Building and spelling. (#16)

* Building and spelling. Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com> * Update cmd/sign1util/README.md --------- Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com> Co-authored-by: Mahati Chamarthy <mahati.chamarthy@gmail.com>
microsoft · Jul 6, 2023 · 0ab94fc · 0ab94fc
1 parent 6f80249
commit 0ab94fc
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -5,6 +5,14 @@
 
 A Go library to handle COSE Sign1 documents
 
+COSE_Sign1 envelopes are signed wrappers for arbitrary data. See https://datatracker.ietf.org/doc/html/rfc8152.
+
+## Building
+
+Usually the library is consumed by a larger application. However, we provide a small utility (`sign1util`) that exercises the library and is useful for exploring COSE_Sign1 documents.
+
+```go build -o sign1util cmd/sign1util/main.go```
+
 ## Contributing
 
 This project welcomes contributions and suggestions.  Most contributions require you to agree to a

diff --git a/cmd/sign1util/README.md b/cmd/sign1util/README.md
@@ -1,13 +1,15 @@
 # sign1util
 
-`sign1util` exists as a tool to make it possible to sign policy fragments and check such
+## Purpose
+
+`sign1util` is a tool to make it possible to sign policy fragments and check such
 signed fragments. It is intended for developers working functionality related to policy
 fragments in this repository. It is not intended to be used by "end users".
 
 Usage is of the form `sign1util <cmd> flag1 value1 flag2 value2...`
 
-The output is generally a COSE Sign1 wrapped payload. COSE Sign1 is a signed binary blob that can contain arbitary binary data.
-For a fragment the COSE Sign1 document must have been signed by a trusted party (aka "issuer") and use the did matching the cert chain leading to the private signing key as the issuer. Below that chain is `chain.pem` and the private key `leaf.private.pem`. When creating a fragment the issuer can be set using this tool or via the corportate signing authority's COSE Sign1 generating service. It is very important that these private keys and associated signing services are properly controlled. The signing offered by sign1util is by way of an example and useful for testing. It does not have facilities to use a secure key store.
+The output is generally a COSE Sign1 wrapped payload. COSE Sign1 is a signed binary blob that can contain arbitrary binary data.
+For a fragment, the COSE Sign1 document must have been signed by a trusted party (aka "issuer") and use the did matching the cert chain leading to the private signing key as the issuer. Below that chain is `chain.pem` and the private key `leaf.private.pem`. When creating a fragment the issuer can be set using this tool or via the corporate signing authority's COSE Sign1 generating service. It is very important that these private keys and associated signing services are properly controlled. The signing offered by sign1util is by way of an example and useful for testing. It does not have facilities to use a secure key store.
 
 Security policy fragments are checked for having the correct issuer did:x509 and feed as allowed by user security policy. The did must match the chain and key used to sign the document.