Reply to post: Hmmmm..

Intel: Let's talk about SGX, baby. Let's talk about 2U and me. Let's talk about all the good things, and the bad...

donk1

Hmmmm..

The idea is to put your decryption code in the enclave and then then send encrypted text and a description of the operation you want to perform to the enclave.

The unencrypted data never leaves the enclave, not even the hypervisor sees the unencrypted data.

E.g. to search encrypted data in sql server

https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-enclaves?view=sqlallproducts-allversions

What I do not get is how you get the decryption keys into the enclave securely!

"The client driver sends the column encryption keys required for the operations to the secure enclave (over a secure channel)."

What secure channel which the hypervisor cannot see? Hmmm..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019