Cloud Key Store (CKS) is a tool to protect private cryptographic keys in the cloud. It performs cryptographic operations using the keys based on user requests. The user authentication is password based. An example usage is to store GnuPG private keys.
A detailed discussion of our motivation, threat model, design decisions, and evaluation of the CKS is presented in our technical paper: https://arxiv.org/abs/1804.08569
-
Install SGX SDK:
- Download and install Intel SGX SDK for Linux
- Set the SGX_SDK variable in the Makefile to the location of your SGX SDK
- Set the SIGNING_KEY variable in the Makefile to point to an enclave signing key. If needed, generate a signing key following Intel's OpenSSL Examples
-
Build the 3rd party libraries
- Clone sgx-utils
- Build libraries by running
make. - Copy them to
./libsdirectory, or modify MakefileLib_Dirvariable. - The required libraries are
lib_tkeandlib_uke.
- Make sure that the Makefile libdir variable points to the right directory (
sgx-utils/libs), and the paths to the 3rd party libraries are correct. - Run
make. This will generate objects underbuilddirectory andkeystoreandclientexecutables. The enclave will be put underbuild/enclave. - To test the build run
./keystore, connect to the server by running./client. - To build tests run
cmakein thetestdirectory. Runmake checkto run the unit tests.
In order verify the quote recieved during remote attestation, you need access to the Intel Attestation Service (IAS). This requires registering with Intel via this form. Once registered, set your assigned Service Provider ID (SPID) in the ias.cpp file.