diff --git a/docs/Privacy/Tessera/Tessera Services/Enclave.md b/docs/Privacy/Tessera/Tessera Services/Enclave.md index f62d3e70f..a8dc9c44e 100644 --- a/docs/Privacy/Tessera/Tessera Services/Enclave.md +++ b/docs/Privacy/Tessera/Tessera Services/Enclave.md @@ -12,13 +12,6 @@ This enables all sensitive operations to be handled in a single place, without a The Transaction Manager, which handles peer management and database access, as well as Quorum communication does not perform **any** encryption/decryption, greatly reducing the impact an attack can have. -### Enclave Encryption Technique - -The Enclave encrypts payloads sent to it by the Transaction Manager using xsalsa20poly1305 (payload container) and curve25519xsalsa20poly1305 (recipient box). Each payload encryption produces a payload container, as well as N recipient boxes, where N is the number of recipients specified in the `privateFor` param of the Transaction. - - * A payload container contains the payload encrypted with a symmetric key and a random nonce - * A recipient box is the Master Key for the payload container encrypted for the public key of a recipient using a random nonce. (Note that this is basically how PGP works, but using the [NaCl](https://nacl.cr.yp.to/) cryptographic primitives.) - ### What exactly does the enclave handle? The Tessera enclave **handles** the following data: @@ -37,15 +30,6 @@ The enclaves **performs** the following actions on request: - decrypting transactions for a given recipient (or sender) - adding new recipients for existing payloads -### Private Key Generation Algorithm -The following steps detail the technique used to manage the private keys: - - 1. Given a password P - 2. Generate random Argon2id nonce - 3. Generate random NaCl secretbox nonce - 4. Stretch P using Argon2id (and the Argon2id nonce) into a 32-byte master key (MK) - 5. Encrypt Private key in secretbox using secretbox nonce and Argon2i-stretched MK - ### Where does the Enclave sit in the private transaction flow? The Enclave is the innermost actor of the sequence of events. The below diagram demonstrates where the enclave sits: