{"id":21905884,"url":"https://github.com/cosmian/cenclave-lib-sgx","last_synced_at":"2025-03-22T07:19:24.124Z","repository":{"id":263047978,"uuid":"889185531","full_name":"Cosmian/cenclave-lib-sgx","owner":"Cosmian","description":"Library for Cosmian Enclave to bootstrap ASGI/WSGI application","archived":false,"fork":false,"pushed_at":"2024-12-30T14:00:38.000Z","size":26,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-27T07:30:14.351Z","etag":null,"topics":["enclave","sgx"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Cosmian.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-15T19:24:09.000Z","updated_at":"2024-12-19T14:24:43.000Z","dependencies_parsed_at":"2024-11-15T20:27:41.182Z","dependency_job_id":"4b69b027-5c1e-4140-b2d9-4fd4eb99ec54","html_url":"https://github.com/Cosmian/cenclave-lib-sgx","commit_stats":null,"previous_names":["cosmian/cenclave-lib-sgx"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cosmian%2Fcenclave-lib-sgx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cosmian%2Fcenclave-lib-sgx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cosmian%2Fcenclave-lib-sgx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cosmian%2Fcenclave-lib-sgx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Cosmian","download_url":"https://codeload.github.com/Cosmian/cenclave-lib-sgx/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244919626,"owners_count":20531843,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["enclave","sgx"],"created_at":"2024-11-28T16:38:58.566Z","updated_at":"2025-03-22T07:19:24.107Z","avatar_url":"https://github.com/Cosmian.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cosmian Enclave Lib SGX\n\n## Overview\n\nCosmian Enclave lib SGX bootstraps the execution of an encrypted ASGI/WSGI Python web application for [Gramine](https://gramine.readthedocs.io/).\n\nThe library is responsible for:\n\n- Configuring the SSL certificates with either:\n - *RA-TLS*, a self-signed certificate including the Intel SGX quote in an X.509 v3 extension\n - *Custom*, the private key and full keychain is provided by the application owner\n - *No SSL*, the secure channel may be managed elsewhere by an SSL proxy\n- Decrypting Python modules encrypted with XSala20-Poly1305 AE\n- Running the ASGI/WSGI Python web application with [hypercorn](https://pgjones.gitlab.io/hypercorn/)\n\n## Technical details\n\nThe flow to run an encrypted Python web application is the following:\n\n1. A first self-signed HTTPS server using RA-TLS is launched waiting to receive a JSON payload with:\n - UUID, a unique application identifier provided to `enclave-bootstrap` as an argument\n - the decryption key of the code\n - Optionally the private key corresponding to the certificate provided to `enclave-bootstrap` (for *Custom* certificate)\n2. If the UUID and decryption key are the expected one, the configuration server is stopped, the code is decrypted and finally run as a new server\n\n\n## Installation \n\n```console\n$ pip install cenclave-lib-sgx\n```\n\n## Usage\n\n```console\n$ cenclave-bootstrap --help\nusage: cenclave-bootstrap [-h] [--host HOST] [--client-certificate CLIENT_CERTIFICATE] [--port PORT]\n [--subject SUBJECT] [--san SAN] --app-dir APP_DIR --id ID [--timeout TIMEOUT]\n [--version] [--debug]\n (--ratls EXPIRATION_DATE | --no-ssl | --certificate CERTIFICATE_PATH)\n application\n\nBootstrap ASGI/WSGI Python web application for Gramine\n\npositional arguments:\n application ASGI application path (as module:app)\n\noptions:\n -h, --help show this help message and exit\n --host HOST hostname of the server\n --client-certificate CLIENT_CERTIFICATE\n For client certificate authentication (PEM encoded)\n --port PORT port of the server\n --subject SUBJECT Subject as RFC 4514 string for the RA-TLS certificate\n --san SAN Subject Alternative Name in the RA-TLS certificate\n --app-dir APP_DIR path of the python web application\n --id ID identifier of the application as UUID in RFC 4122\n --timeout TIMEOUT seconds before closing the configuration server\n --version show program's version number and exit\n --debug debug mode with more logging\n --ratls EXPIRATION_DATE\n generate a self-signed certificate for RA-TLS with a specific expiration date (Unix time)\n --no-ssl use HTTP without SSL\n --certificate CERTIFICATE_PATH\n custom certificate used for the SSL connection, private key must be sent through the\n configuration server\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcosmian%2Fcenclave-lib-sgx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcosmian%2Fcenclave-lib-sgx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcosmian%2Fcenclave-lib-sgx/lists"}