Sending encrypted data
Cosmian generates the enclave identity asynchronously, you need to wait the end of the generation which can take a few minutes after all the participants send their public keys and the code provider sent his code.
# send_data.py
import time
from cosmian_secure_computation_client import DataProviderAPI
data_provider = DataProviderAPI(cosmian_token)
while True:
computation = data_provider.get_computation(computation_uuid)
if computation.enclave.identity is None:
print("Waiting 5s the generation of the enclave identity…")
time.sleep(5)
else:
break
When the enclave identity is generated, you can check it:
- verify that the quote is a quote from an Intel SGX enclave thanks to DCAP
- verify that the quote and public key match (todo)
- verify the list of participants in the serialized args (todo)
- verify that the entrypoint hash from the manifest is the same as the computed hash of the entrypoint content (todo)
Before sending data to the enclave, you have to generate a symmetric key. The Cosmian client provides a function, but you can also use whatever suits your security needs.
Then, send your encrypted data specifying the different file paths. You can call this function multiple times to send more files. When you’re done, notify the server by calling done()
.
Finally, send your symmetric key sealed with enclave’s public key.