Quick Start Windows Guide

Enclave Documentation

Quick Start Windows Guide

Enclave is software which builds private, secure and directly connected computer networks.

Each system running Enclave gets issued a certificate. The operators of each system exchange the names on their respective certificates, and instantly get a secure, directly connected, and private network.

Setting up a connection between two or more systems requires mutual consent from all parties, and Enclave networks can only be established if all parties have exchanged their certificate names and agreed to cooperate with one another.

Installing Enclave on Windows

  1. Using the download links from your account in the Enclave Portal, download the latest version of Enclave and run the installer.

  2. Navigate to the Certificate Issue Tokens screen. If you have a trial account, there will be a 30 day trial issue token automatically generated for you.

    Example Issue Token

  3. When Enclave starts, use the issue token from the portal to request a certificate. Enclave will generate a private key on your local system, and ask the Certificate Authority (CA) for a certificate. If the issue token is valid, the CA will respond with a certificate.

  4. Enclave will display the certificate name as your Local Identity. Give this name to your partner, and get your partner Enclave identity in return.

  5. If your partner’s system has the identity 72LVG then use the New Connection button to authorise your system to connect with hers. She should do the same, and authorise your local identity on her system.

    Example Issue Token

  6. When both systems have expressed a mutual intent to communicate, Enclave will automatically handle firewall traversal, peer discovery and key exchange to setup a direct, and end-to-end encrypted connection between them. The connection will remain in place until either;

    • One side loses their network connection. Once restored the Enclave network tunnel will be re-established.
    • One side removes the authorisation to talk with their partner, at which point the connection is destroyed.
    • One of the certificates expires, at which point the connection is destroyed.

Key Principle — unlike traditional Certificate Authorities, you do not need to specify a domain name, or hostname in order to obtain a certificate. The CA randomly selects the name for each certificate it issues. All communication in Enclave networks is mutually authenticated, so endpoints have no strong real-world identity association to their certificates other than ownership of the corresponding private keys.

For this reason, the Certificate Authority selects names which are are short, sharable and human friendly — like telephone numbers, or car registration number plates.

The video below demonstrates steps 1 through 3 discussed above, showing how to install Enclave.