Add examples in the CLI's document (#417)
diff --git a/cli/README.md b/cli/README.md
index 81b879e..90e9d76 100644
--- a/cli/README.md
+++ b/cli/README.md
@@ -14,3 +14,35 @@
and `MRENCLAVE`) signed by auditors with their public keys. The enclave info
is used for remote attestation, Please verify it before connecting the
platform with the client SDK.
+
+## Encrypt/Decrypt
+
+Here are two examples to encrypt and decrypt files with the CLI.
+
+```
+$ ./teaclave_cli encrypt \
+ --algorithm teaclave-file-128 \
+ --key 00000000000000000000000000FF1234 \
+ --input-file ${FILE} \
+ --output-file ${ENCRYPTED_FILE} \
+ --print-cmac
+cfba09e4c2bc72ea9e5392d779c2926c
+
+$ ./teaclave_cli decrypt \
+ --algorithm teaclave-file-128 \
+ --key 00000000000000000000000000FF1234 \
+ --input-file ${ENCRYPTED_FILE} \
+ --output-file ${DECRYPTED_FILE}
+```
+
+## Verify
+
+Here is an example to verify auditors' signatures of the enclave info file.
+
+```
+$ ./teaclave_cli verify \
+ --enclave-info ../examples/enclave_info.toml \
+ --public-keys $(find ../examples -name "*.public.pem") \
+ --signatures $(find ../examples -name "*.sign.sha256")
+Verify successfully.
+```
diff --git a/cli/src/main.rs b/cli/src/main.rs
index 7b4b60e..6d12190 100644
--- a/cli/src/main.rs
+++ b/cli/src/main.rs
@@ -38,25 +38,25 @@
#[structopt(short, long)]
algorithm: String,
- /// Key in hex format
+ /// Key in the hex format.
#[structopt(short, long, parse(try_from_str = decode_hex))]
key: KeyVec,
- /// IV for AES keys in hex format
+ /// IV for AES keys in the hex format.
#[structopt(long, parse(try_from_str = decode_hex))]
iv: Option<KeyVec>,
- /// Path of input file
+ /// Path of input file.
#[structopt(short, long = "input-file")]
input_file: PathBuf,
- /// Path of output file
+ /// Path of output file.
#[structopt(short, long = "output-file")]
output_file: PathBuf,
- /// Whether to print cmac
- #[structopt(short, long)]
- cmac_flag: bool,
+ /// Flag to print out CMAC.
+ #[structopt(short = "c", long = "print-cmac")]
+ print_cmac: bool,
}
#[derive(Debug, StructOpt)]
@@ -185,7 +185,7 @@
let args = Opt::from_args();
match args.command {
Command::Decrypt(opt) => {
- let flag = opt.cmac_flag;
+ let flag = opt.print_cmac;
let cmac = decrypt(opt)?;
if flag {
let cmac_string = hex::encode(cmac);
@@ -193,7 +193,7 @@
}
}
Command::Encrypt(opt) => {
- let flag = opt.cmac_flag;
+ let flag = opt.print_cmac;
let cmac = encrypt(opt)?;
if flag {
let cmac_string = hex::encode(cmac);
diff --git a/examples/python/builtin_rsa_sign.py b/examples/python/builtin_rsa_sign.py
index 9f95f74..1761550 100644
--- a/examples/python/builtin_rsa_sign.py
+++ b/examples/python/builtin_rsa_sign.py
@@ -53,7 +53,7 @@
--input-file ./tests/fixtures/functions/rsa_sign/key.der
--key 00000000000000000000000000000003
--output-file ./tests/fixtures/functions/rsa_sign/rsakey.enc
- --cmac-flag
+ --print-cmac
"""
url = "http://localhost:6789/fixtures/functions/rsa_sign/rsakey.enc"
cmac = "4de3bb77327c82923640835c6e5ada66"