Community
cancel
Showing results for 
Search instead for 
Did you mean: 
alc__ria
Beginner
52 Views

SGX Sealing vs Proteced File APIs

Hi,

I need to implement writing/retrieving of files to persistent storage. The files are sensitive in nature and has to be in encrypted form when saved. The files can also be big (can potentially be tens of MBs). I can think of two ways that this can be done:

1. use sgx_seal_data and then make an ocall to fopen/fwrite, or

2. use the protected file apis (sgx_fopen_auto_key, sgx_fwrite, etc).

Option #1 will have limitations on the file size that it can handle (i.e. limited by the enclave heap size, etc). How about option #2, will it have the same limitations? Which is a better option and what other issues should I consider?

Thanks.

 

0 Kudos
1 Reply
Hoang_N_Intel
Employee
52 Views

Please take a look at the "limitation" and "non-objectives" section in this document at https://software.intel.com/sites/default/files/managed/76/8f/OverviewOfIntelProtectedFileSystemLibra...

Reply