Intel AMT Features > Access Monitor > Use Cases > Set the Signing Key Material
CollapseAll image

Set the Signing Key Material

The following steps describe how to set the certificate and key used to generate an audit log signature when the Auditor requests an export of a signature. In pre-8.0 releases, this is a prerequisite to assigning an Audit Log. Starting in Release 8.0, this is necessary only for exporting the audit log signature.

1.  Retrieve the instance of AMT_AuditLog, where the “Name” key equals “Intel(r) AMT:Audit Log”.

2.  Invoke AMT_AuditLog.SetSigningKeyMaterial.

 Note:

The SigningMechanismType parameter expected by the SetSigningKeyMaterial method is ignored by the Intel AMT but you must give it a value (for example 0).

 

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

$auditLogRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_AuditLog WHERE Name='Intel(r) AMT:Audit Log'")

$inputObject =$auditLogRef.CreateMethodInput("SetSigningKeyMaterial")

$inputObject.SetProperty("SigningMechanismType","0") # '0' = RSA_SHA1

$signingKey =# A signing key in base64 format.

$inputObject.SetProperty("SigningKey",$signingKey)

$lengthOfCertificates =  # The length of the certificate in Hex format / 2

$inputObject.SetProperty("LengthOfCertificates",$lengthOfCertificates)

$certificates =# Certificate in base64 format.

$inputObject.SetProperty("Certificates",$certificates)

$outputObject =$auditLogRef.InvokeMethod($inputObject)

$returnValue =$outputObject.GetProperty("ReturnValue")

 

 

Instance Diagram

Classes Used in This Flow

   AMT_AuditLog

SDK Sample

If there is a sample demonstrating this flow, it is included in the SDK installation file. See SDK Installation Layout for details.

 

See Also:

   About the Auditor User

   Enabling Auditing

Copyright © 2006-2022, Intel Corporation. All rights reserved.