Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cloud-key-store/keystore

A server with SGX enclave that stores private keys and performs crypto operations upon requests.
https://github.com/cloud-key-store/keystore

Last synced: about 1 month ago
JSON representation

A server with SGX enclave that stores private keys and performs crypto operations upon requests.

Host: GitHub
URL: https://github.com/cloud-key-store/keystore
Owner: cloud-key-store
Created: 2018-05-17T17:03:25.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2019-01-08T10:52:41.000Z (almost 6 years ago)
Last Synced: 2024-08-03T01:24:31.226Z (4 months ago)
Language: C++
Size: 59.6 KB
Stars: 7
Watchers: 5
Forks: 5
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

Awesome-SGX-Open-Source - https://github.com/cloud-key-store/keystore

README

        Cloud Key Store - secure storage for private credentials

========================================================

Introduction

------------

Cloud Key Store (CKS) is a tool to protect private cryptographic keys in the cloud.

It performs cryptographic operations using the keys based on user requests.

The user authentication is password based.

An example usage is to store GnuPG private keys.

A detailed discussion of our motivation, threat model, design decisions, and evaluation of the CKS is presented in our technical paper: [https://arxiv.org/abs/1804.08569](https://arxiv.org/abs/1804.08569)

Building instructions

---------------------

### Prerequisites

- Install SGX SDK:

  * Download and install [Intel SGX SDK for Linux](https://github.com/01org/linux-sgx)

  * Set the SGX_SDK variable in the Makefile to the location of your SGX SDK

  * Set the SIGNING_KEY variable in the Makefile to point to an enclave signing key. If needed, generate a signing key following Intel's [OpenSSL Examples](https://software.intel.com/en-us/node/708948)

- Build the 3rd party libraries

  * Clone [sgx-utils](https://github.com/SSGAalto/sgx-utils)

  * Build libraries by running `make`.

  * Copy them to `./libs` directory, or modify Makefile `Lib_Dir` variable.

  * The required libraries are `lib_tke` and `lib_uke`.

### Building CKS server

  * Make sure that the Makefile libdir variable points to the right directory (`sgx-utils/libs`), and the paths to the 3rd party libraries are correct.

  * Run `make`. This will generate objects under ``build`` directory and `keystore` and `client` executables. The enclave will be put under ``build/enclave``.

  * To test the build run `./keystore`, connect to the server by running `./client`.

  * To build tests run `cmake` in the `test` directory. Run `make check` to run the unit tests.

Installation

------------

In order verify the quote recieved during remote attestation, you need access to the Intel Attestation Service (IAS). 

This requires registering with Intel via [this form](https://software.intel.com/formfill/sgx-onboarding).

Once registered, set your assigned Service Provider ID (SPID) in the ias.cpp file.