Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Clarification About the Key Used in sgx_seal_data

Elephant
Beginner
598 Views

Hi, 

I am using and running my SGX sample codes in linux.  I've read from the Developer Reference that for sgx_seal_data, it uses the MRSIGNER policy.  However, the sample code's Makefiles for DEBUG/PRERELEASE mode use the 1-step process for signing enclaves, i.e. using the ISV-provided private key.  The confusion that I am having now is that, in DEBUG/PRERELEASE modes, there were no public keys provided when the signing happens, so how does the sgx_seal_data in MRSIGNER policy without the public key?  I understand that the MRSIGNER should be the hash of the public key?

Here's the experiment that I did:

  • I tried to sign my sealing/unsealing enclave with Enclave_private1.pem.  
  • I ran the sealing application and then generated a sealed file.
  • I then signed my sealing/unsealing enclave with Enclave_private2.pem.
  • I then ran the unsealing application using the previously saved sealed file
  • RESULT:  I CAN unseal the sealed file!  I was expecting otherwise.

What am I missing here?

Thanks a lot for your help!

Regards,

Elephant

0 Kudos
4 Replies
Shivananda_H_Intel
598 Views

Hi,

One clarification: Whether 2 keys Enclave_private1.pem and Enclave_private2 .pem are from different enclaves or the same Enclave ?

I did the same steps as you mentioned, but i used the key's from different enclave for the 2nd step , but couldn't unseal the application.

Regards

Shivananda

0 Kudos
Elephant
Beginner
598 Views

Hi Shivananda,

Thanks for taking the time to test this out.  I have actually verified that we are using THE SAME private key file with different filenames on the SAME enclave.  It is a fault on my part because I was using a different filenames without verifying the contents.

Also, regarding the PRIVATE key on MRENCLAVE, the PEM file is actually a key-pair.  So I am guessing that SGX automatically extracts the public key and SHA256 hash it and saving it on the MRENCLAVE register/field, then use that information to derive the sealing key.  Is this a correct assumption? 

Thanks!

Kind Regards,

Elephant

Shivananda H. (Intel) wrote:

Hi,

One clarification: Whether 2 keys Enclave_private1.pem and Enclave_private2 .pem are from different enclaves or the same Enclave ?

I did the same steps as you mentioned, but i used the key's from different enclave for the 2nd step , but couldn't unseal the application.

Regards

Shivananda

0 Kudos
Anusha_K_Intel
Employee
598 Views

Hi,

What you have assumed is correct. In the 1-step signing process the public key is extracted by the enclave.

Regards,

Anusha

0 Kudos
you_w_
New Contributor III
598 Views

Hi: Shivananda HAnushaElephant

I think this topic  is helpful for understand the sealing key. Thank you. I am about to get more info from the SGX source code.

Regards 

you

0 Kudos
Reply