Skip to content

StealthDB: an encrypted database from intel sgx with small trusted computing base.

Notifications You must be signed in to change notification settings

cryptograph/stealthdb

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

StealthDB

StealthDB is an extension to PostgreSQL, leveraging Intel SGX, that endows it with encrypted database functionality (i.e. encrypted values can be persisted in tables, and queries with encrypted expressions and predicates can be specified). The database's integrity and confidentiality is guaranteed under a threat model in which only the CPU is trusted. Further information can be found here.

Status

StealthDB is a research project and is not suitable for production use.

Requirements

Quickstart

Installing on 64-bit Ubuntu Desktop-16.04

  1. Install PostgreSQL server and the PostgreSQL extension build tool:
sudo apt-get install postgresql postgresql-server-dev-all
  1. Run:
make
sudo make install

Creating a Debian-based Docker Container

  1. If you have a PostgreSQL service already running, be sure to stop it with sudo service postgresql stop.

  2. Run

make docker

Running Queries

  1. Run the PostgreSQL client.

  2. Load the extension into the database, generate the default master key, and load the key.

CREATE EXTENSION encdb;
SELECT generate_key();
SELECT load_key(0);
  1. Try some examples
SELECT pg_enc_int4_encrypt(1) + pg_enc_int4_encrypt(2);
SELECT pg_enc_int4_decrypt(pg_enc_int4_encrypt(1) + pg_enc_int4_encrypt(2));

pg_enc_int4_decrypt and pg_enc_int4_encrypt are wrappers around the enc_int4 data type, which in turn corresponds to the int4 type offered by PostgreSQL.

pg_enc_int4_encrypt(x) encrypts the number x and stores it as an enc_int4 value. pg_enc_int4_decrypt(x) takes an enc_int4 value x and decrypts it. Further information can be found here.

Consult the manual for further information.

About

StealthDB: an encrypted database from intel sgx with small trusted computing base.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published