Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Sealing with our own key

Ziidev
New Contributor I
639 Views

Hi,
I am looking into passwod wallet by SGX_101 and I found out that there is a PEM key. Is this a key which used to encrypt wallet? or what is the purpose of that key? If this is the key to encrypt private data than how It is secure?
Also I want to know if we have our own key and we make it secure and stored it inside the SGX. Is there any code available to use that key and encrypt some data? Or any guidance on how to use our own key to encrypt data.
Please Guide me that would be helpful. Thank you in Advance.
Best Regards
ZiiDev

0 Kudos
1 Solution
Sahira_Intel
Moderator
578 Views

Hi,


You can actually use sgx_rsa_pub_encrypt_sha256 and sgx_rsa_pub_decrypt_sha256. These functions perform RSA encryption and decryption using the SHA-256 algorithm.

An example of it being used can be found here:

https://cpp.hotexamples.com/examples/-/-/sgx_sha256_msg/cpp-sgx_sha256_msg-function-examples.html#0xbe1627ef0ca4806adec49545040c9a3e11a5f3b49b8fbf268df2aa46f9e6fd9a-307,,836,


More information on SGX APIs can be found in the Developer Reference Guide here: https://download.01.org/intel-sgx/sgx-linux/2.16/docs/Intel_SGX_Developer_Reference_Linux_2.16_Open_Source.pdf


Sincerely,

Sahira R.




View solution in original post

5 Replies
Sahira_Intel
Moderator
613 Views

Hi,

There are a couple types of keys used in SGX. There is an enclave signing key, which requires a key file that is in PEM format and unencrypted. Read more about enclave signing keys here. 

There is also a key used to seal data in an enclave. You can read more about SGX sealing here

A good example to look at is the SealUnseal sample in the SGX SDK. 

Sincerely,

Sahira 

0 Kudos
Ziidev
New Contributor I
606 Views

Hello,

Thank you for quick guidance. I also want to know about how we can use our own key for encryption inside the enclave. Assume that I have securely saved a key inside the SGX and now I want to utilize that key for encryption and decryption. How am I able to run it. Code snippet will also be very helpful.  

0 Kudos
Sahira_Intel
Moderator
579 Views

Hi,


You can actually use sgx_rsa_pub_encrypt_sha256 and sgx_rsa_pub_decrypt_sha256. These functions perform RSA encryption and decryption using the SHA-256 algorithm.

An example of it being used can be found here:

https://cpp.hotexamples.com/examples/-/-/sgx_sha256_msg/cpp-sgx_sha256_msg-function-examples.html#0xbe1627ef0ca4806adec49545040c9a3e11a5f3b49b8fbf268df2aa46f9e6fd9a-307,,836,


More information on SGX APIs can be found in the Developer Reference Guide here: https://download.01.org/intel-sgx/sgx-linux/2.16/docs/Intel_SGX_Developer_Reference_Linux_2.16_Open_Source.pdf


Sincerely,

Sahira R.




Sahira_Intel
Moderator
577 Views

Also, you can refer to this community thread where a similar issue was addressed: 

 

https://community.intel.com/t5/Intel-Software-Guard-Extensions/Asymmetric-cryptography-in-Enclave/m-p/1197960/highlight/true#M3868

Ziidev
New Contributor I
565 Views

Hi Sahira_Intel,

Thank you so much for the guideline. I will let you know, if I face any other problem. 

Best Regards

ZiiDev

0 Kudos
Reply