Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Verifying RSA keys from SGX

damgaard22
Beginner
‎09-08-2020 05:32 AM
1,416 Views
Solved Jump to solution

Hi Intel,

I want people to communicate securely with my sgx by encrypting their data with an RSA public key that i generated inside the SGX.

The problem is that i do not know how to verify that the RSA key i send them is not generated outside of the enclave and could potentially decrypt their data outside of the enclaves protection.

Is there a way to verify RSA keys are generated inside the enclave?
Maybe during the RA process?

Best Regards,
Mads

0 Kudos
1 Solution
JesusG_Intel
Moderator
‎09-09-2020 02:25 PM
1,370 Views
Solved Jump to solution

Hello damgaard22,

 

It is up to you to develop the solution for the relying party. Intel provides the sgx-ra-sample to help you see what needs to be done only for the remote attestation phase.

 

View solution in original post

0 Kudos
Copy link

Link Copied

4 Replies
JesusG_Intel
Moderator
‎09-08-2020 01:44 PM
1,397 Views
Solved Jump to solution

Hello Damgaard22,


Yes, you can use Remote Attestation to verify that your remote applications can trust the SGX client they are communicating with. After you attest the SGX enclave and determine if it can be trusted, your enclave can generate the public key in your then send it to your remote application via the secure communication channel you have established. Please see this page for more info:


https://software.intel.com/content/www/us/en/develop/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example.html


0 Kudos
Copy link
damgaard22
Beginner
‎09-09-2020 12:05 AM
1,387 Views
Solved Jump to solution
In response to JesusG_Intel

Does this mean that if i want to communicate with a website, i need to do the service provider side of the remote attestation in Javascript?
I have not seen an example of this yet.

The use case would be that a browser sends encrypted data to the SGX server.

In response to JesusG_Intel
0 Kudos
Copy link
JesusG_Intel
Moderator
‎09-09-2020 02:25 PM
1,371 Views
Solved Jump to solution

Hello damgaard22,

 

It is up to you to develop the solution for the relying party. Intel provides the sgx-ra-sample to help you see what needs to be done only for the remote attestation phase.

 

0 Kudos
Copy link
JesusG_Intel
Moderator
‎09-15-2020 02:34 PM
1,339 Views
Solved Jump to solution

Intel is no longer monitoring this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.