Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

DCAP session key

fskpyro
Beginner
765 Views

After remote attestation, service provider use ga & gb to derive session key for future messages encryption. The DCAP code sample only perform quote generation & quote verification. Is there any mechanism to provision secrets after the quote has been verified?

Labels (1)
0 Kudos
1 Solution
JesusG_Intel
Moderator
754 Views

Hello fskpyro,


For DCAP, Intel provides the quote generation/verification pieces and leaves it up to the ISV to choose their own mechanism for exchanging secrets. Most ISVs use TLS terminating inside the enclave, but there are other ways it could be done.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

6 Replies
JesusG_Intel
Moderator
755 Views

Hello fskpyro,


For DCAP, Intel provides the quote generation/verification pieces and leaves it up to the ISV to choose their own mechanism for exchanging secrets. Most ISVs use TLS terminating inside the enclave, but there are other ways it could be done.


Sincerely,

Jesus G.

Intel Customer Support


fskpyro
Beginner
748 Views

Hello Jesus G,

 

Thanks for your answer, there is another question: sgx_create_enclave in my sgx app take about 15min to 30min to return, after this call, everything just perfect, is there any suggestions to find out the reason? (The samples return quick as usual)

 

Thanks,

fskpyro

JesusG_Intel
Moderator
730 Views

Hello fskpyro,


Please provide more details in the form of source code and project configuration files, so we can troubleshoot why sgx_create_enclave takes so long.


Sincerely,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
702 Views

Hello fskpyro,


If you still need help with this issue, please provide more details in the form of source code and project configuration files, so we can troubleshoot why sgx_create_enclave takes so long.


Sincerely,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
678 Views

Hello fskpyro,


We have not heard from you in several days so we will no longer monitor this thread. We hope you were able to resolve your issue. Please start a new thread if you need further help.


Sincerely,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
676 Views

Hello fskpyro,


I hope you have been able to resolve your issue. I have not heard back from you so I will close this inquiry now. If you need further assistance, please open a new thread.


Sincerely,

Jesus G.

Intel Customer Support


Reply