1<!-- HTML header for doxygen 1.8.10--> 2<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 3<html xmlns="http://www.w3.org/1999/xhtml"> 4<head> 5<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/> 6<meta http-equiv="X-UA-Compatible" content="IE=9"/> 7<meta name="generator" content="Doxygen 1.8.14"/> 8<title>Intel® Enhanced Privacy ID SDK: Managing Groups with iKGF</title> 9<link href="tabs.css" rel="stylesheet" type="text/css"/> 10<script type="text/javascript" src="jquery.js"></script> 11<script type="text/javascript" src="dynsections.js"></script> 12<link href="navtree.css" rel="stylesheet" type="text/css"/> 13<script type="text/javascript" src="resize.js"></script> 14<script type="text/javascript" src="navtreedata.js"></script> 15<script type="text/javascript" src="navtree.js"></script> 16<script type="text/javascript"> 17/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */ 18 $(document).ready(initResizable); 19/* @license-end */</script> 20<link href="doxygen.css" rel="stylesheet" type="text/css" /> 21<link href="epidstyle.css" rel="stylesheet" type="text/css"/> 22</head> 23<body> 24<div id="top"><!-- do not remove this div, it is closed by doxygen! --> 25<div id="titlearea"> 26<table cellspacing="0" cellpadding="0"> 27 <tbody> 28 <tr style="height: 56px;"> 29 <td id="projectalign" style="padding-left: 0.5em;"> 30 <div id="projectname"><a 31 onclick="storeLink('index.html')" 32 id="projectlink" 33 class="index.html" 34 href="index.html">Intel® Enhanced Privacy ID SDK</a> 35 <span id="projectnumber">6.0.1</span> 36</div> 37 </td> 38 </tr> 39 </tbody> 40</table> 41</div> 42<!-- end header part --> 43<!-- Generated by Doxygen 1.8.14 --> 44</div><!-- top --> 45<div id="side-nav" class="ui-resizable side-nav-resizable"> 46 <div id="nav-tree"> 47 <div id="nav-tree-contents"> 48 <div id="nav-sync" class="sync"></div> 49 </div> 50 </div> 51 <div id="splitbar" style="-moz-user-select:none;" 52 class="ui-resizable-handle"> 53 </div> 54</div> 55<script type="text/javascript"> 56/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */ 57$(document).ready(function(){initNavTree('_usingi_k_g_f.html','');}); 58/* @license-end */ 59</script> 60<div id="doc-content"> 61<div class="header"> 62 <div class="headertitle"> 63<div class="title">Managing Groups with iKGF </div> </div> 64</div><!--header--> 65<div class="contents"> 66<div class="toc"><h3>Table of Contents</h3> 67<ul><li class="level1"><a href="#ContactingiKGF">Contacting iKGF</a></li> 68<li class="level1"><a href="#RevocationTools">Tools for Creating Revocation Requests</a><ul><li class="level2"><a href="#RevocationTools_revokegrp">Requesting Group Revocation</a></li> 69<li class="level2"><a href="#RevocationTools_revokekey">Requesting Private Key Revocation</a></li> 70<li class="level2"><a href="#RevocationTools_revokesig">Requesting Signature Revocation</a></li> 71</ul> 72</li> 73<li class="level1"><a href="#ExtractionTools">Tools for Extracting Keys from iKGF Files</a><ul><li class="level2"><a href="#ExtractionTools_extractgrps">Extracting Group Public Keys</a></li> 74<li class="level2"><a href="#ExtractionTools_extractkeys">Extracting Member Private Keys</a></li> 75</ul> 76</li> 77</ul> 78</div> 79<div class="textblock"><p>The issuer handles group membership and revocation. To provision devices with Intel® EPID keys, you need to process data provided by the issuer. Also, in order to revoke a member, you have to generate a revocation request and send it to the issuer.</p> 80<p>This section assumes you are using iKGF as your issuer, and describes how to do the following:</p> 81<ul> 82<li>Create group revocation request for iKGF</li> 83<li>Create member private key revocation request for iKGF</li> 84<li>Create signature revocation request for iKGF</li> 85<li>Extract group public keys from iKGF files</li> 86<li>Extract member private keys from iKGF files</li> 87</ul> 88<p>After you send revocation requests with the issuer, the issuer updates the revocation lists as needed.</p> 89<p>The Intel® EPID SDK provides tools designed to make it easier to generate revocation requests and extract keys from iKGF files.</p> 90<h1><a class="anchor" id="ContactingiKGF"></a> 91Contacting iKGF</h1> 92<p>If you want to use the Intel Key Generation Facility (iKGF) as the issuer, contact <a href="#" onclick="location.href='mai'+'lto:'+'inf'+'o@'+'dig'+'it'+'al-'+'cp'+'.co'+'m'; return false;">info@<span style="display: none;">.nosp@m.</span>digi<span style="display: none;">.nosp@m.</span>tal-c<span style="display: none;">.nosp@m.</span>p.co<span style="display: none;">.nosp@m.</span>m</a> to get started.</p> 93<h1><a class="anchor" id="RevocationTools"></a> 94Tools for Creating Revocation Requests</h1> 95<p>The Intel® EPID SDK includes tools to help you request that iKGF add a revoked group, member private key, or signature to a revocation list.</p> 96<p>These tools are designed to create a revocation request in the specific format required by iKGF. After one of these tools generates a revocation request, the request must be submitted to the issuer in order for the revocation to take effect.</p> 97<p>To access the tools, go to <code>_install/epid-sdk/tools</code> in the SDK directory.</p> 98<p>You need to build the SDK before you can use these tools. For more information, refer to <a class="el" href="_building_sdk.html">Building from Source</a>.</p> 99<p>The following tools are available:</p> 100<table class="markdownTable"> 101<tr class="markdownTableHead"> 102<th class="markdownTableHeadNone">Tool </th><th class="markdownTableHeadNone">Purpose ----------— </th></tr> 103<tr class="markdownTableBody" class="markdownTableRowOdd"> 104<td class="markdownTableBodyNone"><code>revokegrp</code> </td><td class="markdownTableBodyNone">Create group revocation request </td></tr> 105<tr class="markdownTableBody" class="markdownTableRowEven"> 106<td class="markdownTableBodyNone"><code>revokekey</code> </td><td class="markdownTableBodyNone">Create member private key revocation request </td></tr> 107<tr class="markdownTableBody" class="markdownTableRowOdd"> 108<td class="markdownTableBodyNone"><code>revokesig</code> </td><td class="markdownTableBodyNone">Create signature revocation request </td></tr> 109</table> 110<p><br /> 111</p> 112<h2><a class="anchor" id="RevocationTools_revokegrp"></a> 113Requesting Group Revocation</h2> 114<p>The <code>revokegrp</code> tool adds a group to the revocation request file. </p><pre class="fragment">Usage: revokegrp [OPTION]... 115Revoke Intel(R) EPID group 116 117Options: 118 --gpubkey=FILE 119 load group public key from FILE (default: pubkey.bin) 120 121 --capubkey=FILE 122 load IoT Issuing CA public key from FILE 123 124 --reason=NUM 125 revocation reason (default: 0) 126 127 --req=FILE 128 append group revocation request to FILE (default: grprlreq.dat) 129 130 -h, --help 131 display this help and exit 132 133 -v, --verbose 134 print status messages to stdout 135</pre><p><br /> 136</p> 137<h2><a class="anchor" id="RevocationTools_revokekey"></a> 138Requesting Private Key Revocation</h2> 139<p>The <code>revokekey</code> tool adds a member private key to the revocation request file. </p><pre class="fragment">Usage: revokekey [OPTION] 140Revoke Intel(R) EPID private key 141 142Options: 143 --mprivkey=FILE 144 load private key to revoke from FILE (default: mprivkey.dat) 145 146 --req=FILE 147 append private key revocation request to FILE (default: privreq.dat) 148 149 -h, --help 150 display this help and exit 151 152 -v,--verbose 153 print status messages to stdout 154 155The following options are only needed for compressed keys: 156 157 --gpubkey=FILE 158 load group public key from FILE (default: pubkey.bin) 159 160 --capubkey=FILE 161 load IoT Issuing CA public key from FILE 162</pre><p><br /> 163</p> 164<h2><a class="anchor" id="RevocationTools_revokesig"></a> 165Requesting Signature Revocation</h2> 166<p>The <code>revokesig</code> tool creates a request to add a signature to the revocation request file.</p> 167<p><code>revokesig</code> only accepts valid signatures for addition to the revocation request. </p><pre class="fragment">Usage: revokesig [OPTION]... 168Revoke Intel(R) EPID signature 169 170Options: 171 --sig=FILE 172 load signature to revoke from FILE (default: sig.dat) 173 174 --msg=MESSAGE 175 MESSAGE used to generate signature to revoke 176 177 --msgfile=FILE 178 FILE containing message used to generate signature to revoke 179 180 --gpubkey=FILE 181 load group public key from FILE (default: pubkey.bin) 182 183 --capubkey=FILE 184 load IoT Issuing CA public key from FILE 185 186 --req=FILE 187 append signature revocation request to FILE (default: sigrlreq.dat) 188 189 -h, --help 190 display this help and exit 191 192 -v, --verbose 193 print status messages to stdout 194</pre><h1><a class="anchor" id="ExtractionTools"></a> 195Tools for Extracting Keys from iKGF Files</h1> 196<p>The Intel® EPID SDK includes tools to help you extract individual keys from files provided by the Intel Key Generation Facility (iKGF).</p> 197<p>To access the tools, go to <code>_install/epid-sdk/tools</code> in the SDK directory.</p> 198<p>You need to build the SDK before you can use these tools. For more information, refer to <a class="el" href="_building_sdk.html">Building from Source</a>.</p> 199<p>The following tools are available:</p> 200<table class="markdownTable"> 201<tr class="markdownTableHead"> 202<th class="markdownTableHeadNone">Tool </th><th class="markdownTableHeadNone">Purpose ------------— </th></tr> 203<tr class="markdownTableBody" class="markdownTableRowOdd"> 204<td class="markdownTableBodyNone"><code>extractgrps</code> </td><td class="markdownTableBodyNone">Extracts group public keys </td></tr> 205<tr class="markdownTableBody" class="markdownTableRowEven"> 206<td class="markdownTableBodyNone"><code>extractkeys</code> </td><td class="markdownTableBodyNone">Extracts member private keys </td></tr> 207</table> 208<p><br /> 209</p> 210<h2><a class="anchor" id="ExtractionTools_extractgrps"></a> 211Extracting Group Public Keys</h2> 212<p>The <code>extractgrps</code> tool extracts group public keys from the input file to the current directory. </p><pre class="fragment">Usage: extractgrps [OPTION]... [FILE] [NUM] 213Extract the first NUM group certs from FILE to current directory 214 215Options: 216 -h, --help 217 display this help and exit 218 219 -v, --verbose 220 print status messages to stdout 221</pre><p><br /> 222</p> 223<h2><a class="anchor" id="ExtractionTools_extractkeys"></a> 224Extracting Member Private Keys</h2> 225<p>The <code>extractkeys</code> tool extracts member private keys from the input file to the current directory. </p><pre class="fragment">Usage: extractkeys [OPTION]... [FILE] [NUM] 226Extract the first NUM private keys from FILE to current directory. 227 228Options: 229 -c, --compressed 230 extract compressed keys 231 232 -h, --help 233 display this help and exit 234 235 -v, --verbose 236 print status messages to stdout</pre> </div></div><!-- contents --> 237</div><!-- doc-content --> 238<!-- HTML footer for doxygen 1.8.10--> 239<!-- start footer part --> 240<div id="nav-path" class="navpath"><!-- id is needed for treeview function! --> 241 <ul> 242 <li class="footer"> 243 © 2016-2017 Intel Corporation 244 </li> 245 </ul> 246</div> 247</body> 248</html> 249