Community
cancel
Showing results for 
Search instead for 
Did you mean: 
das__batsayan
Beginner
224 Views

usages of sgx_ecc256_create_key_pair/sgx_aes_ctr_encrypt/sgx_rijndael128GCM_encrypt api

What is the general process to encrypt "hello world" text/string inside an enclave?  I would like to know
1. How the key pairs are generated ( should I use sgx_ecc256_create_key_pair or other api?)
2. What apis to use for encrypt ( Should I use sgx_aes_ctr_encrypt() , sgx_rijndael128GCM_encrypt() ? ) 
3. How the keys are to be stored and retrieve for future decreption? 
Thanks a lot

0 Kudos
2 Replies
you_w_
New Contributor III
224 Views

Hi:

1. To encrypt something by using sgx_aes_ctr_encrypt/sgx_rijndael128GCM_encrypt, you need to get a  Symmetric key, you can use  sgx_get_key, sgx_read_rand or your own function to generate a 128 bit key  for encrypt and decrypt.

2. sgx_ecc256_create_key_pair is used to generate ecc 256 key pair.  sgx_aes_ctr_encrypt() and sgx_rijndael128GCM_encrypt() is used for Symmetric encryption. If you want to use asymmetric encryption, maybe you can use intel_sgx_ssl this library provides RSA_public_encrypt and RSA_private_decrypt.

3.  You can use sgx_seal_data api  to seal your keys and store it on your hard drive or database.

Regards

you.

das__batsayan
Beginner
224 Views

Thanks for your response. I followed https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/754253 to experiment with sgx_rijndael128GCM_encrypt() and sgx_rijndael128GCM_decrypt() APIs. Noticed that const uint8_t *p_iv, and sgx_aes_gcm_128bit_tag_t *p_out_mac has to be passed from encrypt() api to decrypt() api for successful decryption.

I used sgx_fopen_auto_key(), sgx_fwrite(), sgx_fclose() to write const uint8_t *p_iv value from the encrypt. When the decrypt tries to use p_iv, SGX_ERROR_MAC_MISMATCH error happens. 

What is the wrong I might be doing? 
It looks like sgx_fwrite() is changing p_iv , which it should not be. ( This is also the question asked by the above thread)