Feature description
Currently the create_keystore command creates a self-signed root Certificate Authority (CA) and uses it for both Permissions CA and Identity CA through symlink.
This approach creates a limitation in how certificates can be managed. Since basically all three CAs (root, Permissions and Identity) are effectively the same, tasks like updating the permissions.xml policy for a single enclave require access to the root CA's private key, which is not ideal. Similarly, adding a cert.pem for a new enclave also requires the root CA's private key. This setup prevents the delegation of responsibilities between the Permissions and Identity CAs.
I've created a PR with these changes. I targeted the Humble branch as it is the one I'm currently using.
Please feel free to dismiss this issue if this functionality is not desired.
Feature description
Currently the
create_keystorecommand creates a self-signed root Certificate Authority (CA) and uses it for both Permissions CA and Identity CA through symlink.This approach creates a limitation in how certificates can be managed. Since basically all three CAs (root, Permissions and Identity) are effectively the same, tasks like updating the
permissions.xmlpolicy for a single enclave require access to the root CA's private key, which is not ideal. Similarly, adding acert.pemfor a new enclave also requires the root CA's private key. This setup prevents the delegation of responsibilities between the Permissions and Identity CAs.I've created a PR with these changes. I targeted the Humble branch as it is the one I'm currently using.
Please feel free to dismiss this issue if this functionality is not desired.