From fa27277632ead52a6fe93fb2574b8df243c82533 Mon Sep 17 00:00:00 2001 From: chubtub <43381989+chubtub@users.noreply.github.com> Date: Thu, 8 Sep 2022 08:23:22 -0400 Subject: [PATCH 1/2] Added README.md --- tools/xml_dsig_tool/README.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 tools/xml_dsig_tool/README.md diff --git a/tools/xml_dsig_tool/README.md b/tools/xml_dsig_tool/README.md new file mode 100644 index 00000000..21a1de6d --- /dev/null +++ b/tools/xml_dsig_tool/README.md @@ -0,0 +1,30 @@ +The xml_dsig_tool is a Windows command line application that provides the ability to perform basic cryptographic functions per the W3C XML Signature Syntax and Processing Version 1.1. The functions include: + +sign : append an enveloped signature to an unsigned XML document +validate : validate a signed base rim's signature (NOTE: cryptographic validation only, this tool does not validate the RIM structure) + + +# Build and package + - Install Visual Studio + - The recommended project name is "xml_dsig_tool" so that the resulting executable file will be appropriately named xml_dsig_tool.exe. + - Install NuGet packages: + - System.CommandLine.2.0.0-beta4 (check "Include Prerelease" next to search bar) + - System.Security.Cryptography.X509Certificates + - System.Security.Cryptography.Xml + - Publish executable + - https://docs.microsoft.com/en-us/dotnet/core/tutorials/publishing-with-visual-studio?pivots=dotnet-6-0 + - Install support files to .exe directory + - privateRimKey.pem + - RimSignCert.pem + - unsigned.xml + + +# Running xml_dsig_tool +Navigate to the .exe directory and run the following commands + +help + +sign --file unsigned.xml --private-key privateKey.pem + +validate --file signed_unsigned.xml --certificate RimSignCert.pem + From ba1c154a1639c25e719ed48ceeac42ec65cd2425 Mon Sep 17 00:00:00 2001 From: iadgovuser26 <33069955+iadgovuser26@users.noreply.github.com> Date: Fri, 28 Oct 2022 09:43:18 -0400 Subject: [PATCH 2/2] Added discussion link --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0eab1d15..341e2749 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,8 @@ Version 2.0 added support for the [PC Client Reference Integrity Manifest (RIM) To support the TCG RIM concept a new [tools folder](https://github.com/nsacyber/HIRS/tree/master/tools) has been added to the HIRS project which contains a [tcg_rim_tool command line application](https://github.com/nsacyber/HIRS/tree/master/tools/tcg_rim_tool). The tcg_rim_tool can be used to create NISTIR 8060 compatible SWID tags that adhere to the TCG PC Client RIM specification. It also supports the ability to digitally sign the Base RIM file as the HIRS ACA will require a valid signature in order to upload any RIM file. See the [tgc_rim_tool READ.md](https://github.com/nsacyber/HIRS/blob/master/tools/tcg_rim_tool/README.md) for more details. +**Notice:** Github Dicussions have been enabled for this repo. Please refer to the Dicussion entitled "[HIRS development changes](https://github.com/nsacyber/HIRS/discussions/498)" for development and support notifications. + ## Features * TPM Provisioner @@ -55,8 +57,8 @@ The HIRS Provisioner supports both types of TPMs, 1.2 and 2.0. TPM 1.2 support i For detailed instructions, see [Installation notes](https://github.com/nsacyber/HIRS/wiki/installation_notes). -Packages used for installation (e.g. HIRS_Provisioner*el7.noarch.rpm) can be found on the [release page](https://github.com/nsacyber/HIRS/releases). - +Packages used for installation (e.g. HIRS_Provisioner*el7.noarch.rpm) can be found on the [release page](https://github.com/nsacyber/HIRS/releases). + ### Installing the ACA Simply run the command `yum install HIRS_AttestationCA*el6.noarch.rpm` or `yum install HIRS_AttestationCA*el7.noarch.rpm` based on your OS.