Remove sample key from repo (#1921)

2020-11-25 10:55:12 +00:00 · 2020-11-25 10:55:12 +00:00 · 1683fa1a3d
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -226,17 +226,27 @@ function(create_patched_enclave_lib name app_oe_conf_path enclave_sign_key_path)
  endif()
 endfunction()

+# Generate an ephemeral signing key
+add_custom_command(
+  OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
+  COMMAND openssl genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -3
+          3072
+)
+add_custom_target(
+  signing_key ALL DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
+)
+
 add_ccf_app(
  logging SRCS src/apps/logging/logging.cpp
               src/apps/logging/stub_for_code_signing.cpp
 )
 sign_app_library(
  logging.enclave ${CMAKE_CURRENT_SOURCE_DIR}/src/apps/logging/oe_sign.conf
-  ${CMAKE_CURRENT_SOURCE_DIR}/src/apps/sample_key.pem
+  ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
 )
 create_patched_enclave_lib(
  logging ${CMAKE_CURRENT_SOURCE_DIR}/src/apps/logging/oe_sign.conf
-  ${CMAKE_CURRENT_SOURCE_DIR}/src/apps/sample_key.pem
+  ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
 )

 if(BUILD_TESTS)
--- a/cmake/common.cmake
+++ b/cmake/common.cmake
@ -353,7 +353,7 @@ add_ccf_app(
 )
 sign_app_library(
  js_generic.enclave ${CCF_DIR}/src/apps/js_generic/oe_sign.conf
-  ${CCF_DIR}/src/apps/sample_key.pem INSTALL_LIBS ON
+  ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem INSTALL_LIBS ON
 )
 # SNIPPET_END: JS generic application

--- a/doc/developers/build_app.rst
+++ b/doc/developers/build_app.rst
@ -28,7 +28,8 @@ It is also possible to sign an existing enclave application (e.g. ``libjs_generi

 .. code-block:: bash

-    $ /opt/openenclave/bin/oesign sign --enclave-image libjs_generic.enclave.so --config-file CCF/src/apps/js_generic/oe_sign.conf --key-file CCF/src/apps/sample_key.pem
+    $ openssl genrsa -out signing_key.pem -3 3072
+    $ /opt/openenclave/bin/oesign sign --enclave-image libjs_generic.enclave.so --config-file CCF/src/apps/js_generic/oe_sign.conf --key-file signing_key.pem
    Created libjs_generic.enclave.so.signed
    $ ls *.so.signed
    libjs_generic.enclave.so.signed
--- a/samples/apps/smallbank/smallbank.cmake
+++ b/samples/apps/smallbank/smallbank.cmake
@ -20,7 +20,7 @@ target_link_libraries(small_bank_client PRIVATE secp256k1.host http_parser.host)
 add_ccf_app(smallbank SRCS ${CMAKE_CURRENT_LIST_DIR}/app/smallbank.cpp)
 sign_app_library(
  smallbank.enclave ${CMAKE_CURRENT_LIST_DIR}/app/oe_sign.conf
-  ${CCF_DIR}/src/apps/sample_key.pem
+  ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
 )

 function(get_verification_file iterations output_var)
--- a/src/apps/sample_key.pem
+++ b/src/apps/sample_key.pem
@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIG4gIBAAKCAYEAukAt/kn+T5FG64MM2dDvR26WSrDjGu8XDjYisFwBbktinVUF
-E05mFO9X1GDBlOqS8lqZuq8fhwm4lZFSc01im6LlLRp4l+EOAHkhfRl+y4SDPlLb
-JX2yl5DMJjjTbWLH+Wiu5BzzWZ85Z2tPeS8daMnisrv3ZuyVGl+aJPC3x1SCtL4G
-4yk5+svrGwYemefSBV8sLviVaPmRcmeBV2x6BLUc8/jgVVt3L9e0fWM3wnb9o9Zx
-JoIoAX1bFwXRnuP6N2xezEpfSWLgK41scmsNAkCmsp0WvoeiaD9nsOGfRxZnBpHb
-ZBC0IyzTEPiOI+5NhRQ3QFbdy1kFuJxOoFiZ4leKZOwLqG264HwPmiTTWA7XXhP4
-+d/osb4F4BaEXZ7+4EYfbo5yxbjngcVI1oNNdrCZIy9spWXxqfrG3XMfReWteVlY
-r6GLcbB5fNE8qm9AiX+fAyw5/ACajPAduKqU+7Q7ZoMNReay/Zkj9VPCAHeGZzLG
-/MUOC3Xtdjo3IJ/BAgEDAoIBgHwqyVQxVDULhJ0CCJE19NpJuYcgl2dKD17Owcro
-APQyQb44rgze7rifj+LrK7icYfbnEScfaloGew5g4aIzlxJsmMi8UGVAtABQwP4Q
-/zJYV37h525TzGULMsQl4kjshVDwdJgTTOZqJkTyNPt0vkXb7Hcn+kSduLw/vBig
-eoTjAc3UBJdw0VHdR2dZabvv4VjqHXSluPCmYPbvq4+dpq3OE01QlY48+h/lIv5C
-JSxPU8KO9hmsGquo52Sui79Cpau016WWXj9xDABrEVBSyuFylEhn3UBdI+ei3aDw
-q+72Fk/Ck0ebOB3ECfmomrCBrJ/Zgb6fT5gGhT4Axwr07bsOdvq0w1MTgS3CPqZ+
-xmDcnKoI7RlMKQNj8cTzBiwpO7Y+BjdoK4R3ZZrZBf9Xi4ydxAtUU+FDeKEGTgBy
-hPZKzOhX25CMMb1oy9aNuoP5Emj0Aa8KVFKH38tonI6mGeyzgfiMRI7D/kt/68O4
-XBdeySEGvWhtuMa+fC6hdNEjAwKBwQDqxic/qD/wzyu8wXcIvXqogyOQWp3MOknL
-ITood/g/U9v9KCZLFd+Uv0Vbl50qfoAQult3SwAFMjhLIwXJBYPyA3n+1KXQGp1t
-8CpQpZqfKx12B6P/vm+CR75oHltNeOMzMqzEfnXuiCbky3cU8+Q9r7jM3nb5gl7h
-fx84q2cM1OLP05bUc9TBwj547C+cEfnxHwBukQCMci8kpxoD9sYcNE3OvmEGzLyy
-QTSuVgdEFZ6ux1lICQvkL3zsMXqL1U8CgcEAyxb0FECR+WoibitbcTFiB5Gktaat
-EcGiwanhFwClIVFpkcXYLZIAYcd+vuQI8K1KhJOZKxzmYh0FkHgeRuOxV75d7ghA
-27XbreiHT8EPJ5jO6P7xVC87qmBc0IufzehCG7ZpVvO7kH2oNLRIwowX5hQ6RVJ3
-2f5d1vIypBvwx6CXTQH4gltsE9EJQhB1SGeq+vKcDgu688KbtywY3rqn/HKqovJF
-aPP42hgNoWkwmVO6BuFRmBds/Si2RBaNWxXvAoHBAJyEGipwKqCKHSiA+gXTpxsC
-F7WRvogm29zA0XBP+tTikqjFbty5P7h/g5JlE3GpqrXRkk+HVVjMJYdsroYDrUwC
-UVSNw+ARvklKxuBuZxTHaPlabVUpn6wv1EVpkjOl7MzMcy2po/RaxJiHpLiimCkf
-0IiUT1EBlJZUv3sc713jQd/iZI2ijdaBfvtIH71hUUtqAEm2AF2hdMMaEVf52Wgi
-3onUQK8zKHbWIx7kBNgOacnaO4VbXULKU0gg/F043wKBwQCHZKK4Kwv7nBb0HOeg
-y5avtm3Obx4L1myBG+tkqxjA4PEL2TrJDABBL6nUmAX1yNxYYmYcve7sE1kK+r7Z
-7SDlKZP0BYCSeT0emwTf1goaZd9F/0uNdNJxlZM1smqJRYFnzvDkon0K/nAjItss
-XWVEDXwuNvqRVD6PTCHCvUsvwGTeAVBW551ii1uBYE4wRRynTGgJXSdNLGfPcrs/
-JxqoTHHB9tjwoqXmurPA8MsQ4nwEljZlZPNTcHmCubOSDp8CgcAvrmFOeZutronL
-Or77wxJATQUWWqHJHfzjzUSpuy9zCjSvJSymYt7xcp6rBjZt9Ht38EAxyF9+28oO
-B+uxRXxT2DmbG4VCuydGCWT0JBX6yfpHHPsulgbUZRXBq4ftkEst9SHT7JbjGArP
-ZWa2/FyApo73LM3pE9izmFOlMHgnnKGZw7KOOm5GhjH2ZF+6b7kZVOL1/FTDxJqd
-dMk3oj+hUnuOO/OVZgjuL7HCf1YlIXyJLZt42r2xeVYS7otYU0A=
-----END RSA PRIVATE KEY-----