Hi Jesus G.

So, I was trying to write an ocall as you said on the sgx-ra-sample example. When I am trying to import another .edl file it's showing file not found within the search paths. I am following the developers guide format.

from"../../sys/other_secure_comms.edl"import*;

Do I need to change the make file in sgx-ra-sample example?

Thanks,

Mzaman

Hello @JesusG_Intel 

I have a situation:

I have a scenario that I must connect to a web server and I need to keep the response data safe. I also need to process the data in the trusted part. The possibility of making an HTTP request from the enclave solve the issue, however, you said that:

"It is not possible to make calls directly to the outside world from inside an enclave. You must create ocalls from the enclave to your application, then the application can make the REST API or HTTP requests on behalf of the enclave."

from my point of view, the SSL connection will keep the data safe during the transmission, however, once I read it in the untrusted code, the data can no longer be considered safe.

I am new to sgx technology and I know intel won't allow this security risk. What I am missing ? Can you guide me on how to make a safe HTTP  request using sgx?

Thanks

Hi is_0054,

I am also beginner in sgx.

May be you can open a server in the enclave which will protect the data as sgx claims.

I could be wrong.

Thanks

Mzaman

hey @mzaman 

But According @JesusG_Intel it is not possible to make a HTTP call to the outside world from the enclave

Hi,

You need to create ocalls for contacting with the outer world/application.

That's what I understand.

Regards,

Mzaman

yes, but in that case, I will receive the data in the application, which means the untrusted part. However, one of the requirements is that the data needs to be secure at all times. I can not have the data in the application.

Then I facing a dilemma. I can't do the HTTP request from the enclave, but I need to have the received data safe, which means that the data must be received from the trusted part, where is no way to make the call..

I don't know if is a misunderstanding of my concepts.

Hello is_0054 and mzaman,

These follow-up questions are being addressed in this thread: https://community.intel.com/t5/Intel-Software-Guard-Extensions/http-request-call-in-a-sgx-application/m-p/1256063#M4313.

Hi Jesus G,

Thanks for the suggestion it's solving the issue. I am still working on to create a client inside enclave through OCALL. If you have any recommendation or sample code regarding this please let me know.

Thanks,

Mzaman