anjuna-sign

Name

`anjuna-sign`

Generate a signature (.sig) file containing the signature for executing an enclave in Intel® SGX.

SYNOPSIS

   anjuna-sign [options] EXECUTABLE
      --measure-only    Generate an unsigned signature file
      --sign-only       Sign or re-sign the signature file
      --sig-file path   Set signature file path (default "EXECUTABLE.sig")
      --key path        Set private key path (default SGX_SIGNER_KEY environment variable)
      --manifest path   Set manifest path (default "EXECUTABLE.manifest.sgx")
      --lib path        Set enclave library path (default "Runtime/libanjuna_enclave.so")
      --quiet           Suppress memory layout and measurements output
      --help            Show help summary

DESCRIPTION

Before you can execute an enclave in Intel® SGX, it must be signed using an RSA 3072-bit key. anjuna-sign computes the expected MRENCLAVE value, generates a digital signature for it, and stores it in a .sig file.

EXIT STATUS

0 upon successful generation of a signature file
2 upon command line error
1 on other failures to generate the signature file or the signing payload.

EXAMPLE

  anjuna-sign openssl