// Returns key, cert and cert chain func InitializeSealedProgramKey(filePath string, t tao.Tao, domain tao.Domain) ( *tao.Keys, []byte, [][]byte, error) { k, derCert, err := CreateSigningKey(t) if err != nil || derCert == nil { log.Printf("InitializeSealedProgramKey: CreateSigningKey failed with error %s\n", err) return nil, nil, nil, err } // Get program cert. domain_response, err := RequestDomainServiceCert("tcp", *caAddr, k, domain.Keys.VerifyingKey) if err != nil || domain_response == nil { log.Printf("InitializeSealedProgramKey: error from RequestDomainServiceCert\n") return nil, nil, nil, err } programCert := domain_response.SignedCert certChain := domain_response.CertChain k.Cert, err = x509.ParseCertificate(programCert) if err != nil { log.Printf("InitializeSealedProgramKey: Can't parse certificate\n") return nil, nil, nil, err } k.Cert.Raw = programCert // Serialize and save key blob programKeyBlob, err := tao.MarshalSignerDER(k.SigningKey) if err != nil { return nil, nil, nil, errors.New("InitializeSealedProgramKey: Can't produce signing key blob") } sealedProgramKey, err := t.Seal(programKeyBlob, tao.SealPolicyDefault) if err != nil { return nil, nil, nil, errors.New("InitializeSealedProgramKey: Can't seal signing key") } err = ioutil.WriteFile(path.Join(filePath, "sealedsigningKey"), sealedProgramKey, os.ModePerm) if err != nil { return nil, nil, nil, err } err = ioutil.WriteFile(path.Join(filePath, "signerCert"), programCert, os.ModePerm) if err != nil { return nil, nil, nil, err } /* FIX if certChain.size() > 0 { // Save cert chain FIX err = ioutil.WriteFile(path.Join(filePath, "certChain"), certChain, os.ModePerm) if err != nil { return nil, nil, nil, err } } */ return k, programCert, certChain, nil }