Secret Key Provisioning

A secure secret key provisioning protocol is employed when an enclave needs to receive secret keys that cannot be sealed for persistence but instead need to be installed into the enclave. It is important to note that an enclave program resides on the host, and including any secrets such as TLS certificates' private keys or environment variables containing admin passwords directly in the program package or file system is not recommended. Considering the threat model where adversaries have control over the host, it must be assumed that they can access the program and potentially reverse-engineer the secrets.

Suppose the secret keys are encrypted using AES256-bit encryption and loaded into the enclave. The next step is to establish a mechanism to securely provision the decryption keys into the enclave. The provisioning protocol incorporates concepts from secure channel protocols like TLS, combined with remote authentication (RA). The protocol operates between enclave A and a relying party B, following these steps:

1. Enclave A initiates an RA-TLS channel with the relying party. The enclave sends a certificate containing a remote attestation quote through this channel.

2. The relying party verifies the remote attestation quote received from enclave A. Upon successful verification, indicating the integrity and authenticity of the enclave, the relying party proceeds with the provisioning process.

3. Using the secure TLS channel established in Step 1, the relying party securely transfers the provisioned secret keys to enclave A.

It is worth mentioning that variations of the protocol may require performing remote attestation of the relying party as well, ensuring mutual authentication between enclaves.

By employing this secure secret key provisioning protocol, enclaves can receive the necessary decryption keys in a protected manner, mitigating the risks associated with exposing sensitive secrets to potential adversaries who control the host environment.