EnclaveInstanceInfo

public interface EnclaveInstanceInfo

Contains serializable information about an instantiated enclave running on a specific machine, with the measurement and instance signing key verified by remote attestation. The remote attestation infrastructure backing all trusted computing schemes is what gives you confidence that the data in this object is correct and can be trusted, as long as securityInfo and enclaveInfo match what you expect.

An EnclaveInstanceInfo should be fetched from the host via some app specific mechanism, such as via an HTTP request, a directory service lookup, shared file etc.

Methods

createPostOffice
Link copied to clipboard
PostOffice createPostOffice()

Returns a new PostOffice instance for encrypting mail to this target enclave on the "default" topic.

A new sender private key will be used (which can be retrieved with PostOffice.senderPrivateKey), and each mail created by this post office will be authenticated with it and act as the client's authenticated identity to the enclave (see EnclaveMail.authenticatedSender). Typically only one sender key is required per client.

It's very important that related mail are created from the same post office instance, i.e. having the same topic and sender key. This is so the post office can apply an increasing sequence number to each mail, which the target enclave will use to make sure they are received in order and that none have been dropped (see EnclaveMailHeader.sequenceNumber).

For a different stream of mail create another post office with a different topic.

abstract PostOffice createPostOffice(PrivateKey senderPrivateKey, String topic)

Returns a new PostOffice instance for encrypting mail to this target enclave on the given topic.

Each mail created by this post office will be authenticated with the given private key, and will act as the client's authenticated identity to the enclave (see EnclaveMail.authenticatedSender). Typically only one sender key is required per client (a new one can be created using Curve25519PrivateKey.random).

It's very important that related mail are created from the same post office instance, i.e. having the same topic and sender key. This is so the post office can apply an increasing sequence number to each mail, which the target enclave will use to make sure they are received in order and that none have been dropped (see EnclaveMailHeader.sequenceNumber).

For a different stream of mail create another post office with a different topic.

deserialize
Link copied to clipboard
static EnclaveInstanceInfo deserialize(ByteBuffer buffer)

Deserializes an EnclaveInstanceInfo from the given byte buffer.

static EnclaveInstanceInfo deserialize(byte[] bytes)

Deserializes an EnclaveInstanceInfo from the given bytes.

equals
Link copied to clipboard
boolean equals(Object other)
getDataSigningKey
Link copied to clipboard
abstract PublicKey getDataSigningKey()

A key used by the enclave to digitally sign static data structures.

This is not the same as the enclave code signing key, which just links the enclave code to its author.

getEnclaveInfo
Link copied to clipboard
abstract EnclaveInfo getEnclaveInfo()

Contains information about the enclave code that was loaded.

getEncryptionKey
Link copied to clipboard
abstract PublicKey getEncryptionKey()

Returns the enclave's public encryption key.

For creating mail targeted to this enclave use a PostOffice from createPostOffice.

getSecurityInfo
Link copied to clipboard
abstract EnclaveSecurityInfo getSecurityInfo()

Exposes how secure the remote enclave is currently considered to be.

hashCode
Link copied to clipboard
int hashCode()
serialize
Link copied to clipboard
abstract byte[] serialize()

Serializes this object to a custom format and returns the byte array.

toString
Link copied to clipboard
String toString()
verifier
Link copied to clipboard
abstract Signature verifier()

Returns a Signature object pre-initialised with dataSigningKey, ready for the verification of digitial signatures generated by the enclave.