Trusted Certificate Service (TCS) is a K8s service to protect signing keys using Intel's SGX technology. K8s CSR and cert-manager CR APIs are both supported. TCS also contains integration samples for Istio service mesh and Key Management Reference Application (KMRA).
Apache License 2.0
29
stars
15
forks
source link
Kubernetes CSR extensions quote api v1alpha2 support #70
For quote v1alpha2 CSR extension, please using this oid: OidSubjectNonceExtensionName = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 54392, 5, 1547} to parse nonce from the csr extensions in this function: csrquote, publickey, err := getQuoteAndPublicKeyFromCSR(csr.Extensions). And the parsed nonce is also base64.StdEncoding.Encoded which need decodeExtensionValue().
For quote v1alpha2 CSR extension, please using this oid:
OidSubjectNonceExtensionName = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 54392, 5, 1547}
to parse nonce from the csr extensions in this function:csrquote, publickey, err := getQuoteAndPublicKeyFromCSR(csr.Extensions)
. And the parsednonce
is also base64.StdEncoding.Encoded which needdecodeExtensionValue().