- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I was wondering if there is any difference between unsealing a secret message in the same enclave that you used to seal it vs. in another enclave, signed with the same private key, in terms of security?
One thing I have read in the developer guide is that the smaller the enclave, the more secure, so I guess that manipulating the secret data before sealing and after unsealing in two different enclaves makes each enclave smaller than having one enclave that you reload (because they would not run in parallel, but the unsealing one after the sealing one is destroyed). Are there any other aspects I should consider in terms of security when choosing between having one or two enclave for sealing-unsealing?
Thanks,
Anna
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Anna,
Your thinking is spot on with regard to using two enclaves instead of one. Notice that the SealUnseal sample in the SGX SDK uses two different enclaves. By using two enclaves you minimize the attack surface of each enclave.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Anna,
Your thinking is spot on with regard to using two enclaves instead of one. Notice that the SealUnseal sample in the SGX SDK uses two different enclaves. By using two enclaves you minimize the attack surface of each enclave.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page