{% hint style="info" %} Thanks to DCAP on the Integritee Network and the Attesteer, you do not need a production license with intel anymore. We keep this chapter for reference only {% endhint %}
In order to perform a remote attestation of the enclave, an Intel SGX Attestation Enhanced Service Privacy ID (EPID) is needed. We use unlinkable quotes in our code with enhanced privacy.
Development access is free and merely needs an Intel Development Access Account. After registration, you can copy your SPID and the primary or secondary subscription key to:
bin/spid.txtbin/key.txt
Note: You need to use Linux line endings in these files.
The enclave will be signed with the development key found under enclave-runtime/Enclave_private.pem and uses the configuration found under enclave-runtime/Enclave.config.xml.
You need a commercial license with Intel to run your enclaves in production mode (the only mode that really is confidential). Only legal entities can get a commercial license with Intel. Get in touch with them to obtain one. Please note that this whole process will soon be obsolete, as you can perform remote attestation with Integritee as an intermediary. So you only need to get in touch with us! Stay tuned for updates here!
After registration, you can copy your SPID and the primary or secondary subscription key to:
bin/spid_production.txtbin/key_production.txt
Note: You need to use Linux line endings in these files.
The enclave will be signed with the private key that was also registered and whitelisted at Intel's (in the process of obtaining a commercial license). Make sure that this key is exported as an environment variable called SGX_COMMERCIAL_KEY.
The enclave in production mode uses the configuration found under enclave-runtime/Enclave.config.production.xml. The only difference is that the option DisableDebug is set to 1.