anjuna-decrypt

Name

anjuna-decrypt

Decrypt a file created by a trusted enclave.

SYNOPSIS

anjuna-decrypt --key-file FILE.pem [OPTIONS] ENCRYPTED_FILENAME

DESCRIPTION

When running an application in the Anjuna SGX Runtime, some files can be transparently encrypted by the Anjuna SGX Runtime without any modifications to the application using an RSA public key (specified by the keys entry in the manifest) provided by the user. The anjuna-decrypt enables you to decrypt such files.

See the Configuration Reference for information about how to specify the public key that the Anjuna SGX Runtime uses to encrypt files and how to specify the list of files to be encrypted.

OPTIONS

-k, --key-file string   Decryption key filename (required)
-o, --out string        Decrypted output filename (optional)

EXIT STATUS

  • 0 on success

  • 1 on error

When anjuna-decrypt succeeds, the decrypted file is created in the same directory as the encrypted file, with the same name as the original file, but with ".decrypted" extension added. The decrypt tool also prints the HMAC of the encrypted payload.

EXAMPLE

$ {TOOL_DECRYPT} --key-file anjuna-enclave-sign-privkey.pem testfile
SHA256-HMAC (hex): 2C348966BF20DD4802F731299891EE242E73A4B47196F74A1FC762AE2F03B7A7
SHA256-HMAC (b64): LDSJZr8g3UgC9zEpmJHuJC5zpLRxlvdKH8diri8Dt6c=
Decrypted file: testfile.decrypted