Creating a contract signature

Edit online

This step must be performed by the Auditor.

Prerequisites

  • You have encrypted-workload.yaml from the Solution Provider.
  • You have encrypted-env.yaml from the Data Owner.
  • You have the private.pem from the Auditor.

Procedure

  1. Extract the workload and env keys by running the following commands:
    export workload=$(sed -n '1s/.*\(hyper-protect-basic.*\)/\1/p' encrypted-workload.yaml)
    export env=$(sed -n '1s/.*\(hyper-protect-basic.*\)/\1/p' encrypted-env.yaml)
  2. Create a contract.txt file by combining the output contents from the previous step.
    echo "$workload$env"> contract.txt
  3. Generate the envWorkloadSignature.txt signature by running the following command:
    echo $( cat contract.txt | tr -d "\n\r" | openssl dgst -sha256 -sign private.pem | openssl enc -base64) | tr -d ' ' > envWorkloadSignature.txt
  4. Share the envWorkloadSignature.txt signature file with the Data Owner.
  5. If you are creating the contract with the attestation encryption, you must perform the Additional steps for attestation encryption contract.
  6. For Bare Metal deployments, Create a boot section.
  7. For Peerpod deployments, Create a signed contract.