Skip to content

Latest commit

 

History

History
68 lines (43 loc) · 2.32 KB

README.md

File metadata and controls

68 lines (43 loc) · 2.32 KB

StealthDB

StealthDB is an extension to PostgreSQL, leveraging Intel SGX, that endows it with encrypted database functionality (i.e. encrypted values can be persisted in tables, and queries with encrypted expressions and predicates can be specified). The database's integrity and confidentiality is guaranteed under a threat model in which only the CPU is trusted. Further information can be found here.

Status

StealthDB is a research project and is not suitable for production use.

Requirements

Quickstart

Installing on 64-bit Ubuntu Desktop-16.04

  1. Install PostgreSQL server and the PostgreSQL extension build tool:
sudo apt-get install postgresql postgresql-server-dev-all
  1. Run:
make
sudo make install

Creating a Debian-based Docker Container

  1. If you have a PostgreSQL service already running, be sure to stop it with sudo service postgresql stop.

  2. Run

make docker

Running Queries

  1. Run the PostgreSQL client.

  2. Load the extension into the database, generate the default master key, and load the key.

CREATE EXTENSION encdb;
SELECT generate_key();
SELECT load_key(0);
  1. Try some examples
SELECT pg_enc_int4_encrypt(1) + pg_enc_int4_encrypt(2);
SELECT pg_enc_int4_decrypt(pg_enc_int4_encrypt(1) + pg_enc_int4_encrypt(2));

pg_enc_int4_decrypt and pg_enc_int4_encrypt are wrappers around the enc_int4 data type, which in turn corresponds to the int4 type offered by PostgreSQL.

pg_enc_int4_encrypt(x) encrypts the number x and stores it as an enc_int4 value. pg_enc_int4_decrypt(x) takes an enc_int4 value x and decrypts it. Further information can be found here.

Consult the manual for further information.