Hi, I want to use python libraries like urllib.request and ecdsa from inside the enclave. Ultimately, their cryptographic security ultimately relies on library calls like ssl.RAND_bytes() and random.SystemRandom() to return cryptographically secure random numbers.
When I start the same .eif twice in a row, I see that ssl.RAND_bytes() returns different values. But I also read somewhere that "there's no randomness" in Nitro enclaves, and that for security reasons, I should use the RNG implemented in this library. I'm assuming the latter is correct, so I'm wondering what would be the easiest way to use the Nitro RNG provided by this library to make libraries like ssl act securely.
Is it possible to call the Nitro RNG only once in the beginning, and inject entropy "system-wide", such that any library that relies on a pseudo-RNG that's cryptographically secure on a regular machine, would also be inside a nitro enclave?
Hi, I want to use python libraries like
urllib.requestandecdsafrom inside the enclave. Ultimately, their cryptographic security ultimately relies on library calls likessl.RAND_bytes()andrandom.SystemRandom()to return cryptographically secure random numbers.When I start the same
.eiftwice in a row, I see thatssl.RAND_bytes()returns different values. But I also read somewhere that "there's no randomness" in Nitro enclaves, and that for security reasons, I should use the RNG implemented in this library. I'm assuming the latter is correct, so I'm wondering what would be the easiest way to use the Nitro RNG provided by this library to make libraries likesslact securely.Is it possible to call the Nitro RNG only once in the beginning, and inject entropy "system-wide", such that any library that relies on a pseudo-RNG that's cryptographically secure on a regular machine, would also be inside a nitro enclave?