poanetwork
/
quorum
mirror of https://github.com/poanetwork/quorum.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update Enclave.md

This commit is contained in:
Krish1979 2019-05-08 16:28:14 +01:00 committed by GitHub
parent d47f6f9150
commit 87c0203d7f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/Privacy/Tessera/Tessera Services/Enclave.md
View File

@ -12,6 +12,13 @@ This enables all sensitive operations to be handled in a single place, without a
The Transaction Manager, which handles peer management and database access, as well as Quorum communication does not perform **any** encryption/decryption, greatly reducing the impact an attack can have.
### Enclave Encryption Technique
The Enclave encrypts payloads sent to it by the Transaction Manager using xsalsa20poly1305 (payload container) and curve25519xsalsa20poly1305 (recipient box). Each payload encryption produces a payload container, as well as N recipient boxes, where N is the number of recipients specified in the `privateFor` param of the Transaction.
* A payload container contains the payload encrypted with a symmetric key and a random nonce
* A recipient box is the Master Key for the payload container encrypted for the public key of a recipient using a random nonce. (Note that this is basically how PGP works, but using the [NaCl](https://nacl.cr.yp.to/) cryptographic primitives.)
### What exactly does the enclave handle?
The Tessera enclave **handles** the following data: