topic Re: If you need TLS or might want in Intel® Software Guard Extensions (Intel® SGX)

A question about SGX remote attestation

dai_c_ — Wed, 02 May 2018 02:16:19 GMT

Hello everyone, the security channel is established at the same time as the SGX remote authentication passes, and then private data can be transmitted through the secure channel. Is this secure channel a TLS security channel? And whether I need to perform additional data encryption before using security channels for private data transmission.Thank you very much!

Hi:

you_w_ — Wed, 02 May 2018 08:08:37 GMT

Hi:

The security channel established by sgx RA uses a sigma liked protocol. In that process both client and server will get a same session key though ecdh algorithm. You should encrypt your private data use the session key. The sample code in sgx sdk showed how to do that, you can look into the RemoteAttestation sample for detail.

Regards

you

If you need TLS or might want

Michael_S_Intel — Thu, 03 May 2018 18:19:47 GMT

If you need TLS or prefer a simpler programming model to attested secure channels, you also might want to look at SGX-RA-TLS ..

Re: If you need TLS or might want

maxdd — Tue, 08 Feb 2022 18:02:05 GMT

Hi,

I take a look at SGX-RA-TLS. It only provides example code to attest the server using openssl-client. I am wondering do they provide a simple API that builds up a secure channel between enclave and client?

Thanks!