File encryption

[boudo]

Hi,
Can I encrypt the test.txt file with EGo so that it is only accessible through the enclave or can I put it directly in the enclave?

[thomasten]

Hi,
yes, you can encrypt the data before writing it to the file with the SealWith... functions from https://pkg.go.dev/github.com/edgelesssys/ego/ecrypto. This will use the SGX seal key, so it can only be decrypted by the enclave.
One of the next versions of EGo will include an in-enclave-memory filesystem. Then you can put it directly in the enclave. You can already achieve this manually by using the MemMapFs from https://github.com/spf13/afero.

[boudo]

Hi,
Thank you. I tested with SealWith... functions and also with afero, everything works fine.
For one of the next versions of EGo, we must understand that there will be a configuration file that allows to tell EGo to put the test.txt file in the enclave without modifying the source code of the application?

[thomasten]

For one of the next versions of EGo, we must understand that there will be a configuration file that allows to tell EGo to put the test.txt file in the enclave without modifying the source code of the application?

Yes, that will be possible. There is already a brief documentation how this will work:
https://github.com/edgelesssys/ego/blob/master/doc/ego_cli.md#enclave-configuration-file
So you will be able to mount some paths as memfs and writing to these will never leave the enclave.

[boudo]

Great, thank you for your answers.
It is very interesting.

[thomasten]

@boudo The memfs feature is now available in v0.2

[boudo]

Hi @thomasten, I suppose that the next version will support data sealing for hostfs without modifying the application code ?

[thomasten]

Yes, we plan to add this feature, but don't have an ETA yet.

[fnerdman]

@thomasten Is there an ETA yet for data sealing for hostfs without modifying the application code ?

[thomasten]

@lead4good unfortunately no. It's not being worked on and not scheduled for the near future.