已解决: DCAP session key

fskpyro · ‎09-15-2021

After remote attestation, service provider use ga & gb to derive session key for future messages encryption. The DCAP code sample only perform quote generation & quote verification. Is there any mechanism to provision secrets after the quote has been verified?

JesusG_Intel · ‎09-15-2021

Hello fskpyro,

For DCAP, Intel provides the quote generation/verification pieces and leaves it up to the ISV to choose their own mechanism for exchanging secrets. Most ISVs use TLS terminating inside the enclave, but there are other ways it could be done.

Sincerely,

Jesus G.

Intel Customer Support

在原帖中查看解决方案

JesusG_Intel · ‎09-15-2021

Hello fskpyro,

For DCAP, Intel provides the quote generation/verification pieces and leaves it up to the ISV to choose their own mechanism for exchanging secrets. Most ISVs use TLS terminating inside the enclave, but there are other ways it could be done.

Sincerely,

Jesus G.

Intel Customer Support

fskpyro · ‎09-15-2021

Hello Jesus G,

Thanks for your answer, there is another question: sgx_create_enclave in my sgx app take about 15min to 30min to return, after this call, everything just perfect, is there any suggestions to find out the reason? (The samples return quick as usual)

Thanks,

fskpyro

JesusG_Intel · ‎09-16-2021

Hello fskpyro,

Please provide more details in the form of source code and project configuration files, so we can troubleshoot why sgx_create_enclave takes so long.

Sincerely,

Jesus G.

Intel Customer Support

JesusG_Intel · ‎09-21-2021

Hello fskpyro,

If you still need help with this issue, please provide more details in the form of source code and project configuration files, so we can troubleshoot why sgx_create_enclave takes so long.

Sincerely,

Jesus G.

Intel Customer Support

JesusG_Intel · ‎09-24-2021

Hello fskpyro,

We have not heard from you in several days so we will no longer monitor this thread. We hope you were able to resolve your issue. Please start a new thread if you need further help.

Sincerely,

Jesus G.

Intel Customer Support

JesusG_Intel · ‎09-24-2021

Hello fskpyro,

I hope you have been able to resolve your issue. I have not heard back from you so I will close this inquiry now. If you need further assistance, please open a new thread.

Sincerely,

Jesus G.

Intel Customer Support