Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Sealing with our own key

Ziidev
New Contributor I
402 Views

Hi,
I am looking into passwod wallet by SGX_101 and I found out that there is a PEM key. Is this a key which used to encrypt wallet? or what is the purpose of that key? If this is the key to encrypt private data than how It is secure?
Also I want to know if we have our own key and we make it secure and stored it inside the SGX. Is there any code available to use that key and encrypt some data? Or any guidance on how to use our own key to encrypt data.
Please Guide me that would be helpful. Thank you in Advance.
Best Regards
ZiiDev

0 Kudos
1 Solution
Sahira_Intel
Moderator
341 Views

Hi,


You can actually use sgx_rsa_pub_encrypt_sha256 and sgx_rsa_pub_decrypt_sha256. These functions perform RSA encryption and decryption using the SHA-256 algorithm.

An example of it being used can be found here:

https://cpp.hotexamples.com/examples/-/-/sgx_sha256_msg/cpp-sgx_sha256_msg-function-examples.html#0x...,


More information on SGX APIs can be found in the Developer Reference Guide here: https://download.01.org/intel-sgx/sgx-linux/2.16/docs/Intel_SGX_Developer_Reference_Linux_2.16_Open_...


Sincerely,

Sahira R.




View solution in original post

5 Replies
Sahira_Intel
Moderator
376 Views

Hi,

There are a couple types of keys used in SGX. There is an enclave signing key, which requires a key file that is in PEM format and unencrypted. Read more about enclave signing keys here. 

There is also a key used to seal data in an enclave. You can read more about SGX sealing here

A good example to look at is the SealUnseal sample in the SGX SDK. 

Sincerely,

Sahira 

Ziidev
New Contributor I
369 Views

Hello,

Thank you for quick guidance. I also want to know about how we can use our own key for encryption inside the enclave. Assume that I have securely saved a key inside the SGX and now I want to utilize that key for encryption and decryption. How am I able to run it. Code snippet will also be very helpful.  

Sahira_Intel
Moderator
342 Views

Hi,


You can actually use sgx_rsa_pub_encrypt_sha256 and sgx_rsa_pub_decrypt_sha256. These functions perform RSA encryption and decryption using the SHA-256 algorithm.

An example of it being used can be found here:

https://cpp.hotexamples.com/examples/-/-/sgx_sha256_msg/cpp-sgx_sha256_msg-function-examples.html#0x...,


More information on SGX APIs can be found in the Developer Reference Guide here: https://download.01.org/intel-sgx/sgx-linux/2.16/docs/Intel_SGX_Developer_Reference_Linux_2.16_Open_...


Sincerely,

Sahira R.




Sahira_Intel
Moderator
340 Views

Also, you can refer to this community thread where a similar issue was addressed: 

 

https://community.intel.com/t5/Intel-Software-Guard-Extensions/Asymmetric-cryptography-in-Enclave/m-...

Ziidev
New Contributor I
328 Views

Hi Sahira_Intel,

Thank you so much for the guideline. I will let you know, if I face any other problem. 

Best Regards

ZiiDev

Reply