Conclave is an application development platform that helps build secure applications that can process data confidentially. I gave a brief introduction to Conclave in my previous blog. Now let's look at how we could build our very first app on Conclave.
What are we building?
We will build a secure auction app where bids from parties would remain confidential using an enclave. All bids would be processed within the enclave and the result of the auction would be revealed, without compromising the bids submitted by each participant.
Components of an application built on Conclave
Conclave has three major components: Enclave, Host, and Client. So let's get into business and start building each of the components of our application on Conclave.
An enclave is a program that runs in a protected memory space that can’t be accessed by the OS, Kernel or the BIOS. Thus you can rest assured that the data sent to the enclave is completely confidential.
To build our secure auction app, we need to write an enclave program which takes bids from participants and process the bids to determine the highest bid in order to come up with a winner.
Conclave provides the Enclave class which can be subclassed to build our own enclaves. Data can be sent to the enclave using the Conclave Mail API. Mail API helps achieve end-to-end encrypted communication between the client and the enclave.
We can use the receiveMail method to receive mails send to the enclave. The userRoute parameter helps to map mails to different clients. We have two maps to store userBids and their public keys respectively. Note that Message is a user-defined model object we use to transfer data.
Conclave uses GraalVM Native Image JVM to run enclave programs, which doesn’t support Java serialization. However it supports Kryo, hence we use Kryo for serialization.
Once we have all the bids submitted, the auctioneer can asks the enclave to process the bids and send the result to all participants. The complete code is shown below:
We have used the auctionAdmin to store the auctioneer keys and routing string which is used later to send the result back to the auctioneer. Conclave provides the Postman feature which is used to create mail to communicate between enclave and clients which is used in the sendMail method.
That completes our enclave, let’s look at building our host component next.
Host programs are used to load the enclaves and it also serves as a proxy between the client and the enclave. Hosts are considered untrusted at all times and hence all communication between host and enclaves is always encrypted.
The first thing we do as we initialize our host is to verify the hardware support to run enclaves.
Once we have verified the platform support, we can go ahead and load the enclave program.
When the enclave is started it returns a callback which is used to send enclave responses back to the client. The MailCommand object contains the response content and the routing parameter to map responses to different clients.
Once the enclave program has been started we can now start the TCP server to start accepting client requests.
We are using simple TCP connection (for simplicity) for communication between host and client. You could use more sophisticated protocols like GRPC or whatever suits you better.
All clients must verify the authenticity of the enclave before sending confidential information to the enclave, hence we send the attestation object to the clients as they connect to the host. Clients can utilize this information to verify the measurement and make decisions if they could trust the enclave.
Finally the clients can send their confidential information which the host can then forward to the enclave.
You could take a look at the final code here.
Now we are left with the final piece of the puzzle to complete our first application on Conclave. Let’s build our client.
First we try to establish a connection with the host and get the attestation object.
For the purpose of this blog I have just printed out the Attestation info on the console. For real applications however the attestation should be verified before sending any information to the enclave.
In real world use cases either the client would have access to the source code of the enclave which they built to reproduce the measurement or use a trusted service provider to verify the attestation information.
The next step would be send the bid to the enclave.
Notice that we use the postman feature again to create our Mail to be sent to the enclave. To get the bid we take an input from the user from the console.
Finally we need to write the code for reading the response from the enclave. We could use the postoffice’s decryptMail to decrypt the encrypted message from the enclave to read the response.
Congratulations!! We have successfully built our first application on Conclave
I hope you liked the tutorial and thanks for reading.