StealthDB is an extension to PostgreSQL, leveraging Intel SGX, that endows it with encrypted database functionality (i.e. encrypted values can be persisted in tables, and queries with encrypted expressions and predicates can be specified). The database's integrity and confidentiality is guaranteed under a threat model in which only the CPU is trusted. Further information can be found here.

StealthDB is a research project and is not suitable for production use.

• An Intel:registered: SGX-enabled CPU. In addition:

  • The Intel:registered: SGX PSW and SDK installed in the /opt directory
  • Version 2.0 of the Intel:registered: SGX Driver

• The NASM assembler.

0. Install PostgreSQL server and the PostgreSQL extension build tool:

sudo apt-get install postgresql postgresql-server-dev-all

1. Run:

make
sudo make install

1. If you have a PostgreSQL service already running, be sure to stop it with sudo service postgresql stop.

2. Run

make docker

0. Run the PostgreSQL client.

1. Load the extension into the database, generate the default master key, and load the key.

CREATE EXTENSION encdb;
SELECT generate_key();
SELECT load_key(0);

2. Try some examples

SELECT pg_enc_int4_encrypt(1) + pg_enc_int4_encrypt(2);
SELECT pg_enc_int4_decrypt(pg_enc_int4_encrypt(1) + pg_enc_int4_encrypt(2));

pg_enc_int4_decrypt and pg_enc_int4_encrypt are wrappers around the enc_int4 data type, which in turn corresponds to the int4 type offered by PostgreSQL.

pg_enc_int4_encrypt(x) encrypts the number x and stores it as an enc_int4 value. pg_enc_int4_decrypt(x) takes an enc_int4 value x and decrypts it. Further information can be found here.

Consult the manual for further information.