34 lines
1.2 KiB
Markdown
34 lines
1.2 KiB
Markdown
# Occlum SGX Remote Attestation integrated in TLS connection
|
|
|
|
Steps to test the project:
|
|
|
|
```
|
|
occlum-cargo build --example server --features="occlum,actix-web"
|
|
strip -s target/x86_64-unknown-linux-musl/debug/examples/server
|
|
./build_server.sh
|
|
|
|
occlum-cargo build --example client --features="occlum,reqwest"
|
|
strip -s target/x86_64-unknown-linux-musl/debug/examples/client
|
|
./build_client.sh
|
|
```
|
|
|
|
## Mutual RATLS examples
|
|
|
|
Examples show how to use the mRATLS (Mutual Remote Attestation TLS) in different situations:
|
|
|
|
* The first example shows how to create mRATLS HTTPS server and client
|
|
* The second example shows how to create mRATLS GRPCs server and client
|
|
|
|
Both the server and the client must be running inside the enclave.
|
|
So during the remote attestation peers, acquire their RA certificates.
|
|
And during the TLS handshake, they verify each other's RA certificates.
|
|
The config allows to whitelist MRENCLAVE, MRSIGNER, PRODID, SVN of the peer.
|
|
|
|
## RATLS examples
|
|
|
|
Example shows how to create RATLS HTTPS server and client.
|
|
The server must be running inside the enclave.
|
|
The client can be running anywhere.
|
|
The server config allows to whitelist the public ec25519 key of the client.
|
|
The client config allows to whitelist MRENCLAVE, MRSIGNER, PRODID, SVN of the server.
|