From 9bab6dbc64be54170b9cbacb6369418cde58bb34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Thu, 7 Jul 2022 11:44:12 +0200 Subject: [PATCH] [RFC] Proof of Ownership (#240) Signed-off-by: daniel-weisse --- docs/proof-of-ownership.md | 43 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 docs/proof-of-ownership.md diff --git a/docs/proof-of-ownership.md b/docs/proof-of-ownership.md new file mode 100644 index 000000000..bc941ab8e --- /dev/null +++ b/docs/proof-of-ownership.md @@ -0,0 +1,43 @@ +# Proof of Ownership + +A cluster owner needs a way to prove a cluster belongs to them, while a third-party needs to be able to verify the owner's claims. +For that, the owner generates a private/public key pair. + +During `constellation init`, the cluster will generate its own private/public key pair, and send back a signing request for the public key. + +The signed public key is measured into a PCR, so the binding of the private/public key to the cluster can be verified through remote attestation. + +The cluster is now able to sign data using its own private key. + +A third-party can verify a cluster belongs to a specific person in three steps: + +1. Verify the signature of data provided by the third-party and signed by the cluster + +2. Verify the cluster's public key was signed by the owner + +3. Verify the public key is measured into a PCR by validating the cluster's attestation statement + +## Workflow + +1. Cluster owner generates a private/public key pair + +2. The Constellation cluster generates its own private/public key pair and requests the owner to sign the public key during `constellation init` + +3. Constellation measures the signed public key into PCR[11] (previously used for ownerID) + +4. A third-party requests an attestation from the verification service, providing some data to be signed + +5. The verification service signs the data using its private key + +6. The verification service returns: attestation document + data signature + signed public key + +7. The third-party verifies the public key signature using the owner's public key + +8. The third-party calculates the expected PCR[11] using the signed public key and validates the attestation document + +9. The data signature is verified, and if successful proving ownership of the cluster + +## Encoding + +The signed public key measured into PCR[11] is DER encoded. +TODO: Add exact encoding specification