Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Verifying RSA keys from SGX

damgaard22
Beginner
2,051 Views

Hi Intel,

I want people to communicate securely with my sgx by encrypting their data with an RSA public key that i generated inside the SGX.

The problem is that i do not know how to verify that the RSA key i send them is not generated outside of the enclave and could potentially decrypt their data outside of the enclaves protection.

Is there a way to verify RSA keys are generated inside the enclave?
Maybe during the RA process?

Best Regards,
Mads

0 Kudos
1 Solution
JesusG_Intel
Moderator
2,005 Views

Hello damgaard22,

 

It is up to you to develop the solution for the relying party. Intel provides the sgx-ra-sample to help you see what needs to be done only for the remote attestation phase.

 

View solution in original post

0 Kudos
4 Replies
JesusG_Intel
Moderator
2,032 Views

Hello Damgaard22,


Yes, you can use Remote Attestation to verify that your remote applications can trust the SGX client they are communicating with. After you attest the SGX enclave and determine if it can be trusted, your enclave can generate the public key in your then send it to your remote application via the secure communication channel you have established. Please see this page for more info:


https://software.intel.com/content/www/us/en/develop/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example.html


0 Kudos
damgaard22
Beginner
2,022 Views

Does this mean that if i want to communicate with a website, i need to do the service provider side of the remote attestation in Javascript?
I have not seen an example of this yet.

The use case would be that a browser sends encrypted data to the SGX server.

0 Kudos
JesusG_Intel
Moderator
2,006 Views

Hello damgaard22,

 

It is up to you to develop the solution for the relying party. Intel provides the sgx-ra-sample to help you see what needs to be done only for the remote attestation phase.

 

0 Kudos
JesusG_Intel
Moderator
1,974 Views

Intel is no longer monitoring this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Reply