Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
New Contributor I
88 Views

Seal - Unseal in the same enclave vs. in two different enclaves

Jump to solution

Hi, I was wondering if there is any difference between unsealing a secret message in the same enclave that you used to seal it vs. in another enclave, signed with the same private key, in terms of security?

One thing I have read in the developer guide is that the smaller the enclave, the more secure, so I guess that manipulating the secret data before sealing and after unsealing in two different enclaves makes each enclave smaller than having one enclave that you reload (because they would not run in parallel, but the unsealing one after the sealing one is destroyed). Are there any other aspects I should consider in terms of security when choosing between having one or two enclave for sealing-unsealing?

Thanks,

Anna


Accepted Solutions
Highlighted
Moderator
86 Views

Re:Seal - Unseal in the same enclave vs. in two di...

Jump to solution

Hello Anna,


Your thinking is spot on with regard to using two enclaves instead of one. Notice that the SealUnseal sample in the SGX SDK uses two different enclaves. By using two enclaves you minimize the attack surface of each enclave.


Jesus Garcia, Intel Customer Support

View solution in original post

0 Kudos
1 Reply
Highlighted
Moderator
87 Views

Re:Seal - Unseal in the same enclave vs. in two di...

Jump to solution

Hello Anna,


Your thinking is spot on with regard to using two enclaves instead of one. Notice that the SealUnseal sample in the SGX SDK uses two different enclaves. By using two enclaves you minimize the attack surface of each enclave.


Jesus Garcia, Intel Customer Support

View solution in original post

0 Kudos