Skip to content

andreluis034/sgx-keystore.openssl-engine

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
Docker
Docker
 
 
patch
patch
 
 
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

sgx-keystore-openssl-engine

An OpenSSL engine implementation that utilizes a SGX keystore server. Current implementation only supports RSA keys up to 4096 bits.

The design, implementation and evaluation of the system is described in our Computer & Security journal 2021 paper.

Requirements

How to build

  1. Download and Compile Intel SGX SSL
  2. Modify the file buildenv.mk in the src folder so that the variable SGXSSL points to root folder of Intel SGX SSL.
  3. Run make inside the src folder

OpenSSL Configuration

You must add the compiled engine to your openssl.cnf file like so:

[openssl_init]
engines=engine_section

[engine_section]
sgxkeystore = sgxkeystore_section

[sgxkeystore_section]
engine_id = sgxkeystore
dynamic_path = /path/to/sgxkeystore.so
init = 0

How to use

  1. Generating a key:
    • Generating using OpenSSL normally ane seal it by running ./UtilityApp <key_file>
    • or
    • Generate a RSA 4096 bit key using the Utility app ./UtilityApp --gen <key_file>
  2. Run the server
  3. To use the key in the enclave the following path must be specified: sgxkeystore:/path/to/key.pem.sealed>

Integrating with Apache

Build the Apache Web Server with the SSL module enabled and with the following patch applied: patch

About

An OpenSSL engine that uses SGX as a keystore

Topics

sgx openssl-engine sgx-keystore

Resources

Readme

License

GPL-3.0 license
Activity

Stars

5 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages