Sending encrypted data

Cosmian generates the enclave identity asynchronously, you need to wait the end of the generation which can take a few minutes after all the participants send their public keys and the code provider sent his code.

import time
from cosmian_secure_computation_client import DataProviderAPI

data_provider = DataProviderAPI(cosmian_token)

while True:
    computation = data_provider.get_computation(computation_uuid)
    if computation.enclave.identity is None:
        print("Waiting 5s the generation of the enclave identity…")

When the enclave identity is generated, you can check it:

  • verify that the quote is a quote from an Intel SGX enclave thanks to DCAP
  • verify that the quote and public key match (todo)
  • verify the list of participants in the serialized args (todo)
  • verify that the entrypoint hash from the manifest is the same as the computed hash of the entrypoint content (todo)

Before sending data to the enclave, you have to generate a symmetric key. The Cosmian client provides a function, but you can also use whatever suits your security needs.

from cosmian_secure_computation_client.crypto.helper import random_symkey
symmetric_key = random_symkey()

Then, send your encrypted data specifying the different file paths. You can call this function multiple times to send more files. When you’re done, notify the server by calling done().

computation_uuid = "xxxxxxxxxxxxxxxxxxxxxx"
path_1 = "/demo/demo1.csv"
path_2 = "/demo/demo2.csv"

data_provider.push_files(computation_uuid, symmetric_key, [path_1, path_2])

Finally, send your symmetric key sealed with enclave’s public key.

from cosmian_secure_computation_client.crypto.helper import seal

sealed_symmetric_key = seal(symmetric_key, computation.enclave.identity.public_key)
data_provider.key_provisioning(computation_uuid, sealed_symmetric_key)