gramine-sgx-pf-crypt encrypt based on mrenclave/mrsigner #1675
-
Looked for documentation around this tool and couldn't find a answer to my question, so asking here, According to my understanding of it, gramine-sgx-pf-crypt is a tool that can be used to encrypt/decrypt data, this data can then be used inside a running gramine enclave which decrypts the data using a secret server provisioning, which will provide the key to decrypt the data that got encrypted and mounted into the gramine process. I may be wrong, but I don't see any relationship between the encryption process (at least on the arguments of this tool) and the system encrypting the data. Let me explain better, basically I would like this data to be encrypted in a way that only a specific enclave having a specific mrsigner/mrenclave could decrypt the data, because it seems to me that if the "wrap_key" used to encrypt the data gets leaked, then anyone could in fact decrypt the data, correct? More on this (https://gramine.readthedocs.io/en/stable/manifest-syntax.html#encrypted-files)
If I understood correctly, this is to be used on the manifest files when using the encrypted FS volume, with key_name param, not entirely sure how this works, but couldn't someone just create a different manifest file (with different _sgx_mrenclave and _sgx_mrsigner) and generate a new gramine enclave attach the same data and decrypt the data (assuming that they would have access to the volume encrypt data and secret server provisioning would provide to them the "wrap_key") ? What confuses me even more generally on this process is that gramine-sgx-pf-crypt can even be ran with decrypt arg completely outside of a running enclave as long as the user has access to the "wrap_key", correct? To sum up, is there any way to encrypt the data in a way that only specific mrenclave is able to decrypt it? Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
Hi @tiagorvmartins! Pls see my comments below.
Yes.
I don't understand -- if (s)he specifies the encrypted file mounts using the
Yes, the "wrap_key" must be kept in secret by the user and has to be previsioned to the enclave using a secure channel established after proper remote attestation. This guarantees that except the user her/himself and the enclave that a user has attested/trusted have the access to the "wrap_key", any others won't be able to access the key thus decrypt the data.
Yes, you can specify |
Beta Was this translation helpful? Give feedback.
Right, to recall, the
_sgx_mrenclave
key is "the SGX sealing key based on the MRENCLAVE identity of the enclave, which is useful to allow only the same enclave (on the same platform) to unseal files".