{"id":13640397,"url":"https://github.com/R3Conclave/conclave-core-sdk","last_synced_at":"2025-04-20T02:33:47.025Z","repository":{"id":57936493,"uuid":"526690075","full_name":"R3Conclave/conclave-core-sdk","owner":"R3Conclave","description":"SDK for creating confidential SGX enclaves in Java, Kotlin and Python","archived":false,"fork":false,"pushed_at":"2023-11-09T16:13:33.000Z","size":87279,"stargazers_count":41,"open_issues_count":0,"forks_count":11,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-11-09T10:39:08.751Z","etag":null,"topics":["confidential-computing","java","javascript","kotlin","python","sgx","sgx-enclave"],"latest_commit_sha":null,"homepage":"https://conclave.net","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/R3Conclave.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-19T17:08:41.000Z","updated_at":"2024-10-22T14:44:06.000Z","dependencies_parsed_at":"2024-11-09T10:42:50.670Z","dependency_job_id":null,"html_url":"https://github.com/R3Conclave/conclave-core-sdk","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R3Conclave%2Fconclave-core-sdk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R3Conclave%2Fconclave-core-sdk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R3Conclave%2Fconclave-core-sdk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R3Conclave%2Fconclave-core-sdk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/R3Conclave","download_url":"https://codeload.github.com/R3Conclave/conclave-core-sdk/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249840696,"owners_count":21332925,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["confidential-computing","java","javascript","kotlin","python","sgx","sgx-enclave"],"created_at":"2024-08-02T01:01:10.796Z","updated_at":"2025-04-20T02:33:45.305Z","avatar_url":"https://github.com/R3Conclave.png","language":"C++","funding_links":[],"categories":["Runtime Framework"],"sub_categories":["Industrial Leading Projects"],"readme":"\u003e :warning: The Conclave SDK is discontinued and is no longer actively maintained. Feel free to fork this \nrepo if you wish to continue making improvements. For any further queries, including use of the Key Derivation Service (KDS),\nplease reach out to [R3](https://www.r3.com/contact/).\n\n[![Conclave Core SDK](.github/assets/logo.png)][conclave_website]\n\nThe [Conclave Core SDK][docs] is an open source platform that lets you create SGX enclaves easily. You can \nwrite your enclave code in high-level languages such as Java, Kotlin, and JavaScript.\n\n**Enclaves** are small pieces of software that are protected from attack by the owner of the computer on which they \nrun. They are ideally suited to solving multi-party collaboration and privacy problems, \nbut can also be used to secure your infrastructure against attack.\n\nThe Conclave Core SDK is developed by [R3][r3_website], and has been made available to the [open source community](#license).\n\n## How to use Conclave\nIf you want to learn how to use Conclave and build enclaves, take a look at the\n[hello world example and tutorial][hello_world]. You can also refer to the [Conclave documentation][docs] and\n[API docs](https://docs.conclave.net/api/index.html).\n\n## Building the SDK\nIf you want to build the SDK, you can do so both on Linux and macOS (Intel only) using a development Docker container.\n\n\u003e :warning: **Building the SDK is currently not supported on Apple Silicon hardware.\n\nIn the instructions below we assume Ubuntu as the Linux distribution; in case you use a different one,\nyou need to translate the instructions to your chosen distribution.\n\n### Getting the source code\nTo retrieve the source code you need to clone this repository:\n```shell\ngit clone https://github.com/R3Conclave/conclave-core-sdk.git\n```\n\n### Preparing the development container\nWe have created Docker containers to have an encapsulated and easy-to-use build environment, follow the instructions\nfor your operating system.\n\n#### macOS (Intel)\n\nYou can install Docker Desktop [following Docker's instructions](https://docs.docker.com/desktop/mac/install/)\n\n\u003e :warning: **On macOS you must increase your Docker RAM allocation**. The default is 2GB but we have found out that it\nneeds around 6GB of RAM to successfully build and run the tests.\n\n#### Linux (Ubuntu)\nYou can get install Docker for Linux [following Docker's instructions](https://docs.docker.com/engine/install/ubuntu/).\n\nIn either cases (Linux or macOS), make sure you can use Docker without root privileges by adding yourself\nto the `docker` UNIX group:\n\n```shell\nsudo groupadd docker # Create the docker group. Don't worry if it already exists!\nsudo usermod -aG docker $USER # Add your user to the docker group.\n```\n\nThis step is *not* configured out of the box on some Linux distributions like Ubuntu, and will break the development\nenvironment scripts (which you will need later).\n\nDevelopment is done inside a **devenv** container, which has access to your host disk and network. This is layered on top\nof the build container. \n\n### Building and entering into your development container\nOnce you have set up your container, you need to enter into it:\n```shell\n./scripts/devenv_shell.sh\n```\n\nAfter the container has been built and your terminal have printed out a lot of logging, you should see at the end\na message similar to this:\n```shell\nWelcome to the Conclave development environment.\n\nYou are now in a shell inside a Docker container. \nRun ./gradlew build test to compile and run unit tests.\nBrowse to http://localhost:8000 to view the external docsite.\n\nconclave master ~/conclave-core-sdk\u003e \n```\n\n### Building the SDK and runnning tests\nWe use [Gradle](https://docs.gradle.org/) to build the SDK, which you can do with the following command:\n```shell\n./gradlew build\n```\n\nThis is will also run the unit tests. To skip them run:\n```shell\n./gradlew build -x test\n```\n\nDue to the large number of native components, the build takes around 10 minutes the first time,\nthen some elements of the build are cached and hence it should be sensibly quicker\nafter that.\n\nThe integration tests reside as a separate Gradle project in [integration-tests/](integration-tests). To run them\nyou will first need to create a local Maven repository with the SDK artifacts:\n```shell\n./gradlew publishAllPublicationsToBuildRepository\ncd integration-tests\n./gradlew test\n```\n\n\u003eNote: if in your development you need to use `sudo` inside the container, then enter it using\n\u003e```shell\n\u003edocker exec --user root -it \u003ccontainer-id\u003e /bin/bash\n\u003e```\n\u003e In this way you will be using the container as a `root` user.\n\u003e \n### Debug mode\nAs part of the build, Conclave uses a modified version of the [Intel SGX SDK](https://github.com/intel/linux-sgx),\ntogether with other C/C++ code.\nBy default, this code is built in `Release` mode. If you need to debug C/C++ code you need to set the `Debug` mode by adding\n`-PnativeDebug` to the parameters. e.g. \n```shell\n./gradlew build -PnativeDebug\n```\n\nIf you want to debug C/C++ code inside the enclave, you can use the scripts `conclave-gdb` and `conclave-gdb-attach`\n (in the directory `scripts/`) to debug your code. These are just wrappers of `gdb` for Conclave.\n\n### IntelliJ and CLion inside the container (Linux only)\nIt is possible to install IntelliJ and CLion into the containers, but only on Linux.\n\nSetting the environment variable `CONCLAVE_DOCKER_IDE=1` will enable their automatic download/installation.\nJust add \n```shell\nexport CONCLAVE_DOCKER_IDE_TEST=1\n```\nto the last row of shell initialization scripts (e.g. in `~/.bashrc`), and restart the terminal.\n\n\u003e For the download or update to happen, the container must not be running, so you need to stop\n\u003e it in that case (see below).\n\u003e \n\u003e Downloads are accomplished using **curl**, so ensure that it is installed on your system: \n\u003e ```shell\n\u003e sudo apt-get install curl\n\u003e ```\n\nBy default, the IDEs will be downloaded under the host's `~/.opt/` folder.\n\nYou can now use these commands to launch your IDE of choice:\n\n```shell\ncd \u003cconclave-core-sdk's local repository\u003e\n./scripts/idea.sh # starts IDEA in a container\n./scripts/clion.sh # starts CLion in a container\n```\n### Stopping and restarting the container\n\nIf you `exit` the shell, the container will continue to run. You can see a list of running `sdk-build` containers and their\nIDs by running\n```shell\ndocker ps -f label=sdk-build \n```\nIf necessary, a container can be shut down with \n```shell\ndocker stop $(docker ps -f label=sdk-build -q)\n```\n\nIf you stop the container, you can restart it and log back in by re-running the `devenv_shell.sh` script.\n\nGradle maintains various caches and such in the container in the `/gradle` directory (this won't appear on your host\nsystem). If your container gets messed up you can blow it away by stopping it and then using `docker images` to list the\nimage, and `docker rmi` to delete the image. Then rerun `devenv_shell.sh` to re-download things fresh.\n\n\n## Exploring the codebase\n\nThe Conclave Core SDK consists of several technologies working together. Here is a description of the most\nimportant directories in this repo.\n\n| Directory | Description |\n|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------|\n| [conclave\u0026#x2011;client/](conclave-client)\u003cbr/\u003e[conclave\u0026#x2011;common/](conclave-common)\u003cbr/\u003e[conclave\u0026#x2011;host/](conclave-host)\u003cbr/\u003e[conclave\u0026#x2011;mail/](conclave-mail)\u003cbr/\u003e[conclave\u0026#x2011;web\u0026#x2011;client/](conclave-web-client)\u003cbr/\u003e | Kotlin/Java code of the Core API. |\n| [conclave\u0026#x2011;web\u0026#x2011;host/](conclave-web-host) | Simple web-based Conclave [host server](https://github.com/R3Conclave/conclave-core-sdk/wiki/Conclave-web-host). |\n| [conclave\u0026#x2011;init/](conclave-init) | The tool to quickly and automatically generate a Conclave project. |\n| [containers/conclave\u0026#x2011;build/](containers/conclave-build) | Docker container for building Conclave enclaves in Windows and macOS. |\n| [containers/sdk\u0026#x2011;build/](containers/sdk-build) | Docker container for building the Conclave Core SDK. |\n| [cpp/](cpp) | Place for all C++ code. This is mostly a CMake project, with a wrapper `build.gradle` extracting the artifacts. |\n| [cpp/fatfs/](cpp/fatfs) | Framework to create the representation of the enclave filesystem using FatFs. |\n| [cpp/jvm\u0026#x2011;edl/](cpp/jvm-edl) | The minimal ECALL/OCALL boundary using Intel's EDL language. |\n| [cpp/jvm\u0026#x2011;enclave\u0026#x2011;common/](cpp/jvm-enclave-common) | Implementations and stubs of Linux system POSIX calls inside the enclave. |\n| [cpp/jvm\u0026#x2011;host/](cpp/jvm-host) | Native code which interacts with the Java/Kotlin layer through JNI. |\n| [cpp/jvm\u0026#x2011;host\u0026#x2011;enclave\u0026#x2011;common/](cpp/jvm-host-enclave-common) | Native code used both by the host and the enclave. It mainly consists of utility functions/classes. |\n| [cpp/linux\u0026#x2011;sgx/](cpp/linux-sgx) | Conclave modifications to the [Intel SGX SDK](https://github.com/intel/linux-sgx). |\n| [cpp/substratevm/](cpp/substratevm) | C/C++ enclave code, with the implementation of the entry points (host to enclave) of some EDL code. |\n| [docs/](docs) | Source code for the [Conclave documentation](https://github.com/R3Conclave/conclave-core-sdk/wiki). |\n| [integration\u0026#x2011;tests/](integration-tests) | A separate independent Gradle project which is used to test the SDK artifacts at an integration level. |\n| [plugin\u0026#x2011;enclave\u0026#x2011;gradle/](plugin-enclave-gradle) | The Conclave Gradle enclave plugin, which automates the process of building a native SGX binary. |\n| [python\u0026#x2011;enclave\u0026#x2011;adapter/](python-enclave-adapter) | PoC \"adapter\" enclave for enabling Python support. |\n| [scripts/](scripts) | Various scripts for building and testing the SDK. |\n\n## License\nCopyright © 2022, R3 LLC, all rights reserved.\n\nThe Conclave Core SDK is distributed under the [Apache License v2.0](LICENSE).\n\nIt incorporates components from third-party open source libraries. See the [NOTICE](NOTICE.md) file for more information.\n\n[r3_website]: https://www.r3.com\n[conclave_website]: https://www.conclave.net\n[docs]: https://github.com/R3Conclave/conclave-core-sdk/wiki\n[hello_world]: https://github.com/R3Conclave/conclave-core-sdk/wiki/Run-an-enclave\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FR3Conclave%2Fconclave-core-sdk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FR3Conclave%2Fconclave-core-sdk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FR3Conclave%2Fconclave-core-sdk/lists"}