBodyNone"><code>revokesig</code> </td><td class="markdownTableBodyNone">Create signature revocation request </td></tr> 109 </table> 110 <p><br /> 111 </p> 112 <h2><a class="anchor" id="RevocationTools_revokegrp"></a> 113 Requesting Group Revocation</h2> 114 <p>The <code>revokegrp</code> tool adds a group to the revocation request file. </p><pre class="fragment">Usage: revokegrp [OPTION]... 115 Revoke Intel(R) EPID group 116 117 Options: 118 --gpubkey=FILE 119 load group public key from FILE (default: pubkey.bin) 120 121 --capubkey=FILE 122 load IoT Issuing CA public key from FILE 123 124 --reason=NUM 125 revocation reason (default: 0) 126 127 --req=FILE 128 append group revocation request to FILE (default: grprlreq.dat) 129 130 -h, --help 131 display this help and exit 132 133 -v, --verbose 134 print status messages to stdout 135 </pre><p><br /> 136 </p> 137 <h2><a class="anchor" id="RevocationTools_revokekey"></a> 138 Requesting Private Key Revocation</h2> 139 <p>The <code>revokekey</code> tool adds a member private key to the revocation request file. </p><pre class="fragment">Usage: revokekey [OPTION] 140 Revoke Intel(R) EPID private key 141 142 Options: 143 --mprivkey=FILE 144 load private key to revoke from FILE (default: mprivkey.dat) 145 146 --req=FILE 147 append private key revocation request to FILE (default: privreq.dat) 148 149 -h, --help 150 display this help and exit 151 152 -v,--verbose 153 print status messages to stdout 154 155 The following options are only needed for compressed keys: 156 157 --gpubkey=FILE 158 load group public key from FILE (default: pubkey.bin) 159 160 --capubkey=FILE 161 load IoT Issuing CA public key from FILE 162 </pre><p><br /> 163 </p> 164 <h2><a class="anchor" id="RevocationTools_revokesig"></a> 165 Requesting Signature Revocation</h2> 166 <p>The <code>revokesig</code> tool creates a request to add a signature to the revocation request file.</p> 167 <p><code>revokesig</code> only accepts valid signatures for addition to the revocation request. </p><pre class="fragment">Usage: revokesig [OPTION]... 168 Revoke Intel(R) EPID signature 169 170 Options: 171 --sig=FILE 172 load signature to revoke from FILE (default: sig.dat) 173 174 --msg=MESSAGE 175 MESSAGE used to generate signature to revoke 176 177 --msgfile=FILE 178 FILE containing message used to generate signature to revoke 179 180 --gpubkey=FILE 181 load group public key from FILE (default: pubkey.bin) 182 183 --capubkey=FILE 184 load IoT Issuing CA public key from FILE 185 186 --req=FILE 187 append signature revocation request to FILE (default: sigrlreq.dat) 188 189 -h, --help 190 display this help and exit 191 192 -v, --verbose 193 print status messages to stdout 194 </pre><h1><a class="anchor" id="ExtractionTools"></a> 195 Tools for Extracting Keys from iKGF Files</h1> 196 <p>The Intel® EPID SDK includes tools to help you extract individual keys from files provided by the Intel Key Generation Facility (iKGF).</p> 197 <p>To access the tools, go to <code>_install/epid-sdk/tools</code> in the SDK directory.</p> 198 <p>You need to build the SDK before you can use these tools. For more information, refer to <a class="el" href="_building_sdk.html">Building from Source</a>.</p> 199 <p>The following tools are available:</p> 200 <table class="markdownTable"> 201 <tr class="markdownTableHead"> 202 <th class="markdownTableHeadNone">Tool </th><th class="markdownTableHeadNone">Purpose ------------— </th></tr> 203 <tr class="markdownTableBody" class="markdownTableRowOdd"> 204 <td class="markdownTableBodyNone"><code>extractgrps</code> </td><td class="markdownTableBodyNone">Extracts group public keys </td></tr> 205 <tr class="markdownTableBody" class="markdownTableRowEven"> 206 <td class="markdownTableBodyNone"><code>extractkeys</code> </td><td class="markdownTableBodyNone">Extracts member private keys </td></tr> 207 </table> 208 <p><br /> 209 </p> 210 <h2><a class="anchor" id="ExtractionTools_extractgrps"></a> 211 Extracting Group Public Keys</h2> 212 <p>The <code>extractgrps</code> tool extracts group public keys from the input file to the current directory. </p><pre class="fragment">Usage: extractgrps [OPTION]... [FILE] [NUM] 213 Extract the first NUM group certs from FILE to current directory 214 215 Options: 216 -h, --help 217 display this help and exit 218 219 -v, --verbose 220 print status messages to stdout 221 </pre><p><br /> 222 </p> 223 <h2><a class="anchor" id="ExtractionTools_extractkeys"></a> 224 Extracting Member Private Keys</h2> 225 <p>The <code>extractkeys</code> tool extracts member private keys from the input file to the current directory. </p><pre class="fragment">Usage: extractkeys [OPTION]... [FILE] [NUM] 226 Extract the first NUM private keys from FILE to current directory. 227 228 Options: 229 -c, --compressed 230 extract compressed keys 231 232 -h, --help 233 display this help and exit 234 235 -v, --verbose 236 print status messages to stdout</pre> </div></div><!-- contents --> 237 </div><!-- doc-content --> 238 <!-- HTML footer for doxygen 1.8.10--> 239 <!-- start footer part --> 240 <div id="nav-path" class="navpath"><!-- id is needed for treeview function! --> 241 <ul> 242 <li class="footer"> 243 © 2016-2017 Intel Corporation 244 </li> 245 </ul> 246 </div> 247 </body> 248 </html> 249
