I've been reading the following sample code which demonstrates the usage of local attestation: [here](https://github.com/apache/incubator-teaclave-sgx-sdk/tree/master/samplecode/localattestation)
In this example, enclaves communicate with each other through a series of `ECALLSs` and `OCALLs`. In doing this they can send and receive messages that are necessary to establish a secured connection. The result is a shared ECDH secret key to be used for future communication. _How can I use this shared secret to continue communicating between enclaves 1 and 2?_ [This function](https://github.com/apache/incubator-teaclave-sgx-sdk/blob/master/samplecode/localattestation/attestation/src/func.rs#L66-L120), invoked from enclave 1, eventually establishes a secure connection after [processing msg3](https://github.com/apache/incubator-teaclave-sgx-sdk/blob/master/samplecode/localattestation/attestation/src/func.rs#L106). As a result of processing msg3, we obtain the [sgx_align_key_128bit_t](https://github.com/apache/incubator-teaclave-sgx-sdk/blob/master/samplecode/localattestation/attestation/src/func.rs#L70). My guess is that this is the symmetric key (can't find documentation on this). **Questions:** - To send further secure messages between the enclaves, does the `sgx_align_key_128bit_t` key need to be sealed to the enclave? For example, You would seal in [create_session](https://github.com/apache/incubator-teaclave-sgx-sdk/blob/master/samplecode/localattestation/attestation/src/func.rs#L66-L120) for enclave 1 and in [exchange_report_safe](https://github.com/apache/incubator-teaclave-sgx-sdk/blob/master/samplecode/localattestation/attestation/src/func.rs#L159-L190) for enclave 2. - Does the encrypting of messages need to be performed manually? Does the SDK provide some higher level APIs of this in action? - I'd imagine the model for further communication will still follow the IPC pattern that was used for establishing the connection? @dingelish fyi -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/332
