anjuna-encrypt

Encrypt a file for a specific enclave.

SYNOPSIS

    anjuna-encrypt --public-key <pubkey_file> <plaintext_file>

DESCRIPTION

The anjuna-encrypt tool is used to encrypt data for a specific enclave once it has been established that the enclave is trusted. See anjuna-check-attestation to learn about verifying whether an enclave is trusted.

Using the anjuna-encrypt tool, a client can ensure that sensitive secrets are securely transmitted to the enclave.

The anjuna-encrypt tool uses the public key (RSA key in PEM format) generated by an enclave during the provisioning step to encrypt a specific file for this enclave.

The anjuna-encrypt tool can encrypt files up to 16MB.

If the encryption operation succeeds then a new file is created with the same name as the original file, but with the ".sealed" extension.

OPTIONS

    Usage: anjuna-encrypt [OPTIONS] PLAINTEXT_FILENAME
      -o, --out string          Encrypted output filename (default appends ".sealed" to input filename)
      -k, --public-key string   Public RSA key that will wrap the symmetric file-encryption key (required)

EXIT STATUS

anjuna-encrypt returns 0 on success and 1 on failure.

EXAMPLE

    $ anjuna-encrypt --public-key provision/python.pubkey my-secret-key