anjuna-encrypt
Encrypt a file for enclaves powered by Anjuna.
Description
The anjuna-encrypt tool is used to encrypt data for enclaves running in the Anjuna SGX Runtime.
Encrypting files for a specific enclave
One option is to encrypt data for a specific enclave once it has been established that the enclave is trusted. See anjuna-check-attestation to learn about verifying whether an enclave is trusted.
Using the anjuna-encrypt tool, a client can ensure that sensitive secrets are securely
transmitted to the enclave.
The anjuna-encrypt tool uses the public key (RSA key in PEM format)
generated by an enclave during the provisioning step to encrypt a specific file for this enclave.
The anjuna-encrypt tool can encrypt files up to 16MB.
If the encryption operation succeeds then a new file is created with the same name as the original
file, but with the ".sealed" extension.
Encrypting files protected by APM keys
Another option is to encrypt a file, which the enclave decrypts using a key stored in the APM. See Configuring the Policy Manager to learn about using the Anjuna Policy Manager for file encryption.
Using the anjuna-encrypt tool, a client can encrypt files for enclaves using the keys
stored in the APM.
As before, if the encryption operation succeeds, then the new file name will be the same as the
original file, but with the ".sealed" extension.
Options
Usage: anjuna-encrypt [OPTIONS] PLAINTEXT_FILENAME
--aes-key string Base64 encoded AES128 key to encrypt the file with
-o, --out string Encrypted output filename (default appends ".sealed" to input filename)
-k, --public-key string Public RSA key that will wrap the symmetric file-encryption key