sgxwallet: SKALE SGX-based hardware crypto wallet
Intro
sgxwallet is a next generation hardware secure crypto wallet that is based on Intel SGX technology. It currently supports Ethereum and SKALE, and will support Bitcoin in the future.
sgxwallet runs as a network server. Clients connect to the server, authenticate to it using TLS 1.0 protocol with client certificates, and then issue requests to the server to generate crypto keys and perform cryptographic operations. The keys are generated inside the secure SGX enclave and never leave the enclave unencrypted.
The server provides an initial registration service to issue client certificates to the clients. The administrator manually approves each registration.
sgxwallet has been tested on Ubuntu Linux 18.04.
An important note about production readiness
The sgxwallet server is still in active development and therefore should be regarded as alpha software. The development is still subject to security hardening, further testing, and breaking changes. This server has not yet been reviewed or audited for security. Please see SECURITY.md for reporting policies.
Running sgxwallet
Clone this repo
As you probably suspect, the first thing to do is to clone this repository and all it is sub-repositories.
git clone https://github.com/skalenetwork/sgxwallet.git --recurse-submodulesTry in simulation mode
The easiest way to try the sgxwallet server is to run a docker container in insecure simulation mode that emulates an SGX processor. Once you are familiar with the server, you can enable sgx on your machine and run it in secure production mode.
First install docker-compose if you dont have it
sudo apt-get install docker.io docker-composeThen run sgxwallet using docker-compose
cd run_sgx_sim; sudo docker-compose upNote: you need a machine that supports Intel AVX512 instruction set. Most modern Intel CPUs support it. To verify you machine supports AVX512, run
cat /proc/cpuinfo | grep avx512Note: sgxwallet requires docker-compose for correct operation. You must always use docker-compose and avoid using raw docker tools.
Note: simulation mode is only to try sgxwallet. In production, you need to run sgxwallet on a server that supports SGX. Never run a production sgxserver in simulation mode.
Admin guide
If you are a SKALE validator and want to run sgxwallet for testnet or mainnet usage, you need
a SGX-capable server.
Please refer to Admin guide for details on how to setup sgxwallet in a secure hardware mode
docs/admin-guide.md.
Developer guide
If you are a SKALE developer and want to build sgxwallet from source, please refer to Developer guide docs/developer-guide.md.
Contributing
See contributing for information on how to contribute.
Libraries used by this project
- Intel-SGX-SSL by Intel
- LevelDB by Google
- libBLS by SKALE Labs
- libff by SCIPR-LAB
- Linux SGX Driver by Intel
- SGX-GMP by Intel
- SGX Software Enable by Intel
License
All contributions to sgxwallet are made under the GNU Affero General Public License v3. See LICENSE.
Copyright (C) 2019-Present SKALE Labs.