Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

A question about SGX remote attestation

dai_c_
Beginner
‎05-01-2018 07:16 PM
1,066 Views

Hello everyone, the security channel is established at the same time as the SGX remote authentication passes, and then private data can be transmitted through the secure channel. Is this secure channel a TLS security channel? And whether I need to perform additional data encryption before using security channels for private data transmission.Thank you very much!

0 Kudos

Link Copied

3 Replies
you_w_
New Contributor III
‎05-02-2018 01:08 AM
1,066 Views

Hi: 

The security channel established by sgx RA uses a sigma liked protocol. In that process both client and server will get a same session key  though ecdh algorithm. You should encrypt your private data use the session key. The sample code in sgx sdk showed how to do that, you can look into the  RemoteAttestation sample  for detail.

Regards

you

0 Kudos
Copy link
Michael_S_Intel
Employee
‎05-03-2018 11:19 AM
1,066 Views

If you need TLS or prefer a simpler programming model to attested secure channels, you also might want to look at SGX-RA-TLS .. 

0 Kudos
Copy link
maxdd
Beginner
‎02-08-2022 10:02 AM
837 Views
In response to Michael_S_Intel

Hi,

 

I take a look at SGX-RA-TLS. It only provides example code to attest the server using openssl-client. I am wondering do they provide a simple API that builds up a secure channel between enclave and client?

 

Thanks!

In response to Michael_S_Intel
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.