Skip to content


Conclave is a toolkit for building enclaves, small pieces of software that are protected from attack by the owner of the computer on which they run. It is ideally suited to solving multi-party collaboration and privacy problems.

Why Conclave?

  • Write your host app in any language that can run on a Java Virtual Machine like Java, Kotlin or even JavaScript. Write your enclave using the GraalVM native image technology for incredibly tight memory usage, support for any GraalVM language and instant startup time. Eliminate all memory management errors that would undermine the security of your enclave, thanks to the built-in generational garbage collector.
  • High level, simple API that is much easier to use than other enclave APIs.
  • Full support for auditing enclaves over the internet, including remote attestation and fully deterministic, reproducible builds. A user can verify what the source code of the remotely running enclave is, to ensure it will behave as they expect.
  • A Gradle plugin to automate compiling, signing and calculating the code hash of your enclave. No need to use the Intel SDK - everything needed is included.
  • API designs that guide you towards SGX best practices and avoidance of security pitfalls.
  • A powerful unit testing framework to verify the operation of your enclave and remote attestation functionality, using just JUnit.
  • Tutorials, guides and commercial support from the SGX experts at R3.


Enclaves. If you're totally new to enclave development, start with our introduction to enclave-oriented design. This will explain the concepts referred to in the rest of the documentation.

Architectural overview. This explains the core Conclave APIs.

Tutorial. Once you understand the concepts go straight to writing your first enclave.

Enclave Configuration. Now you've created your first enclave, take a deeper look at the configuration options available for creating enclaves.

Using JavaScript. How to use JIT compiled JavaScript inside the enclave.

Machine setup. Learn how to obtain SGX capable hardware, set it up, deploy to production and then keep your machine trusted by applying updates.

Reference guide. We provide detailed JavaDocs for the API.

Get in touch

There's a public mailing list for discussion of using Conclave and SGX. Join

You can also email us directly. In future R3 will offer ticket based commercial support.


This is a developer preview release of Conclave. You may not run enclaves built with it in production. Please read the list of known issues.

Release notes

Beta 4

  1. 🧩 New feature! Conclave now supports building GraalVM Native Image enclaves on macOS and Windows! GraalVM Native Image support was added in Beta 3 but required a Linux build system. Now, by installing Docker on Windows or macOS you can configure your enclaves to use the graalvm_native_image runtime and let Conclave simply manage the build process for you. Creating and managing the container is automated for you.
  2. 🧩 New feature! Conclave now supports a new remote attestation protocol. That means it now works out of the box on Azure Confidential Compute VMs, without any need to get an approved signing key: you can self sign enclaves and go straight to 'release mode' on Azure. Follow our tutorial on how to deploy your app to Azure to learn more.
  3. 🧩 New feature! Easily enable and use JavaScript. It is JIT compiled inside the enclave, warms up to be as fast as V8 and can interop with JVM bytecode. Full support for the latest ECMAScript standards.
  4. 🧩 New feature! Mail is now integrated with the SGX data sealing and TCB recovery features. If a version of the CPU microcode, SGX architectural enclaves or the enclave itself is revoked, old mail will be readable by the newly upgraded system, but downgrade attacks are blocked (old versions cannot be exploited to read new mail). This support is fully automatic and especially useful when using the 'mail to self' pattern for storage.
  5. 🧩 New feature! The new EnclaveHost.capabilitiesDiagnostics API prints a wealth of detailed technical information about the host platform, useful for diagnostics and debugging.
  6. System.currentTimeMillis now provides high performance, side-channel free access to the host's clock. The host copies the current time to a memory location the enclave can read, thus avoiding a call out of the enclave that could give away information about where in the program the enclave is. Remember however that as per usual, the host can change the time to whatever it wants, or even make it go backwards.
  7. Significantly improved multi-threading support. Learn more about threads inside the enclave. Write scalable, thread safe enclaves and use thread-pools of different sizes inside and outside the enclave.
  8. Conclave's internal dependencies are better isolated. As a consequence it's now loadable from inside an app designed for R3's Corda platform. Corda is one of the world's leading blockchain platforms and its privacy needs are what drove development of Conclave. We plan to release a sample app showing Corda/Conclave integration soon.
  9. API improvements! The API for receiving local calls into an enclave has been simplified, the mail API lets the host provide a routing hint when delivering, and the API for passing attestation parameters has been simplified due to the introduction of support for the new DCAP attestation protocol. Learn more about the API changes.
  10. Mail has been optimised to reduce the size overhead and do fewer memory copies.
  11. Bug fixes, usability and security improvements. Upgrade to ensure your enclave is secure. We've improved error messages for a variety of situations where Conclave isn't being used correctly.

Beta 3

  1. 🧩 New feature! The Mail API makes it easy to deliver encrypted messages to the enclave that only it can read, with sequencing and separation of different mail streams by topic. Mail can also be used by an enclave to persist (sealed) data. Learn more
  2. 🧩 New feature! You can now compile your entire enclave ahead of time using GraaalVM Native Image. This gives you access to a much better JVM than in prior releases, with faster enclaves that use less RAM. The performance improvement can be between 4x and 12x faster than in prior releases and memory usage can be up to 5x lower.
  3. 🧩 New feature! New mock API for easy debugging between the host and enclave, fast unit testing and easy development of enclaves on machines that don't support the technology. Learn more.
  4. 🧩 New feature! You can now produce enclaves on macOS! Just follow the instructions as you would on a Linux developer machine, and a JAR with an embedded Linux enclave .so file will be produced automatically. You can then take that JAR and upload it to a Linux host for execution, e.g. via a Docker or webapp container (e.g. Tomcat). Combined with the equivalent Windows support we added in beta 2 and the easy to use mock enclave API, this completes our developer platform support and allows mixed teams of people working on their preferred OS to build enclave-oriented apps together. Please note: at this time only the Avian runtime can be cross-compiled from Windows and macOS.
  5. 🧩 New feature! You may now make concurrent calls into the enclave using multiple threads,.
  6. Remote attestations (serialized EnclaveInstanceInfo objects) now remain valid across enclave restarts. They may still be invalidated by changes to the SGX TCB, for example, microcode updates applied as part of an operating system upgrade.
  7. Enclave/host communication now handles exceptions thrown across the boundary properly.
  8. In order to prevent accidental leakage of information from inside enclaves, release builds of enclaves no longer propagate console output across the enclave boundary. Calls to System.out.println() and related methods will now only print to the console on simulation and debug builds of enclaves.

Beta 2

  1. 🧩 New feature! Build enclaves on Windows without any special emulators, virtual machines or other setup.
  2. 🧩 New feature! Specify an enclave's product ID and revocation level in the enclave build file. There's a new conclave block which lets you do this. These values are enforced in any relevant EnclaveConstraint object.
  3. 🧩 New feature! A new EnclaveHost.checkPlatformSupportsEnclaves API allows you to probe the host operating system to check if enclaves are loadable, before you try to actually do so. Additionally, if SGX is disabled in the BIOS but can be enabled by software request, Conclave can now do this for you. If the host machine needs extra configuration a useful error message is now provided in the exception.
  4. 🧩 New feature! Better support for enclave signing in the Gradle plugin. New documentation has been added showing how to sign with externally managed keys.
  5. You can now use the Conclave host API from Java 11. The version of Java inside the enclave remains at Java 8.
  6. We've upgraded to use the version 2.9.1 of the Intel SGX SDK, which brings security improvements and lays the groundwork for new features. Make sure your host system is also running version 2.9.1. We've also upgraded to the latest version of the Intel Attestation Service (IAS).
  7. The ID for the enclave plugin is now com.r3.conclave.enclave. You will need to change this in your enclave's build.gradle file.
  8. enclave.xml files are no longer needed. You can safely delete them, as they're now generated for you by Conclave.
  9. The enclave measurement is now stable when built using different versions of the JDK.
  10. The format of an EnclaveInstanceInfo has been optimised. Old EnclaveInstanceInfo objects won't work with the beta 2 client libraries and vice-versa.
  11. Java serialization is now formally blocked inside the enclave using a filter. Unfiltered deserialization has a history of leading to exploits in programs written in high level managed languages.