The CLI consists of 2 components:
- The command-line tool the client uses to establish a connection and verify the enclave.
- The internal reverse proxy service that listens to client requests.
The design of the CLI - enclave communication is as shown below:
Figure 1: CLI - Enclave Communication Overview
The sequence of steps is as follows:
- CLI sends a client hello message to the enclave with the public key and digital signature.
- Receives the attestation document as part of the response.
- CLI verifies the PCR codes and digital certificate.
- Once verified, it starts up the client proxy to listen to client application requests on
- Once the request is received from a client application, the payload is encrypted using the symmetric key to ensure an additional layer of security during communication.
- The public key is also sent as part of the auth header for authentication.