You can find a sample app in the
hello-world directory of your SDK. You can use this app as a template
for your own if you want a quick start. We will cover:
- How to set up your machine.
- How to compile and run the sample app.
- How to write the sample app.
Setting up your machine¶
You need Java 8 or 11 (your choice) and Gradle, so make sure you've installed those first. Alternatively use an IDE like IntelliJ IDEA, which can download and set up both Gradle and the Java Development Kit (JDK) for you.
Currently, we support developing enclaves on Windows, macOS and Linux. However, executing enclaves without using the "mock mode" requires Linux or a Linux container (e.g. via Docker or Windows Subsystem for Linux) and there are no plans to change this. Apple doesn't support SGX and the Windows API support is too limited for use at this time. Fortunately for day to day development, the mock API is plenty sufficient and allows you to debug into enclave calls as well. Compiling a real enclave is only needed for integration testing or real deployment.
Enclaves can run in simulation mode without requiring any special setup of Linux or SGX capable hardware. However you of course get no hardware protections. To run against real SGX hardware you must perform some additional machine setup.
Compiling the sample enclave¶
Step 1: Import the project
Step 2: Look at the Conclave SDK's top level directory
Step 3: Click "import" when notified that there's a Gradle build script
Step 4: If on Linux or Windows, double-click on
:host:assemble. Voila! You have just built your first enclave.
Now explore the
As normal with Gradle, the
assemble task has bundled the program into a zip, with startup scripts. These scripts are
nothing special - they just set up the classpath. You could also e.g. make a fat JAR if you want.
Running the host and client¶
You will need Linux to test your enclave. Just run the host app like any app - no special startup scripts or setup is required with Conclave!
1 2 3
If your Linux machine doesn't have SGX, you should see something like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
The host has loaded the enclave, obtained its remote attestation (the
EnclaveInstanceInfo object), printed it out,
asked the enclave to reverse a string and finally opened up a TCP port which will now listen for requests from remote
So, let's run the client app:
The client will connect to the host, download the
EnclaveInstanceInfo, check it, and then send an encrypted string
to reverse. The host will deliver this encrypted string to the enclave, and the enclave will send back to the client
the encrypted reversed response:
1 2 3 4
Aibohphobia is the fear of palindromes.
Testing on Windows¶
If you're on Windows, you could test locally in simulation mode using a Docker container. Follow these instructions:
Step 1: Create a container and install Java 8
c:/ws/sdk with the path to the Conclave SDK:
1 2 3
Step 2: Unpack the artifacts and run the
Step 3: You may want to create an IntelliJ launch configuration to incorporate the
Put the commands above in a .cmd batch file and then use the "Shell script" launch configuration type, and add
a Gradle task in the "Before launch" section. You will then be able to click the run icon in your IDE to
build and start up the Java host app inside the Docker container.
Step 4: When done with testing remove the container, to stop it using up resources.
If you get stuck please contact email@example.com and ask for help!