- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
In case external users (other than the enclave developer who has signed the enclave with his private key) need to share data with the application enclave, is it possible for these users to get a certified measurement of the application enclave (e.g. from the quoting enclave) without the enclave developer being able to tamper with this measurement?
In other words, can the enclave developer prove to an external user that it is safe the share his data with the enclave?
Thanks, David
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
May want to check this out:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Arya,
However, I don't think it answers my question. What I would like to know is if it is possible for an enclave to provide (with ISV's agreement) a remote attestation to an external user that is not the ISV (i.e. not the enclave developper who signed the enclave).
Maybe something like the figure below:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I will try to rephrase this: Can a user (other than the ISV who has the private signing key) obtain a remote attestation from (or with the help of) the ISV but without the ISV being able to tamper with this attestation?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, David.
This is absolutely possible. The private signing key is not needed in the process of producing a quote once the enclave application is already running. The quote is signed with the EPID key, and not with the private signing key.
Best regards,
Rodolfo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Rodolfo, this was very helpful!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
About this issue,I still have a question.
EPID (key) seems to prove the ISV identity。but how to prove the code run in the enclave is the one expected , by comparing the "MRENCLAVE" measurement value ?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page