-
Notifications
You must be signed in to change notification settings - Fork 170
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support generating ECDSA keys in a trusted execution environment
This adds support for generating ECDSA keys in a trusted execution environment (TEE) that can be used for signing and verification. Such keys are generated in the TEE and never leave it. Because the keys are generated in the TEE, the keys themselves cannot be exported. Instead, a handle to the key is exported. The handle can be used to import the key and use it for signing and verification, but not to extract the key itself. A new `options` parameter is added to `crypto.subtle.generateKey()`. It has two optional properties: `inTee` and `usageRequiresAuth`. `inTee` is a boolean that indicates whether the key should be generated in a TEE. `usageRequiresAuth` is also a boolean that indicates whether the key can only be used when the user has authenticated. An example of how to generate and use a key in a TEE is added to the `crypto-sign` snippet. The snippet now contains two examples: one for generating and using keys in the normal way, and one for generating and using keys in a TEE. The `crypto-sign` snippets now also demonstrate exporting and importing keys.
- Loading branch information
Showing
5 changed files
with
139 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters