Skip to content
You are reading Tessera development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.


An enclave is a secure processing environment that acts as a black box for processing commands and data. An enclave protects the information that exists inside it from malicious attacks.

Tessera’s enclave handles:

Tessera supports two enclave types.

Separating enclave responsibilities from the transaction manager prevents sensitive data from leaking into areas of the codebase that don’t require access. This reduces the exposed areas for malicious attacks.

Enclave responsibilities


The enclave handles the following data responsibilities:

  • Public and private key access
  • Identities (public keys) of forwarding recipients (alwaysSendTo)
  • Default identity (public key) of attached nodes


The enclave performs the following actions on request:

  • Fetching the default identity (public key) for attached nodes
  • Providing identities of forwarding recipients (public keys)
  • Returning all identities (public keys) managed by the enclave
  • Encrypting a payload for given sender and recipients
  • Encrypting raw payloads for given sender
  • Decrypting payloads for a given recipient or sender
  • Adding new recipients for existing payloads
ConsenSys has acquired Quorum from J.P. Morgan. Please read the FAQ.
Questions or feedback? You can discuss issues and obtain free support on Tessera Slack channel.