Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1521 Discussions

SGX Sealing vs Proteced File APIs

alc__ria
Beginner
‎04-03-2018 04:00 AM
478 Views

Hi,

I need to implement writing/retrieving of files to persistent storage. The files are sensitive in nature and has to be in encrypted form when saved. The files can also be big (can potentially be tens of MBs). I can think of two ways that this can be done:

1. use sgx_seal_data and then make an ocall to fopen/fwrite, or

2. use the protected file apis (sgx_fopen_auto_key, sgx_fwrite, etc).

Option #1 will have limitations on the file size that it can handle (i.e. limited by the enclave heap size, etc). How about option #2, will it have the same limitations? Which is a better option and what other issues should I consider?

Thanks.

 

0 Kudos

Link Copied

1 Reply
Hoang_N_Intel
Employee
‎04-16-2018 10:27 AM
478 Views

Please take a look at the "limitation" and "non-objectives" section in this document at https://software.intel.com/sites/default/files/managed/76/8f/OverviewOfIntelProtectedFileSystemLibrary.pdf

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.