Added key-pair + certificate generation.

[MikeCamel]

Fixes #14 .

[MikeCamel]

Note - the clippy failure is not in my code, but in previously-merged code.

[ueno]

Yes, the failure should be fixed with #16.

[ueno]

I'm a bit confused with this, so please correct if I'm wrong. The generated keypair is needed to establish a TLS connection for a tenant to send a Wasm workload to a keep, right? If so shouldn't it be bound to some tenant-supplied identity (e.g., a secret injected in the attestation phase)?

[npmccallum]

I'm a bit confused with this, so please correct if I'm wrong. The generated keypair is needed to establish a TLS connection for a tenant to send a Wasm workload to a keep, right? If so shouldn't it be bound to some tenant-supplied identity (e.g., a secret injected in the attestation phase)?

Pre-attestation: yes
Post-attestation: no

In the post-attestation case, the public key is included in an attestation report and embedded into the x509 cert. The client validates the certificate signature (to ensure no modifications) and then evaluates the attestation report (to ensure the private key is in a keep).

[MikeCamel]

Out of date