- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Intel,
I want people to communicate securely with my sgx by encrypting their data with an RSA public key that i generated inside the SGX.
The problem is that i do not know how to verify that the RSA key i send them is not generated outside of the enclave and could potentially decrypt their data outside of the enclaves protection.
Is there a way to verify RSA keys are generated inside the enclave?
Maybe during the RA process?
Best Regards,
Mads
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello damgaard22,
It is up to you to develop the solution for the relying party. Intel provides the sgx-ra-sample to help you see what needs to be done only for the remote attestation phase.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Damgaard22,
Yes, you can use Remote Attestation to verify that your remote applications can trust the SGX client they are communicating with. After you attest the SGX enclave and determine if it can be trusted, your enclave can generate the public key in your then send it to your remote application via the secure communication channel you have established. Please see this page for more info:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does this mean that if i want to communicate with a website, i need to do the service provider side of the remote attestation in Javascript?
I have not seen an example of this yet.
The use case would be that a browser sends encrypted data to the SGX server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello damgaard22,
It is up to you to develop the solution for the relying party. Intel provides the sgx-ra-sample to help you see what needs to be done only for the remote attestation phase.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Intel is no longer monitoring this thread. If you want a response from Intel in a follow-up question, please open a new thread.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page