Teaclave Command Line Tool

teaclave_cli is a command-line tool to communicate with Teaclave's services.


There are two sub-commands: teaclave_cli audit is for auditing enclave info with auditors' public keys and signatures and teaclave_cli connect is for communicating with Teclave's services.

Here are details of the arguments for teaclave_cli audit:

$ ./teaclave_cli audit --help
teaclave_cli-audit 0.1.0
MesaTEE Authors <developers@mesatee.org>
Audit enclave info with auditors' public keys and signatures.

    teaclave_cli audit --enclave_info <ENCLAVE_INFO_FILE> --auditor_public_keys <auditor_public_keys>... --auditor_signatures <auditor_signatures>...

    -h, --help       Prints help information
    -V, --version    Prints version information

    -c, --enclave_info <ENCLAVE_INFO_FILE>                Path to Enclave info file.
    -k, --auditor_public_keys <auditor_public_keys>...    SPACE separated paths of Teaclave auditor public keys
    -s, --auditor_signatures <auditor_signatures>...
            SPACE separated paths of Teaclave auditor endorsement signatures.

Here are details of the arguments for teaclave_cli connect:

./teaclave_cli connect --help
teaclave_cli-connect 0.1.0
MesaTEE Authors <developers@mesatee.org>
Connect and send messages to Teaclave services

    teaclave_cli connect [OPTIONS] <IP_ADDRESS:PORT> --enclave_info <ENCLAVE_INFO_FILE> --endpoint <endpoint>

    -h, --help       Prints help information
    -V, --version    Prints version information

    -c, --enclave_info <ENCLAVE_INFO_FILE>    Path to Enclave info file.
    -o, --output <INPUT_FILE>                 Write to FILE instead of stdout.
    -i, --input <OUTPUT_FILE>                 Read from FILE instead of stdin.
    -e, --endpoint <endpoint>                 Teaclave endpoint to connect to. Possible values are: tms, tdfs, fns.

    <IP_ADDRESS:PORT>    Address and port of the Teaclave endpoint.


The following is an example of verifying the enclave info with auditors' public keys and signatures.

$ ./teaclave_cli audit \
  -c enclave_info.toml \
  -k auditors/albus_dumbledore/albus_dumbledore.public.der \
     auditors/godzilla/godzilla.public.der \
     auditors/optimus_prime/optimus_prime.public.der \
  -s auditors/albus_dumbledore/albus_dumbledore.sign.sha256 \
     auditors/godzilla/godzilla.sign.sha256 \
Enclave info is successfully verified.

This example is to create a task and invoke the “echo” function.

# create a task
$ cat create_task.json
$ cat create_task.json | ./teaclave_cli connect -c enclave_info.toml -e tms

Compose a invoke task request with task_id, task_token, ip and port in the previous response.

# invoke the "echo" function
$ cat invoke_task.json
  "payload":"Hello, World!"

$ cat invoke_task.json | ./teaclave_cli connect -c enclave_info.toml -e fns
{"result":"Hello, World!"}