Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1540 Discussions

DCAP session key

fskpyro
Beginner
‎09-15-2021 02:25 AM
2,399 Views
Solved Jump to solution

After remote attestation, service provider use ga & gb to derive session key for future messages encryption. The DCAP code sample only perform quote generation & quote verification. Is there any mechanism to provision secrets after the quote has been verified?

Labels (1)
Labels:
0 Kudos
1 Solution
JesusG_Intel
Moderator
‎09-15-2021 04:15 PM
2,388 Views
Solved Jump to solution

Hello fskpyro,


For DCAP, Intel provides the quote generation/verification pieces and leaves it up to the ISV to choose their own mechanism for exchanging secrets. Most ISVs use TLS terminating inside the enclave, but there are other ways it could be done.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

0 Kudos
Copy link

Link Copied

6 Replies
JesusG_Intel
Moderator
‎09-15-2021 04:15 PM
2,389 Views
Solved Jump to solution

Hello fskpyro,


For DCAP, Intel provides the quote generation/verification pieces and leaves it up to the ISV to choose their own mechanism for exchanging secrets. Most ISVs use TLS terminating inside the enclave, but there are other ways it could be done.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
fskpyro
Beginner
‎09-15-2021 07:52 PM
2,382 Views
Solved Jump to solution
In response to JesusG_Intel

Hello Jesus G,

 

Thanks for your answer, there is another question: sgx_create_enclave in my sgx app take about 15min to 30min to return, after this call, everything just perfect, is there any suggestions to find out the reason? (The samples return quick as usual)

 

Thanks,

fskpyro

In response to JesusG_Intel
0 Kudos
Copy link
JesusG_Intel
Moderator
‎09-16-2021 01:40 PM
2,364 Views
Solved Jump to solution

Hello fskpyro,


Please provide more details in the form of source code and project configuration files, so we can troubleshoot why sgx_create_enclave takes so long.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
JesusG_Intel
Moderator
‎09-21-2021 10:26 AM
2,336 Views
Solved Jump to solution

Hello fskpyro,


If you still need help with this issue, please provide more details in the form of source code and project configuration files, so we can troubleshoot why sgx_create_enclave takes so long.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
JesusG_Intel
Moderator
‎09-24-2021 08:22 AM
2,312 Views
Solved Jump to solution

Hello fskpyro,


We have not heard from you in several days so we will no longer monitor this thread. We hope you were able to resolve your issue. Please start a new thread if you need further help.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
JesusG_Intel
Moderator
‎09-24-2021 09:01 AM
2,310 Views
Solved Jump to solution

Hello fskpyro,


I hope you have been able to resolve your issue. I have not heard back from you so I will close this inquiry now. If you need further assistance, please open a new thread.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.