Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Gross__Noam
Beginner
111 Views

copy sealed data between different machines

hi,
i sealed data with enclave that use MRENCLAVE key policy, and save the sealed data into file (via ocall),
if i copy the sealed data to other machine and launch same encalve there - it should be unsealed the data ?

0 Kudos
1 Reply
Scott_R_Intel
Employee
111 Views

Hello.

No, the keys derived on one CPU using either MRENCLAVE or MRSIGNER policies will not be the same as keys on another CPU.  The sealing keys are CPU specific.  More info in this video:  https://software.intel.com/en-us/videos/how-to-seal-data-in-intel-sgx

To be able to seal sharable data blobs between two different CPUs would require the use of SGX remote attestation to provision shared key(s) to both enclaves that could then be used to seal/unseal the data.

Regards.

Scott

Reply