Sealing files with the "_sgx_mrenclave" key

[Abhiroop]

I have come across this example https://gramine.readthedocs.io/en/stable/tutorials/pytorch/index.html#preparing-input-files where a 16 bytes key was generated for encrypting a file. Then this key is specified in the fs.insecure__keys.default field of the manifest file and used to read and write to encrypted files. I think I understand this workflow.

However, I wonder if I want to encrypt my files with the SGX's "_sgx_mrenclave" key how do I go ahead and encrypt the file? Right now, I use

gramine-sgx-pf-crypt encrypt -w files/wrap_key -i unenc/myfile -o enc/myfile.pf

I assume there will be some way to provide the enclave's key to this tool somehow?

[mkow]

That's not possible by definition - the whole idea of "sealing" in SGX is that only this specific enclave can get the key and that it never leaves it. So, this is useful only for files created by the enclave, not for the ones deployed from a remote trusted server.

[dimakuv]

+1 to what @mkow said. The special SGX key name _sgx_mrenclave implies that the only entity that can get the file-encryption key is this SGX application itself (and no other app/tool).

By the way, you can also use another special SGX key name _sgx_mrsigner if you want two or more SGX applications to share the file-encryption key (on the same machine). In this way, one of your SGX applications can be the "tool" that creates the file (the producer), and the other SGX application can be the consumer of this file. I'd like to note again that these _sgx_* keys are per-machine only.

[Abhiroop]

Thanks for the pointer!