Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
103 Views

Verifying RSA keys from SGX

Jump to solution

Hi Intel,

I want people to communicate securely with my sgx by encrypting their data with an RSA public key that i generated inside the SGX.

The problem is that i do not know how to verify that the RSA key i send them is not generated outside of the enclave and could potentially decrypt their data outside of the enclaves protection.

Is there a way to verify RSA keys are generated inside the enclave?
Maybe during the RA process?

Best Regards,
Mads

0 Kudos

Accepted Solutions
Highlighted
Moderator
57 Views

Hello damgaard22,

 

It is up to you to develop the solution for the relying party. Intel provides the sgx-ra-sample to help you see what needs to be done only for the remote attestation phase.

 

Jesus Garcia, Intel Customer Support

View solution in original post

0 Kudos
4 Replies
Highlighted
Moderator
84 Views

Hello Damgaard22,


Yes, you can use Remote Attestation to verify that your remote applications can trust the SGX client they are communicating with. After you attest the SGX enclave and determine if it can be trusted, your enclave can generate the public key in your then send it to your remote application via the secure communication channel you have established. Please see this page for more info:


https://software.intel.com/content/www/us/en/develop/articles/code-sample-intel-software-guard-exten...


Jesus Garcia, Intel Customer Support
0 Kudos
Highlighted
Beginner
74 Views

Does this mean that if i want to communicate with a website, i need to do the service provider side of the remote attestation in Javascript?
I have not seen an example of this yet.

The use case would be that a browser sends encrypted data to the SGX server.

0 Kudos
Highlighted
Moderator
58 Views

Hello damgaard22,

 

It is up to you to develop the solution for the relying party. Intel provides the sgx-ra-sample to help you see what needs to be done only for the remote attestation phase.

 

Jesus Garcia, Intel Customer Support

View solution in original post

0 Kudos
Highlighted
Moderator
26 Views

Intel is no longer monitoring this thread. If you want a response from Intel in a follow-up question, please open a new thread.


Jesus Garcia, Intel Customer Support
0 Kudos