Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

replace RSA shielding key with NaCl/salt/sodium asymmetric crypto #1597

Open
brenzi opened this issue May 1, 2024 · 1 comment
Open

replace RSA shielding key with NaCl/salt/sodium asymmetric crypto #1597

brenzi opened this issue May 1, 2024 · 1 comment

Comments

@brenzi
Copy link
Collaborator

brenzi commented May 1, 2024

Needs to first be researched in depth

RSA should be deprecated as it should no longer be considered secure

NaCl is scheme enabling asymmetric encryption and authentication at the same time, based on ed25519. We would still need a shared secret among all enclaves operating the same shard, but it could be an ed25519 secret key instead of an RSA one. We may even want to use that shared ed25519 key as a "per shard" account on Integritee Network.

Good docs come with the python lib:
https://pynacl.readthedocs.io/en/latest/public/

The rust lib seems unmaintained: https://crates.io/crates/nacl

@Kailai-Wang
Copy link
Contributor

That will be a great improvement.

Also Rsa3072KeyPair in rust-sdk doesn't seem that stable, sometimes it works with only certain Intel-SDK version (e.g. 2.19, but not 2.21+). In rust SDK 2.0.0 - the ucrypto feature doesn't work reliably either, see apache/incubator-teaclave-sgx-sdk#456

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants