Processors (Intel® Core™, Intel® Xeon®, etc); processor utilities and programs (Intel® Processor Identification Utility, Intel® Extreme Tuning Utility, Intel® Easy Streaming Wizard, etc.)
The Intel sign-in experience has changed to support enhanced security controls. If you sign in, click here for more information.
12939 Discussions

How to apply Intel SGX Remote Attestation to the model that encalve runs in server?


The Intel official remote attestation sample code, e.g., JMolding describe a model that encalve runs in client and server provides secret data, as the below picture shows.

f9PEF.pngBut I want implement a service that computes user's secret data in enclave. So there are many clients providing secret data and a server running encalve. The obstacle is that the intel sgx sdk doesn't fit this model. For example, function sgx_init_ra declared in sgx_tkey_exchange.h accepts a public key for later verification, and intel's document recommends hard-coding the public key into the enclave code.

The Service Provider's public key should be hardcoded into the enclave. This, combined with enclave signing, ensures that the key cannot be changed by end users so that the enclave can only communicate with the intended remote service.

This fits intel's remote attestation model, but not mine. Because in my model, there are many client(secret data provider), and it's difficult to get the client's public key safely.

So, Is there a method to use intel sgx sdk in this model?

Labels (1)
0 Kudos
4 Replies

Hello Aqqibbjamshed839

Thank you for posting on the Intel️® communities. Please share with us more information on your current setup (components) and we will continue to investigate this request. 


David G 

Intel Customer Support Technician 


Were you able to check the previous post?  

Let us know if you still need assistance.    

Best regards,  

David G.  

Intel Customer Support Technician  


We have not heard back from you, so we will close this thread. If you need any additional information, please submit a new question as this thread will no longer be monitored.   

Best regards,  

David G. 

Intel Customer Support Technician  


I'm working on a research project that implements enclaves that, upon start, contact a key distribution/rotation server. This server holds all the private/public/symmetric keys needed and distributes them in a secure manner.

If you don't want to hardcore the RA Server's pubkey in your enclave, then use the untrusted part of your app to contact a server that all will provide the key for you. A way to secure the transaction is the use of MRSGINER as the identify of the enclave.

To sum up, the workflow could be the following:

  • APP, UNTRUSTED: contact key server, fetch RA server's pubkey
  • APP, UNTRUSTED: create the enclave, provision it with the pubkey
  • APP, TRUSTED: complete the attestation process
  • and so on.

But to be clear: be aware that the attestation's goal is twofold. The first is to attest an enclave, the second (which may interest you) is to establish a secure communication channel using the session key generated during the RA's DHKE. This is your secure way to exchange info between the RA server and the enclave.