The Evervault Encryption Engine.

At the core of Evervault is E3, our encryption engine. All cryptographic operations for Relay (and soon, Cages) happen inside E3.

E3 is built on AWS Nitro Enclaves. Nitro Enclaves are isolated, hardened, and highly constrained virtual machines (EC2 instances).

Using enclaves means that Evervault cannot access your data. Enclaves have no persistent storage, no interactive access, and no external networking. Root users and admin users on the parent EC2 instance cannot access or SSH into the enclave. The only way to communicate with the enclave is through the secure local channel from the parent EC2 instance attached to the enclave.

Enclaves have attestation for verifying that only authorized code is running in the enclave, and to verify the enclave’s identity.

E3 Diagram

Was this page useful?