search

aws / aws-nitro-enclaves-samples

Provides samples that can help developers get started with Nitro Enclaves.
Apache License 2.0
52 stars 31 forks source link

How to get `public key` stored in enclave? #16

Open scalalang2 opened 1 year ago

scalalang2 commented 1 year ago

Hi, I'm very confused understanding this code

I understood as follows

  1. when we boot encalve, it create a key pair (public key and private key)
  2. public key and private key is stored inside of encalve
  3. private key never leaves from enclave.

In this case, I want to know what is public key stored in enclave.

  1. Attestation Doc contains public key of enclave (is it correct?)

Now, As you can see here, It requires me to enter public key But, I don't know... I want to know the public key stored in encalve It's confused.. please somone help me

let public_key = ByteBuf::from("my super secret key");
let hello = ByteBuf::from("hello, world!");

let request = Request::Attestation {
        public_key: Some(public_key),
        user_data: Some(hello),
        nonce: None,
};
xparticle commented 1 year ago

the attestation process is documented here: https://github.com/aws/aws-nitro-enclaves-nsm-api/blob/main/docs/attestation_process.md . You can create a Key Pair and supply the Public key to the attestation api. This Public key will be then included in the attestation document, which the receiver of the attestation doc can use to encrypt the responses back to the enclave. This ensures, only the enclave from where the request originated can decrypt the response.