Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enclave as distinct service #512

Closed
melowe opened this issue Nov 6, 2018 · 2 comments
Closed

Enclave as distinct service #512

melowe opened this issue Nov 6, 2018 · 2 comments
Assignees
@melowe
Labels
0.9 enhancement Non-user code enhancements
Milestone
QE - March Delive...

Comments

@melowe
Copy link
Contributor

melowe commented Nov 6, 2018
edited by Krish1979
Loading

Enclave needs to be runnable as a distinct service that can optionally be deployed separately to the transaction manager. The architectural assuming being that access to private keys is only available within the system boundaries of the enclave.

  1. Add server config for enclave
  2. Create standalone enclave jar that can be deployed externally from the core tessera application

┆Issue is synchronized with this Trello card
@melowe melowe self-assigned this Nov 6, 2018
@vietlq
Copy link

vietlq commented Dec 4, 2018

Do you have any specific enclave in mind to be used? Yubi HSM2 has some nice features and is pretty cheap https://www.yubico.com/product/yubihsm-2/ . I can see that Enclave interface is nicely designed and can accommodate various implementations to different back-ends: https://github.com/jpmorganchase/tessera/blob/8c0bad8867b6e126116de27be946e202ca10ebdb/encryption/encryption-api/src/main/java/com/quorum/tessera/encryption/Enclave.java

@melowe melowe mentioned this issue Dec 4, 2018
Closed
melowe added a commit that referenced this issue Dec 7, 2018
@melowe
Initial changes that implement #512 Enclave as a service and
25a6f2d 
a remote enclave client.
@melowe
Copy link
Contributor Author

melowe commented Feb 6, 2019

#623

Adds most plumbing code for proxying enclave invocations behind a Websocket. Using a stateful protocol will allow us to add run status functions to enclave so the status can be checked before attempting process transactions.

Outstanding items

  1. Add enclave factory that when reading configuration will create an Enclave client.
  2. Test and address any performance enhancements.
  3. Create thread that can test enclave's runtime status and attempt to start as a given interval (required for enclave-jaxrs and enclave-websockets)
  4. Add minimal cli to start enclave-websockets
  5. Add relevant suites and/or tags to fire up remote enclave instances and ensure tests pass as usual.

@Krish1979 Krish1979 added the enhancement Non-user code enhancements label Feb 12, 2019
@Krish1979 Krish1979 added this to the QE - March Deliverable milestone Mar 15, 2019
@Krish1979 Krish1979 added 0.9 and removed in progress labels Apr 9, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@melowe melowe

Labels
0.9 enhancement Non-user code enhancements
Projects
None yet
Milestone
QE - March Deliverable
Development

No branches or pull requests
3 participants
@vietlq @melowe @Krish1979