Open yoavj1 opened 3 years ago
Thank you for the feature request. There are two topics here:
@petreeftime I guess that now, that you merged https://github.com/awslabs/aws-nitro-enclaves-cose/issues/5, it's possible to add the requested functionality to the CLI.
Yes, it should be possible to add support for this.
Currently the only option to sign an enclave image is to pass the private key and the certificate to build-enclave command. However, it prevents storing the key in a secure storage like HSM or KSM, and using it only for signing without retrieving the key itself. One solution is to allow to add the signature after the enclave was created, so the signature can be produced independently from the enclave creation.