Confidential Computing is an emerging area for protecting sensitive data while processing it simultaneously. It consists of hardware and software components. The hardware component is part of a special CPU that supports Confidential Computing- for example, Intel SGX. Conclave SDK is a software component of Confidential Computing that lets engineers interact with hardware and run business logic using Java or JavaScript. In this quick How-To Guide, you will learn how to get started with Conclave SDK. Conclave SDK supports a simulation/mock mode, which means you don’t need special-purpose hardware to write Conclave apps.
- Understand Confidential Computing using the white paper here. From this document, you should be able to gain an understanding of some key fundamentals: data can be in transit, at rest, or in use. Confidential Computing protects data while in use. There are three main parts of Confidential Computing: enclave — the part of the CPU that processes data, untampered by anyone. Even the processor on which the enclave is running has no access to the data. The second part is a host, which is the processor that the enclave is running on. And the third part is a client — the outside process that requests services from Confidential Computing. The client passes its encrypted private data to the host, which passes it to the enclave. The host is always playing a middleman role between client and enclave.
- Understand the fundamentals of Conclave using the information provided in this blog or in the recorded BootCamp. Conclave SDK makes it very easy to interact with low-level enclave libraries, and you can write your code in Java or JavaScript. Only Conclave has genuine remote attestation, which is a way for the enclave to prove to the client that it is running expected business logic and no-one has seen clients’ data.
- Download ConclaveSDK here.
- Load from your favorite IDE ‘Hello World’ app which lives here: conclave-sdk-1.1/hello-world. Let’s take it as the foundation of our app. First, check that all parts are installed correctly by building the project with gradle: choose to run on mock hardware if you run on a normal computer. ./gradlew host:assemble -PenclaveMode=mock , for debug/release modes please read here
- Run the host:
../scripts/container-gradle host:run
- When you see this line:
‘Listening on port 9999’
you can start the client session - On a different terminal tab, start the client:
./gradlew client:run — args=”Reverse me”
. The result on the client’s side: Enclave reversed‘Reverse me’
and gave us the answer’em esreveR’
.
Congratulations, you have run your first Conclave app!
Visit our Conclave page to learn more about Conclave.
Visit the Conclave Docs for more reference materials.