Enclave public key length constraint removed for private transactions (#4086)

* removed constraint with the length of the privacy public key * refactor to include tessera ec encryptor * added EC snippet to the tessera json config, still need to replace base64string from web3j * acceptance tests working after modifying the web3j library to allow secp256r1 keys * using NACL encryptor by default * using web3j v4.9.4 and web3j-quorum v4.9.0 Signed-off-by: Miguel Rojo <miguelangel.rojofernandez@mastercard.com> Co-authored-by: Antony Denyer <git@antonydenyer.co.uk>
2 years ago · 95d9626b0e
parent ca9a07691a
commit 95d9626b0e
38 changed files with 493 additions and 199 deletions
--- a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/configuration/privacy/PrivacyNodeFactory.java
+++ b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/configuration/privacy/PrivacyNodeFactory.java
@ -48,16 +48,6 @@ public class PrivacyNodeFactory {
    return new PrivacyNode(privacyNodeConfig, vertx, enclaveType, containerNetwork);
  }

-  public PrivacyNode createPrivateTransactionEnabledMinerNode(
-      final String name,
-      final PrivacyAccount privacyAccount,
-      final EnclaveType enclaveType,
-      final Optional<Network> containerNetwork)
-      throws IOException {
-    return createPrivateTransactionEnabledMinerNode(
-        name, privacyAccount, enclaveType, containerNetwork, false, false, false);
-  }
-
  public PrivacyNode createPrivateTransactionEnabledMinerNode(
      final String name,
      final PrivacyAccount privacyAccount,
@ -83,21 +73,13 @@ public class PrivacyNodeFactory {
                .extraCLIOptions(List.of("--plugin-privacy-service-encryption-prefix=0xAA"))
                .build(),
            new EnclaveKeyConfiguration(
-                privacyAccount.getEnclaveKeyPaths(), privacyAccount.getEnclavePrivateKeyPaths())),
+                privacyAccount.getEnclaveKeyPaths(),
+                privacyAccount.getEnclavePrivateKeyPaths(),
+                privacyAccount.getEnclaveEncryptorType())),
        enclaveType,
        containerNetwork);
  }

-  public PrivacyNode createPrivateTransactionEnabledNode(
-      final String name,
-      final PrivacyAccount privacyAccount,
-      final EnclaveType enclaveType,
-      final Optional<Network> containerNetwork)
-      throws IOException {
-    return createPrivateTransactionEnabledNode(
-        name, privacyAccount, enclaveType, containerNetwork, false, false, false);
-  }
-
  public PrivacyNode createPrivateTransactionEnabledNode(
      final String name,
      final PrivacyAccount privacyAccount,
@ -122,21 +104,13 @@ public class PrivacyNodeFactory {
                .extraCLIOptions(List.of("--plugin-privacy-service-encryption-prefix=0xBB"))
                .build(),
            new EnclaveKeyConfiguration(
-                privacyAccount.getEnclaveKeyPaths(), privacyAccount.getEnclavePrivateKeyPaths())),
+                privacyAccount.getEnclaveKeyPaths(),
+                privacyAccount.getEnclavePrivateKeyPaths(),
+                privacyAccount.getEnclaveEncryptorType())),
        enclaveType,
        containerNetwork);
  }

-  public PrivacyNode createIbft2NodePrivacyEnabled(
-      final String name,
-      final PrivacyAccount privacyAccount,
-      final EnclaveType enclaveType,
-      final Optional<Network> containerNetwork)
-      throws IOException {
-    return createIbft2NodePrivacyEnabled(
-        name, privacyAccount, false, enclaveType, containerNetwork, false, false, false, "0xAA");
-  }
-
  public PrivacyNode createIbft2NodePrivacyEnabled(
      final String name,
      final PrivacyAccount privacyAccount,
@ -167,7 +141,9 @@ public class PrivacyNodeFactory {
                    List.of("--plugin-privacy-service-encryption-prefix=" + unrestrictedPrefix))
                .build(),
            new EnclaveKeyConfiguration(
-                privacyAccount.getEnclaveKeyPaths(), privacyAccount.getEnclavePrivateKeyPaths())),
+                privacyAccount.getEnclaveKeyPaths(),
+                privacyAccount.getEnclavePrivateKeyPaths(),
+                privacyAccount.getEnclaveEncryptorType())),
        enclaveType,
        containerNetwork);
  }
@ -204,7 +180,9 @@ public class PrivacyNodeFactory {
                        "--plugin-privacy-service-genesis-enabled=true"))
                .build(),
            new EnclaveKeyConfiguration(
-                privacyAccount.getEnclaveKeyPaths(), privacyAccount.getEnclavePrivateKeyPaths())),
+                privacyAccount.getEnclaveKeyPaths(),
+                privacyAccount.getEnclavePrivateKeyPaths(),
+                privacyAccount.getEnclaveEncryptorType())),
        enclaveType,
        containerNetwork);
  }
@ -238,7 +216,9 @@ public class PrivacyNodeFactory {
                    List.of("--plugin-privacy-service-encryption-prefix=" + unrestrictedPrefix))
                .build(),
            new EnclaveKeyConfiguration(
-                privacyAccount.getEnclaveKeyPaths(), privacyAccount.getEnclavePrivateKeyPaths())),
+                privacyAccount.getEnclaveKeyPaths(),
+                privacyAccount.getEnclavePrivateKeyPaths(),
+                privacyAccount.getEnclaveEncryptorType())),
        enclaveType,
        containerNetwork);
  }
--- a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/privacy/ParameterizedEnclaveTestBase.java
+++ b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/privacy/ParameterizedEnclaveTestBase.java
@ -14,6 +14,8 @@
 */
 package org.hyperledger.besu.tests.acceptance.dsl.privacy;

+import static org.hyperledger.enclave.testutil.EnclaveEncryptorType.EC;
+import static org.hyperledger.enclave.testutil.EnclaveEncryptorType.NACL;
 import static org.hyperledger.enclave.testutil.EnclaveType.NOOP;
 import static org.hyperledger.enclave.testutil.EnclaveType.TESSERA;
 import static org.web3j.utils.Restriction.RESTRICTED;
@ -22,6 +24,7 @@ import static org.web3j.utils.Restriction.UNRESTRICTED;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.transaction.PluginCreateRandomPrivacyGroupIdTransaction;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.transaction.RestrictedCreatePrivacyGroupTransaction;
 import org.hyperledger.besu.tests.acceptance.dsl.transaction.Transaction;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.util.Arrays;
@ -36,19 +39,24 @@ import org.web3j.utils.Restriction;
 public abstract class ParameterizedEnclaveTestBase extends PrivacyAcceptanceTestBase {
  protected final Restriction restriction;
  protected final EnclaveType enclaveType;
+  protected final EnclaveEncryptorType enclaveEncryptorType;

  protected ParameterizedEnclaveTestBase(
-      final Restriction restriction, final EnclaveType enclaveType) {
+      final Restriction restriction,
+      final EnclaveType enclaveType,
+      final EnclaveEncryptorType enclaveEncryptorType) {
    this.restriction = restriction;
    this.enclaveType = enclaveType;
+    this.enclaveEncryptorType = enclaveEncryptorType;
  }

-  @Parameters(name = "{0} tx with {1} enclave")
+  @Parameters(name = "{0} tx with {1} enclave and {2} encryptor type")
  public static Collection<Object[]> params() {
    return Arrays.asList(
        new Object[][] {
-          {RESTRICTED, TESSERA},
-          {UNRESTRICTED, NOOP}
+          {RESTRICTED, TESSERA, NACL},
+          {RESTRICTED, TESSERA, EC},
+          {UNRESTRICTED, NOOP, EnclaveEncryptorType.NOOP}
        });
  }

--- a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/privacy/PrivacyAcceptanceTestBase.java
+++ b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/privacy/PrivacyAcceptanceTestBase.java
@ -21,7 +21,6 @@ import org.hyperledger.besu.tests.acceptance.dsl.condition.eth.EthConditions;
 import org.hyperledger.besu.tests.acceptance.dsl.condition.net.NetConditions;
 import org.hyperledger.besu.tests.acceptance.dsl.condition.priv.PrivConditions;
 import org.hyperledger.besu.tests.acceptance.dsl.node.configuration.privacy.PrivacyNodeFactory;
-import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.condition.PrivateContractVerifier;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.condition.PrivateTransactionVerifier;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.contract.PrivateContractTransactions;
@ -47,7 +46,6 @@ public class PrivacyAcceptanceTestBase {
  protected final PrivateContractTransactions privateContractTransactions;
  protected final PrivConditions priv;
  protected final PrivacyCluster privacyCluster;
-  protected final PrivacyAccountResolver privacyAccountResolver;
  protected final ContractTransactions contractTransactions;
  protected final NetConditions net;
  protected final EthTransactions ethTransactions;
@ -63,7 +61,6 @@ public class PrivacyAcceptanceTestBase {
    privacyBesu = new PrivacyNodeFactory(vertx);
    privateContractTransactions = new PrivateContractTransactions();
    privacyCluster = new PrivacyCluster(net);
-    privacyAccountResolver = new PrivacyAccountResolver();
    priv =
        new PrivConditions(
            new org.hyperledger.besu.tests.acceptance.dsl.transaction.privacy
--- a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/privacy/account/PrivacyAccount.java
+++ b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/privacy/account/PrivacyAccount.java
@ -14,6 +14,8 @@
 */
 package org.hyperledger.besu.tests.acceptance.dsl.privacy.account;

+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
+
 import java.io.File;
 import java.net.URL;
 import java.util.Arrays;
@ -23,27 +25,38 @@ public class PrivacyAccount {
  private final URL privateKeyPath;
  private final URL[] enclaveKeyPaths;
  private final URL[] enclavePrivateKeyPaths;
+  private final EnclaveEncryptorType enclaveEncryptorType;

  private PrivacyAccount(
      final URL privateKeyPath,
      final URL[] enclavePublicKeyPaths,
-      final URL[] enclavePrivateKeyPaths) {
+      final URL[] enclavePrivateKeyPaths,
+      final EnclaveEncryptorType enclaveEncryptorType) {
    this.privateKeyPath = privateKeyPath;
    this.enclaveKeyPaths = enclavePublicKeyPaths;
    this.enclavePrivateKeyPaths = enclavePrivateKeyPaths;
+    this.enclaveEncryptorType = enclaveEncryptorType;
  }

  public static PrivacyAccount create(
-      final URL privateKeyPath, final URL enclavePublicKeyPath, final URL enclavePrivateKeyPath) {
+      final URL privateKeyPath,
+      final URL enclavePublicKeyPath,
+      final URL enclavePrivateKeyPath,
+      final EnclaveEncryptorType enclaveEncryptorType) {
    return new PrivacyAccount(
-        privateKeyPath, new URL[] {enclavePublicKeyPath}, new URL[] {enclavePrivateKeyPath});
+        privateKeyPath,
+        new URL[] {enclavePublicKeyPath},
+        new URL[] {enclavePrivateKeyPath},
+        enclaveEncryptorType);
  }

  public static PrivacyAccount create(
      final URL privateKeyPath,
      final URL[] enclavePublicKeyPath,
-      final URL[] enclavePrivateKeyPath) {
-    return new PrivacyAccount(privateKeyPath, enclavePublicKeyPath, enclavePrivateKeyPath);
+      final URL[] enclavePrivateKeyPath,
+      final EnclaveEncryptorType enclaveEncryptorType) {
+    return new PrivacyAccount(
+        privateKeyPath, enclavePublicKeyPath, enclavePrivateKeyPath, enclaveEncryptorType);
  }

  public String getPrivateKeyPath() {
@ -62,6 +75,10 @@ public class PrivacyAccount {
        .toArray(String[]::new);
  }

+  public EnclaveEncryptorType getEnclaveEncryptorType() {
+    return enclaveEncryptorType;
+  }
+
  private String toStringResource(final URL path) {
    return path.getPath().substring(path.getPath().lastIndexOf(File.separator) + 1);
  }
--- a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/privacy/account/PrivacyAccountResolver.java
+++ b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/privacy/account/PrivacyAccountResolver.java
@ -14,59 +14,88 @@
 */
 package org.hyperledger.besu.tests.acceptance.dsl.privacy.account;

+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
+
 import java.net.URL;

 /** Supplier of known funded accounts defined in dev.json */
-public class PrivacyAccountResolver {
-
-  public static final PrivacyAccount ALICE =
-      PrivacyAccount.create(
+public enum PrivacyAccountResolver {
+  ALICE {
+    @Override
+    public PrivacyAccount resolve(final EnclaveEncryptorType enclaveEncryptorType) {
+      return PrivacyAccount.create(
          resolveResource("key"),
-          resolveResource("enclave_key_0.pub"),
-          resolveResource("enclave_key_0.key"));
-
-  public static final PrivacyAccount BOB =
-      PrivacyAccount.create(
+          enclaveEncryptorType.equals(EnclaveEncryptorType.EC)
+              ? resolveResource("enclave_ec_key_0.pub")
+              : resolveResource("enclave_key_0.pub"),
+          enclaveEncryptorType.equals(EnclaveEncryptorType.EC)
+              ? resolveResource("enclave_ec_key_0.key")
+              : resolveResource("enclave_key_0.key"),
+          enclaveEncryptorType);
+    }
+  },
+  BOB {
+    @Override
+    public PrivacyAccount resolve(final EnclaveEncryptorType enclaveEncryptorType) {
+      return PrivacyAccount.create(
          resolveResource("key1"),
-          resolveResource("enclave_key_1.pub"),
-          resolveResource("enclave_key_1.key"));
-
-  public static final PrivacyAccount CHARLIE =
-      PrivacyAccount.create(
+          enclaveEncryptorType.equals(EnclaveEncryptorType.EC)
+              ? resolveResource("enclave_ec_key_1.pub")
+              : resolveResource("enclave_key_1.pub"),
+          enclaveEncryptorType.equals(EnclaveEncryptorType.EC)
+              ? resolveResource("enclave_ec_key_1.key")
+              : resolveResource("enclave_key_1.key"),
+          enclaveEncryptorType);
+    }
+  },
+  CHARLIE {
+    @Override
+    public PrivacyAccount resolve(final EnclaveEncryptorType enclaveEncryptorType) {
+      return PrivacyAccount.create(
          resolveResource("key2"),
-          resolveResource("enclave_key_2.pub"),
-          resolveResource("enclave_key_2.key"));
-
-  public static final PrivacyAccount MULTI_TENANCY =
-      PrivacyAccount.create(
+          enclaveEncryptorType.equals(EnclaveEncryptorType.EC)
+              ? resolveResource("enclave_ec_key_2.pub")
+              : resolveResource("enclave_key_2.pub"),
+          enclaveEncryptorType.equals(EnclaveEncryptorType.EC)
+              ? resolveResource("enclave_ec_key_2.key")
+              : resolveResource("enclave_key_2.key"),
+          enclaveEncryptorType);
+    }
+  },
+  MULTI_TENANCY {
+    @Override
+    public PrivacyAccount resolve(final EnclaveEncryptorType enclaveEncryptorType) {
+      return PrivacyAccount.create(
          resolveResource("key"),
          new URL[] {
-            resolveResource("enclave_key_0.pub"),
-            resolveResource("enclave_key_1.pub"),
-            resolveResource("enclave_key_2.pub")
+            enclaveEncryptorType.equals(EnclaveEncryptorType.EC)
+                ? resolveResource("enclave_ec_key_0.pub")
+                : resolveResource("enclave_key_0.pub"),
+            enclaveEncryptorType.equals(EnclaveEncryptorType.EC)
+                ? resolveResource("enclave_ec_key_1.pub")
+                : resolveResource("enclave_key_1.pub"),
+            enclaveEncryptorType.equals(EnclaveEncryptorType.EC)
+                ? resolveResource("enclave_ec_key_2.pub")
+                : resolveResource("enclave_key_2.pub")
          },
          new URL[] {
-            resolveResource("enclave_key_0.key"),
-            resolveResource("enclave_key_1.key"),
-            resolveResource("enclave_key_2.key")
-          });
-
-  private static URL resolveResource(final String resource) {
-    return PrivacyAccountResolver.class.getClassLoader().getResource(resource);
-  }
+            enclaveEncryptorType.equals(EnclaveEncryptorType.EC)
+                ? resolveResource("enclave_ec_key_0.key")
+                : resolveResource("enclave_key_0.key"),
+            enclaveEncryptorType.equals(EnclaveEncryptorType.EC)
+                ? resolveResource("enclave_ec_key_1.key")
+                : resolveResource("enclave_key_1.key"),
+            enclaveEncryptorType.equals(EnclaveEncryptorType.EC)
+                ? resolveResource("enclave_ec_key_2.key")
+                : resolveResource("enclave_key_2.key")
+          },
+          enclaveEncryptorType);
+    }
+  };

-  public PrivacyAccountResolver() {}
+  public abstract PrivacyAccount resolve(final EnclaveEncryptorType enclaveEncryptorType);

-  public PrivacyAccount resolve(final Integer account) {
-    switch (account) {
-      case 0:
-        return ALICE;
-      case 1:
-        return BOB;
-      case 2:
-        return CHARLIE;
-      default:
-        throw new RuntimeException("Unknown privacy account");
-    }
+  URL resolveResource(final String resource) {
+    return PrivacyAccountResolver.class.getClassLoader().getResource(resource);
  }
 }
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/BftPrivacyClusterAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/BftPrivacyClusterAcceptanceTest.java
@ -16,8 +16,10 @@ package org.hyperledger.besu.tests.acceptance.privacy;

 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyAcceptanceTestBase;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
+import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.acceptance.dsl.transaction.bft.ConsensusType;
 import org.hyperledger.besu.tests.web3j.generated.EventEmitter;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
@ -41,14 +43,17 @@ public class BftPrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {

  public static class BftPrivacyType {
    private final EnclaveType enclaveType;
+    private final EnclaveEncryptorType enclaveEncryptorType;
    private final ConsensusType consensusType;
    private final Restriction restriction;

    public BftPrivacyType(
        final EnclaveType enclaveType,
+        final EnclaveEncryptorType enclaveEncryptorType,
        final ConsensusType consensusType,
        final Restriction restriction) {
      this.enclaveType = enclaveType;
+      this.enclaveEncryptorType = enclaveEncryptorType;
      this.consensusType = consensusType;
      this.restriction = restriction;
    }
@ -56,7 +61,11 @@ public class BftPrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
    @Override
    public String toString() {
      return String.join(
-          ",", enclaveType.toString(), consensusType.toString(), restriction.toString());
+          ",",
+          enclaveType.toString(),
+          enclaveEncryptorType.toString(),
+          consensusType.toString(),
+          restriction.toString());
    }
  }

@ -69,13 +78,21 @@ public class BftPrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
    final List<BftPrivacyType> bftPrivacyTypes = new ArrayList<>();
    for (EnclaveType x : EnclaveType.valuesForTests()) {
      for (ConsensusType consensusType : ConsensusType.values()) {
-        bftPrivacyTypes.add(new BftPrivacyType(x, consensusType, Restriction.RESTRICTED));
+        bftPrivacyTypes.add(
+            new BftPrivacyType(
+                x, EnclaveEncryptorType.NACL, consensusType, Restriction.RESTRICTED));
+        bftPrivacyTypes.add(
+            new BftPrivacyType(x, EnclaveEncryptorType.EC, consensusType, Restriction.RESTRICTED));
      }
    }

    for (ConsensusType consensusType : ConsensusType.values()) {
      bftPrivacyTypes.add(
-          new BftPrivacyType(EnclaveType.NOOP, consensusType, Restriction.UNRESTRICTED));
+          new BftPrivacyType(
+              EnclaveType.NOOP,
+              EnclaveEncryptorType.NOOP,
+              consensusType,
+              Restriction.UNRESTRICTED));
    }

    return bftPrivacyTypes;
@ -102,7 +119,8 @@ public class BftPrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
    if (bftPrivacyType.consensusType == ConsensusType.IBFT2) {
      return privacyBesu.createIbft2NodePrivacyEnabled(
          nodeName,
-          privacyAccountResolver.resolve(privacyAccount),
+          PrivacyAccountResolver.values()[privacyAccount].resolve(
+              bftPrivacyType.enclaveEncryptorType),
          true,
          bftPrivacyType.enclaveType,
          Optional.of(containerNetwork),
@ -113,7 +131,8 @@ public class BftPrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
    } else if (bftPrivacyType.consensusType == ConsensusType.QBFT) {
      return privacyBesu.createQbftNodePrivacyEnabled(
          nodeName,
-          privacyAccountResolver.resolve(privacyAccount),
+          PrivacyAccountResolver.values()[privacyAccount].resolve(
+              bftPrivacyType.enclaveEncryptorType),
          bftPrivacyType.enclaveType,
          Optional.of(containerNetwork),
          false,
@ -128,7 +147,10 @@ public class BftPrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
  @Test
  public void onlyAliceAndBobCanExecuteContract() {
    // Contract address is generated from sender address and transaction nonce
-    final String contractAddress = "0xebf56429e6500e84442467292183d4d621359838";
+    final String contractAddress =
+        EnclaveEncryptorType.EC.equals(bftPrivacyType.enclaveEncryptorType)
+            ? "0x3e5d325a03ad3ce5640502219833d30b89ce3ce1"
+            : "0xebf56429e6500e84442467292183d4d621359838";

    final EventEmitter eventEmitter =
        alice.execute(
@ -166,7 +188,10 @@ public class BftPrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {

  @Test
  public void aliceCanDeployMultipleTimesInSingleGroup() {
-    final String firstDeployedAddress = "0xebf56429e6500e84442467292183d4d621359838";
+    final String firstDeployedAddress =
+        EnclaveEncryptorType.EC.equals(bftPrivacyType.enclaveEncryptorType)
+            ? "0x3e5d325a03ad3ce5640502219833d30b89ce3ce1"
+            : "0xebf56429e6500e84442467292183d4d621359838";

    privacyCluster.stopNode(charlie);

@ -182,7 +207,10 @@ public class BftPrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
        .validPrivateContractDeployed(firstDeployedAddress, alice.getAddress().toString())
        .verify(firstEventEmitter);

-    final String secondDeployedAddress = "0x10f807f8a905da5bd319196da7523c6bd768690f";
+    final String secondDeployedAddress =
+        EnclaveEncryptorType.EC.equals(bftPrivacyType.enclaveEncryptorType)
+            ? "0x5194e214fae257530710d18c868df7a295d9d53b"
+            : "0x10f807f8a905da5bd319196da7523c6bd768690f";

    final EventEmitter secondEventEmitter =
        alice.execute(
@ -200,7 +228,10 @@ public class BftPrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
  @Test
  public void canInteractWithMultiplePrivacyGroups() {
    // alice deploys contract
-    final String firstDeployedAddress = "0xff206d21150a8da5b83629d8a722f3135ed532b1";
+    final String firstDeployedAddress =
+        EnclaveEncryptorType.EC.equals(bftPrivacyType.enclaveEncryptorType)
+            ? "0x760359bc605b3848f5199829bde6b382d90fb8eb"
+            : "0xff206d21150a8da5b83629d8a722f3135ed532b1";

    final EventEmitter firstEventEmitter =
        alice.execute(
@ -240,7 +271,10 @@ public class BftPrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
            firstTransactionHash, aliceReceipt));

    // alice deploys second contract
-    final String secondDeployedAddress = "0xebf56429e6500e84442467292183d4d621359838";
+    final String secondDeployedAddress =
+        EnclaveEncryptorType.EC.equals(bftPrivacyType.enclaveEncryptorType)
+            ? "0x3e5d325a03ad3ce5640502219833d30b89ce3ce1"
+            : "0xebf56429e6500e84442467292183d4d621359838";

    final EventEmitter secondEventEmitter =
        alice.execute(
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/DeployPrivateSmartContractAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/DeployPrivateSmartContractAcceptanceTest.java
@ -20,6 +20,7 @@ import org.hyperledger.besu.tests.acceptance.dsl.privacy.ParameterizedEnclaveTes
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.web3j.generated.EventEmitter;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
@ -33,13 +34,16 @@ public class DeployPrivateSmartContractAcceptanceTest extends ParameterizedEncla
  private final PrivacyNode minerNode;

  public DeployPrivateSmartContractAcceptanceTest(
-      final Restriction restriction, final EnclaveType enclaveType) throws IOException {
-    super(restriction, enclaveType);
+      final Restriction restriction,
+      final EnclaveType enclaveType,
+      final EnclaveEncryptorType enclaveEncryptorType)
+      throws IOException {
+    super(restriction, enclaveType, enclaveEncryptorType);

    minerNode =
        privacyBesu.createPrivateTransactionEnabledMinerNode(
            restriction + "-node",
-            PrivacyAccountResolver.ALICE,
+            PrivacyAccountResolver.ALICE.resolve(enclaveEncryptorType),
            enclaveType,
            Optional.empty(),
            false,
@ -51,7 +55,10 @@ public class DeployPrivateSmartContractAcceptanceTest extends ParameterizedEncla

  @Test
  public void deployingMustGiveValidReceiptAndCode() throws Exception {
-    final String contractAddress = "0x89ce396d0f9f937ddfa71113e29b2081c4869555";
+    final String contractAddress =
+        EnclaveEncryptorType.EC.equals(enclaveEncryptorType)
+            ? "0xfeeb2367e77e28f75fc3bcc55b70a535752db058"
+            : "0x89ce396d0f9f937ddfa71113e29b2081c4869555";

    final EventEmitter eventEmitter =
        minerNode.execute(
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/EnclaveErrorAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/EnclaveErrorAcceptanceTest.java
@ -16,15 +16,23 @@ package org.hyperledger.besu.tests.acceptance.privacy;

 import static org.assertj.core.api.Assertions.catchThrowable;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.hyperledger.enclave.testutil.EnclaveEncryptorType.EC;
+import static org.hyperledger.enclave.testutil.EnclaveEncryptorType.NACL;
+import static org.hyperledger.enclave.testutil.EnclaveType.TESSERA;

 import org.hyperledger.besu.ethereum.api.jsonrpc.internal.response.JsonRpcError;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyAcceptanceTestBase;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
+import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.web3j.generated.EventEmitter;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
 import java.math.BigInteger;
+import java.security.KeyPairGenerator;
+import java.security.spec.ECGenParameterSpec;
+import java.util.Arrays;
 import java.util.Base64;
 import java.util.Collection;
 import java.util.Optional;
@ -47,19 +55,25 @@ public class EnclaveErrorAcceptanceTest extends PrivacyAcceptanceTestBase {
  private final PrivacyNode bob;
  private final String wrongPublicKey;

-  @Parameters(name = "{0}")
-  public static Collection<EnclaveType> enclaveTypes() {
-    return EnclaveType.valuesForTests();
+  @Parameters(name = "{0} enclave type with {1} encryptor")
+  public static Collection<Object[]> enclaveParameters() {
+    return Arrays.asList(
+        new Object[][] {
+          {TESSERA, NACL},
+          {TESSERA, EC}
+        });
  }

-  public EnclaveErrorAcceptanceTest(final EnclaveType enclaveType) throws IOException {
+  public EnclaveErrorAcceptanceTest(
+      final EnclaveType enclaveType, final EnclaveEncryptorType enclaveEncryptorType)
+      throws IOException {

    final Network containerNetwork = Network.newNetwork();

    alice =
        privacyBesu.createIbft2NodePrivacyEnabled(
            "node1",
-            privacyAccountResolver.resolve(0),
+            PrivacyAccountResolver.ALICE.resolve(enclaveEncryptorType),
            false,
            enclaveType,
            Optional.of(containerNetwork),
@ -70,7 +84,7 @@ public class EnclaveErrorAcceptanceTest extends PrivacyAcceptanceTestBase {
    bob =
        privacyBesu.createIbft2NodePrivacyEnabled(
            "node2",
-            privacyAccountResolver.resolve(1),
+            PrivacyAccountResolver.BOB.resolve(enclaveEncryptorType),
            false,
            enclaveType,
            Optional.of(containerNetwork),
@ -80,8 +94,12 @@ public class EnclaveErrorAcceptanceTest extends PrivacyAcceptanceTestBase {
            "0xBB");
    privacyCluster.start(alice, bob);

-    wrongPublicKey =
-        Base64.getEncoder().encodeToString(Box.KeyPair.random().publicKey().bytesArray());
+    final byte[] wrongPublicKeyBytes =
+        EnclaveEncryptorType.EC.equals(enclaveEncryptorType)
+            ? getSECP256r1PublicKeyByteArray()
+            : Box.KeyPair.random().publicKey().bytesArray();
+
+    wrongPublicKey = Base64.getEncoder().encodeToString(wrongPublicKeyBytes);
  }

  @Test
@ -205,4 +223,15 @@ public class EnclaveErrorAcceptanceTest extends PrivacyAcceptanceTestBase {
        message -> message.contains(enclaveMessage),
        "Message did not match Tessera expected output");
  }
+
+  private byte[] getSECP256r1PublicKeyByteArray() {
+    try {
+      final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
+      final ECGenParameterSpec spec = new ECGenParameterSpec("secp256r1");
+      keyGen.initialize(spec);
+      return keyGen.generateKeyPair().getPublic().getEncoded();
+    } catch (Exception exception) {
+      return new byte[0];
+    }
+  }
 }
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/FlexiblePrivacyAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/FlexiblePrivacyAcceptanceTest.java
@ -21,8 +21,10 @@ import static org.junit.runners.Parameterized.Parameters;

 import org.hyperledger.besu.tests.acceptance.dsl.condition.eth.EthConditions;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
+import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.acceptance.dsl.transaction.miner.MinerTransactions;
 import org.hyperledger.besu.tests.web3j.generated.EventEmitter;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.math.BigInteger;
@ -80,21 +82,21 @@ public class FlexiblePrivacyAcceptanceTest extends FlexiblePrivacyAcceptanceTest
    alice =
        privacyBesu.createFlexiblePrivacyGroupEnabledMinerNode(
            "node1",
-            privacyAccountResolver.resolve(0),
+            PrivacyAccountResolver.ALICE.resolve(EnclaveEncryptorType.NACL),
            false,
            enclaveType,
            Optional.of(containerNetwork));
    bob =
        privacyBesu.createFlexiblePrivacyGroupEnabledNode(
            "node2",
-            privacyAccountResolver.resolve(1),
+            PrivacyAccountResolver.BOB.resolve(EnclaveEncryptorType.NACL),
            false,
            enclaveType,
            Optional.of(containerNetwork));
    charlie =
        privacyBesu.createFlexiblePrivacyGroupEnabledNode(
            "node3",
-            privacyAccountResolver.resolve(2),
+            PrivacyAccountResolver.CHARLIE.resolve(EnclaveEncryptorType.NACL),
            false,
            enclaveType,
            Optional.of(containerNetwork));
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PluginPrivacySigningAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PluginPrivacySigningAcceptanceTest.java
@ -15,33 +15,56 @@
 package org.hyperledger.besu.tests.acceptance.privacy;

 import static org.assertj.core.api.Assertions.assertThat;
-import static org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver.BOB;

 import org.hyperledger.besu.tests.acceptance.dsl.node.configuration.BesuNodeConfigurationBuilder;
 import org.hyperledger.besu.tests.acceptance.dsl.node.configuration.privacy.PrivacyNodeConfiguration;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyAcceptanceTestBase;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
+import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccount;
+import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.web3j.generated.EventEmitter;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveKeyConfiguration;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
 import java.math.BigInteger;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import java.util.Optional;
+import java.util.stream.Collectors;

 import org.junit.Before;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
 import org.web3j.protocol.core.DefaultBlockParameter;
 import org.web3j.protocol.core.methods.response.EthBlock.Block;
 import org.web3j.protocol.core.methods.response.TransactionReceipt;

+@RunWith(Parameterized.class)
 public class PluginPrivacySigningAcceptanceTest extends PrivacyAcceptanceTestBase {
  private PrivacyNode minerNode;

+  private final EnclaveEncryptorType enclaveEncryptorType;
+
+  public PluginPrivacySigningAcceptanceTest(final EnclaveEncryptorType enclaveEncryptorType) {
+    this.enclaveEncryptorType = enclaveEncryptorType;
+  }
+
+  @Parameterized.Parameters(name = "{0}")
+  public static Collection<EnclaveEncryptorType> enclaveEncryptorTypes() {
+    return Arrays.stream(EnclaveEncryptorType.values())
+        .filter(encryptorType -> !EnclaveEncryptorType.NOOP.equals(encryptorType))
+        .collect(Collectors.toList());
+  }
+
  @Before
  public void setup() throws IOException {
+    final PrivacyAccount BOB = PrivacyAccountResolver.BOB.resolve(enclaveEncryptorType);
+
    minerNode =
        privacyBesu.create(
            new PrivacyNodeConfiguration(
@ -63,7 +86,9 @@ public class PluginPrivacySigningAcceptanceTest extends PrivacyAcceptanceTestBas
                            "--plugin-privacy-service-signing-key=8f2a55949038a9610f50fb23b5883af3b4ecb3c3bb792cbcefbd1542c692be63"))
                    .build(),
                new EnclaveKeyConfiguration(
-                    BOB.getEnclaveKeyPaths(), BOB.getEnclavePrivateKeyPaths())),
+                    BOB.getEnclaveKeyPaths(),
+                    BOB.getEnclavePrivateKeyPaths(),
+                    BOB.getEnclaveEncryptorType())),
            EnclaveType.NOOP,
            Optional.empty());

@ -72,7 +97,10 @@ public class PluginPrivacySigningAcceptanceTest extends PrivacyAcceptanceTestBas

  @Test
  public void canDeployContractSignedByPlugin() throws Exception {
-    final String contractAddress = "0xd0152772c54cecfa7684f09f7616dcc825545dff";
+    final String contractAddress =
+        EnclaveEncryptorType.EC.equals(enclaveEncryptorType)
+            ? "0xf01ec73d91fdeb8bb9388ec74e6a3981da86e021"
+            : "0xd0152772c54cecfa7684f09f7616dcc825545dff";

    final EventEmitter eventEmitter =
        minerNode.execute(
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivCallAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivCallAcceptanceTest.java
@ -22,6 +22,7 @@ import org.hyperledger.besu.tests.acceptance.dsl.privacy.ParameterizedEnclaveTes
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.web3j.generated.EventEmitter;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
@ -53,15 +54,18 @@ public class PrivCallAcceptanceTest extends ParameterizedEnclaveTestBase {

  private final PrivacyNode minerNode;

-  public PrivCallAcceptanceTest(final Restriction restriction, final EnclaveType enclaveType)
+  public PrivCallAcceptanceTest(
+      final Restriction restriction,
+      final EnclaveType enclaveType,
+      final EnclaveEncryptorType enclaveEncryptorType)
      throws IOException {

-    super(restriction, enclaveType);
+    super(restriction, enclaveType, enclaveEncryptorType);

    minerNode =
        privacyBesu.createPrivateTransactionEnabledMinerNode(
            restriction + "-node",
-            PrivacyAccountResolver.ALICE,
+            PrivacyAccountResolver.ALICE.resolve(enclaveEncryptorType),
            enclaveType,
            Optional.empty(),
            false,
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivDebugGetStateRootFlexibleGroupAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivDebugGetStateRootFlexibleGroupAcceptanceTest.java
@ -21,6 +21,7 @@ import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.acceptance.dsl.transaction.privacy.PrivacyRequestFactory;
 import org.hyperledger.besu.tests.web3j.generated.EventEmitter;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
@ -62,14 +63,14 @@ public class PrivDebugGetStateRootFlexibleGroupAcceptanceTest
    aliceNode =
        privacyBesu.createFlexiblePrivacyGroupEnabledMinerNode(
            "alice-node",
-            PrivacyAccountResolver.ALICE,
+            PrivacyAccountResolver.ALICE.resolve(EnclaveEncryptorType.NACL),
            false,
            enclaveType,
            Optional.of(containerNetwork));
    bobNode =
        privacyBesu.createFlexiblePrivacyGroupEnabledNode(
            "bob-node",
-            PrivacyAccountResolver.BOB,
+            PrivacyAccountResolver.BOB.resolve(EnclaveEncryptorType.NACL),
            false,
            enclaveType,
            Optional.of(containerNetwork));
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivDebugGetStateRootOffchainGroupAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivDebugGetStateRootOffchainGroupAcceptanceTest.java
@ -22,6 +22,7 @@ import org.hyperledger.besu.tests.acceptance.dsl.privacy.ParameterizedEnclaveTes
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.acceptance.dsl.transaction.privacy.PrivacyRequestFactory;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
@ -38,16 +39,19 @@ public class PrivDebugGetStateRootOffchainGroupAcceptanceTest extends Parameteri
  private final PrivacyNode bobNode;

  public PrivDebugGetStateRootOffchainGroupAcceptanceTest(
-      final Restriction restriction, final EnclaveType enclaveType) throws IOException {
+      final Restriction restriction,
+      final EnclaveType enclaveType,
+      final EnclaveEncryptorType enclaveEncryptorType)
+      throws IOException {

-    super(restriction, enclaveType);
+    super(restriction, enclaveType, enclaveEncryptorType);

    final Network containerNetwork = Network.newNetwork();

    aliceNode =
        privacyBesu.createIbft2NodePrivacyEnabled(
            "alice-node",
-            PrivacyAccountResolver.ALICE,
+            PrivacyAccountResolver.ALICE.resolve(enclaveEncryptorType),
            false,
            enclaveType,
            Optional.of(containerNetwork),
@ -58,7 +62,7 @@ public class PrivDebugGetStateRootOffchainGroupAcceptanceTest extends Parameteri
    bobNode =
        privacyBesu.createIbft2NodePrivacyEnabled(
            "bob-node",
-            PrivacyAccountResolver.BOB,
+            PrivacyAccountResolver.BOB.resolve(enclaveEncryptorType),
            false,
            enclaveType,
            Optional.of(containerNetwork),
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivGetCodeAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivGetCodeAcceptanceTest.java
@ -22,6 +22,7 @@ import org.hyperledger.besu.tests.acceptance.dsl.privacy.ParameterizedEnclaveTes
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.web3j.generated.EventEmitter;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
@ -35,15 +36,18 @@ public class PrivGetCodeAcceptanceTest extends ParameterizedEnclaveTestBase {

  private final PrivacyNode alice;

-  public PrivGetCodeAcceptanceTest(final Restriction restriction, final EnclaveType enclaveType)
+  public PrivGetCodeAcceptanceTest(
+      final Restriction restriction,
+      final EnclaveType enclaveType,
+      final EnclaveEncryptorType enclaveEncryptorType)
      throws IOException {

-    super(restriction, enclaveType);
+    super(restriction, enclaveType, enclaveEncryptorType);

    alice =
        privacyBesu.createPrivateTransactionEnabledMinerNode(
            restriction + "-node",
-            PrivacyAccountResolver.ALICE,
+            PrivacyAccountResolver.ALICE.resolve(enclaveEncryptorType),
            enclaveType,
            Optional.empty(),
            false,
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivGetLogsAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivGetLogsAcceptanceTest.java
@ -22,6 +22,7 @@ import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.util.LogFilterJsonParameter;
 import org.hyperledger.besu.tests.web3j.generated.EventEmitter;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
@ -45,15 +46,18 @@ public class PrivGetLogsAcceptanceTest extends ParameterizedEnclaveTestBase {

  private final PrivacyNode node;

-  public PrivGetLogsAcceptanceTest(final Restriction restriction, final EnclaveType enclaveType)
+  public PrivGetLogsAcceptanceTest(
+      final Restriction restriction,
+      final EnclaveType enclaveType,
+      final EnclaveEncryptorType enclaveEncryptorType)
      throws IOException {

-    super(restriction, enclaveType);
+    super(restriction, enclaveType, enclaveEncryptorType);

    node =
        privacyBesu.createPrivateTransactionEnabledMinerNode(
            restriction + "-node",
-            PrivacyAccountResolver.ALICE,
+            PrivacyAccountResolver.ALICE.resolve(enclaveEncryptorType),
            enclaveType,
            Optional.empty(),
            false,
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivGetPrivateTransactionAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivGetPrivateTransactionAcceptanceTest.java
@ -23,7 +23,9 @@ import org.hyperledger.besu.ethereum.privacy.PrivateTransaction;
 import org.hyperledger.besu.ethereum.rlp.BytesValueRLPOutput;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.ParameterizedEnclaveTestBase;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
+import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.acceptance.dsl.transaction.Transaction;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
@ -40,16 +42,19 @@ public class PrivGetPrivateTransactionAcceptanceTest extends ParameterizedEnclav
  private final PrivacyNode bob;

  public PrivGetPrivateTransactionAcceptanceTest(
-      final Restriction restriction, final EnclaveType enclaveType) throws IOException {
+      final Restriction restriction,
+      final EnclaveType enclaveType,
+      final EnclaveEncryptorType enclaveEncryptorType)
+      throws IOException {

-    super(restriction, enclaveType);
+    super(restriction, enclaveType, enclaveEncryptorType);

    final Network containerNetwork = Network.newNetwork();

    alice =
        privacyBesu.createIbft2NodePrivacyEnabled(
            "node1",
-            privacyAccountResolver.resolve(0),
+            PrivacyAccountResolver.ALICE.resolve(enclaveEncryptorType),
            false,
            enclaveType,
            Optional.of(containerNetwork),
@ -60,7 +65,7 @@ public class PrivGetPrivateTransactionAcceptanceTest extends ParameterizedEnclav
    bob =
        privacyBesu.createIbft2NodePrivacyEnabled(
            "node2",
-            privacyAccountResolver.resolve(1),
+            PrivacyAccountResolver.BOB.resolve(enclaveEncryptorType),
            false,
            enclaveType,
            Optional.of(containerNetwork),
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivacyClusterAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivacyClusterAcceptanceTest.java
@ -16,6 +16,9 @@ package org.hyperledger.besu.tests.acceptance.privacy;

 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hyperledger.besu.ethereum.core.PrivacyParameters.DEFAULT_PRIVACY;
+import static org.hyperledger.enclave.testutil.EnclaveEncryptorType.EC;
+import static org.hyperledger.enclave.testutil.EnclaveEncryptorType.NACL;
+import static org.hyperledger.enclave.testutil.EnclaveType.TESSERA;
 import static org.web3j.utils.Restriction.RESTRICTED;

 import org.hyperledger.besu.enclave.Enclave;
@ -23,12 +26,15 @@ import org.hyperledger.besu.enclave.EnclaveFactory;
 import org.hyperledger.besu.enclave.types.ReceiveResponse;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyAcceptanceTestBase;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
+import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.web3j.generated.EventEmitter;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Optional;
@ -56,20 +62,28 @@ public class PrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
  private final PrivacyNode alice;
  private final PrivacyNode bob;
  private final PrivacyNode charlie;
+  private final EnclaveEncryptorType enclaveEncryptorType;
  private final Vertx vertx = Vertx.vertx();
  private final EnclaveFactory enclaveFactory = new EnclaveFactory(vertx);

-  @Parameters(name = "{0}")
-  public static Collection<EnclaveType> enclaveTypes() {
-    return EnclaveType.valuesForTests();
+  @Parameters(name = "{0} enclave type with {1} encryptor")
+  public static Collection<Object[]> enclaveParameters() {
+    return Arrays.asList(
+        new Object[][] {
+          {TESSERA, NACL},
+          {TESSERA, EC}
+        });
  }

-  public PrivacyClusterAcceptanceTest(final EnclaveType enclaveType) throws IOException {
+  public PrivacyClusterAcceptanceTest(
+      final EnclaveType enclaveType, final EnclaveEncryptorType enclaveEncryptorType)
+      throws IOException {
+    this.enclaveEncryptorType = enclaveEncryptorType;
    final Network containerNetwork = Network.newNetwork();
    alice =
        privacyBesu.createPrivateTransactionEnabledMinerNode(
            "node1",
-            privacyAccountResolver.resolve(0),
+            PrivacyAccountResolver.ALICE.resolve(enclaveEncryptorType),
            enclaveType,
            Optional.of(containerNetwork),
            false,
@ -78,7 +92,7 @@ public class PrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
    bob =
        privacyBesu.createPrivateTransactionEnabledNode(
            "node2",
-            privacyAccountResolver.resolve(1),
+            PrivacyAccountResolver.BOB.resolve(enclaveEncryptorType),
            enclaveType,
            Optional.of(containerNetwork),
            false,
@ -87,7 +101,7 @@ public class PrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
    charlie =
        privacyBesu.createPrivateTransactionEnabledNode(
            "node3",
-            privacyAccountResolver.resolve(2),
+            PrivacyAccountResolver.CHARLIE.resolve(enclaveEncryptorType),
            enclaveType,
            Optional.of(containerNetwork),
            false,
@ -104,7 +118,10 @@ public class PrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
  @Test
  public void onlyAliceAndBobCanExecuteContract() {
    // Contract address is generated from sender address and transaction nonce
-    final String contractAddress = "0xebf56429e6500e84442467292183d4d621359838";
+    final String contractAddress =
+        EnclaveEncryptorType.EC.equals(enclaveEncryptorType)
+            ? "0x3e5d325a03ad3ce5640502219833d30b89ce3ce1"
+            : "0xebf56429e6500e84442467292183d4d621359838";

    final EventEmitter eventEmitter =
        alice.execute(
@ -162,7 +179,10 @@ public class PrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
  @Test
  public void aliceCanUsePrivDistributeTransaction() {
    // Contract address is generated from sender address and transaction nonce
-    final String contractAddress = "0xebf56429e6500e84442467292183d4d621359838";
+    final String contractAddress =
+        EnclaveEncryptorType.EC.equals(enclaveEncryptorType)
+            ? "0x3e5d325a03ad3ce5640502219833d30b89ce3ce1"
+            : "0xebf56429e6500e84442467292183d4d621359838";

    final RawPrivateTransaction rawPrivateTransaction =
        RawPrivateTransaction.createContractTransaction(
@ -208,6 +228,22 @@ public class PrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {

    final String transactionHash = alice.execute(ethTransactions.sendRawTransaction(signedPmt));

+    final String receiptPrivateFrom =
+        EnclaveEncryptorType.EC.equals(enclaveEncryptorType)
+            ? "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAES8nC4qT/KdoAoTSF3qs/47DUsDihyVbWiRjZAiyvqp9eSDkqV1RzlM+58oOwnpFRwvWNZM+AxMVxT+MvxdsqMA=="
+            : "A1aVtMxLCUHmBVHXoZzzBgPbW/wj5axDpW9X8l91SGo=";
+    final ArrayList<String> receiptPrivateFor =
+        EnclaveEncryptorType.EC.equals(enclaveEncryptorType)
+            ? new ArrayList<>(
+                Collections.singletonList(
+                    "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXIgZqRA25V+3nN+Do6b5r0jiUunub6ubjPhqwHpPxP44uUYh9RKCQNRnsqCJ9PjeTnC8R3ieJk7HWAlycU1bug=="))
+            : new ArrayList<>(
+                Collections.singletonList("Ko2bVqD+nNlNYL5EE7y3IdOnviftjiizpjRt+HTuFBs="));
+    final String receiptPrivacyGroupId =
+        EnclaveEncryptorType.EC.equals(enclaveEncryptorType)
+            ? "MjuFB4b9Hz+f8zvkWWasxZWRjHWXU4t7B2nOHo4mekA="
+            : "DyAOiF/ynpc+JXa2YAGB0bCitSlOMNm+ShmB/7M6C4w=";
+
    final PrivateTransactionReceipt expectedReceipt =
        new PrivateTransactionReceipt(
            contractAddress,
@ -217,10 +253,9 @@ public class PrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
            Collections.emptyList(),
            "0x023955c49d6265c579561940287449242704d5fd239ff07ea36a3fc7aface61c",
            "0x82e521ee16ff13104c5f81e8354ecaaafd5450b710b07f620204032bfe76041a",
-            "A1aVtMxLCUHmBVHXoZzzBgPbW/wj5axDpW9X8l91SGo=",
-            new ArrayList<>(
-                Collections.singletonList("Ko2bVqD+nNlNYL5EE7y3IdOnviftjiizpjRt+HTuFBs=")),
-            "DyAOiF/ynpc+JXa2YAGB0bCitSlOMNm+ShmB/7M6C4w=",
+            receiptPrivateFrom,
+            receiptPrivateFor,
+            receiptPrivacyGroupId,
            "0x1",
            null);

@ -244,7 +279,10 @@ public class PrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {

  @Test
  public void aliceCanDeployMultipleTimesInSingleGroup() {
-    final String firstDeployedAddress = "0xebf56429e6500e84442467292183d4d621359838";
+    final String firstDeployedAddress =
+        EnclaveEncryptorType.EC.equals(enclaveEncryptorType)
+            ? "0x3e5d325a03ad3ce5640502219833d30b89ce3ce1"
+            : "0xebf56429e6500e84442467292183d4d621359838";

    final EventEmitter firstEventEmitter =
        alice.execute(
@ -258,7 +296,10 @@ public class PrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
        .validPrivateContractDeployed(firstDeployedAddress, alice.getAddress().toString())
        .verify(firstEventEmitter);

-    final String secondDeployedAddress = "0x10f807f8a905da5bd319196da7523c6bd768690f";
+    final String secondDeployedAddress =
+        EnclaveEncryptorType.EC.equals(enclaveEncryptorType)
+            ? "0x5194e214fae257530710d18c868df7a295d9d53b"
+            : "0x10f807f8a905da5bd319196da7523c6bd768690f";

    final EventEmitter secondEventEmitter =
        alice.execute(
@ -276,7 +317,10 @@ public class PrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
  @Test
  public void canInteractWithMultiplePrivacyGroups() {
    // alice deploys contract
-    final String firstDeployedAddress = "0xff206d21150a8da5b83629d8a722f3135ed532b1";
+    final String firstDeployedAddress =
+        EnclaveEncryptorType.EC.equals(enclaveEncryptorType)
+            ? "0x760359bc605b3848f5199829bde6b382d90fb8eb"
+            : "0xff206d21150a8da5b83629d8a722f3135ed532b1";

    final EventEmitter firstEventEmitter =
        alice.execute(
@ -316,7 +360,10 @@ public class PrivacyClusterAcceptanceTest extends PrivacyAcceptanceTestBase {
            firstTransactionHash, firstExpectedReceipt));

    // alice deploys second contract
-    final String secondDeployedAddress = "0xebf56429e6500e84442467292183d4d621359838";
+    final String secondDeployedAddress =
+        EnclaveEncryptorType.EC.equals(enclaveEncryptorType)
+            ? "0x3e5d325a03ad3ce5640502219833d30b89ce3ce1"
+            : "0xebf56429e6500e84442467292183d4d621359838";

    final EventEmitter secondEventEmitter =
        alice.execute(
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivacyGroupAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivacyGroupAcceptanceTest.java
@ -15,16 +15,22 @@
 package org.hyperledger.besu.tests.acceptance.privacy;

 import static org.assertj.core.api.Assertions.assertThat;
+import static org.hyperledger.enclave.testutil.EnclaveEncryptorType.EC;
+import static org.hyperledger.enclave.testutil.EnclaveEncryptorType.NACL;
+import static org.hyperledger.enclave.testutil.EnclaveType.TESSERA;
 import static org.web3j.utils.Restriction.RESTRICTED;

 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyAcceptanceTestBase;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
+import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.web3j.generated.EventEmitter;
 import org.hyperledger.besu.util.Log4j2ConfiguratorUtil;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
 import java.math.BigInteger;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Optional;

@ -45,19 +51,25 @@ public class PrivacyGroupAcceptanceTest extends PrivacyAcceptanceTestBase {
  private final PrivacyNode bob;
  private final PrivacyNode charlie;

-  @Parameters(name = "{0}")
-  public static Collection<EnclaveType> enclaveTypes() {
-    return EnclaveType.valuesForTests();
+  @Parameters(name = "{0} enclave type with {1} encryptor")
+  public static Collection<Object[]> enclaveParameters() {
+    return Arrays.asList(
+        new Object[][] {
+          {TESSERA, NACL},
+          {TESSERA, EC}
+        });
  }

-  public PrivacyGroupAcceptanceTest(final EnclaveType enclaveType) throws IOException {
+  public PrivacyGroupAcceptanceTest(
+      final EnclaveType enclaveType, final EnclaveEncryptorType enclaveEncryptorType)
+      throws IOException {

    final Network containerNetwork = Network.newNetwork();

    alice =
        privacyBesu.createPrivateTransactionEnabledMinerNode(
            "node1",
-            privacyAccountResolver.resolve(0),
+            PrivacyAccountResolver.ALICE.resolve(enclaveEncryptorType),
            enclaveType,
            Optional.of(containerNetwork),
            false,
@ -66,7 +78,7 @@ public class PrivacyGroupAcceptanceTest extends PrivacyAcceptanceTestBase {
    bob =
        privacyBesu.createPrivateTransactionEnabledNode(
            "node2",
-            privacyAccountResolver.resolve(1),
+            PrivacyAccountResolver.BOB.resolve(enclaveEncryptorType),
            enclaveType,
            Optional.of(containerNetwork),
            false,
@ -76,7 +88,7 @@ public class PrivacyGroupAcceptanceTest extends PrivacyAcceptanceTestBase {
    charlie =
        privacyBesu.createPrivateTransactionEnabledNode(
            "node3",
-            privacyAccountResolver.resolve(2),
+            PrivacyAccountResolver.CHARLIE.resolve(enclaveEncryptorType),
            enclaveType,
            Optional.of(containerNetwork),
            false,
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivacyReceiptAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivacyReceiptAcceptanceTest.java
@ -27,6 +27,7 @@ import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.acceptance.dsl.transaction.Transaction;
 import org.hyperledger.besu.tests.acceptance.dsl.transaction.miner.MinerTransactions;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
@ -41,14 +42,17 @@ public class PrivacyReceiptAcceptanceTest extends ParameterizedEnclaveTestBase {

  private final PrivacyNode alice;

-  public PrivacyReceiptAcceptanceTest(final Restriction restriction, final EnclaveType enclaveType)
+  public PrivacyReceiptAcceptanceTest(
+      final Restriction restriction,
+      final EnclaveType enclaveType,
+      final EnclaveEncryptorType enclaveEncryptorType)
      throws IOException {
-    super(restriction, enclaveType);
+    super(restriction, enclaveType, enclaveEncryptorType);

    alice =
        privacyBesu.createIbft2NodePrivacyEnabled(
            "node1",
-            PrivacyAccountResolver.ALICE,
+            PrivacyAccountResolver.ALICE.resolve(enclaveEncryptorType),
            false,
            enclaveType,
            Optional.empty(),
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivateContractPublicStateAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivateContractPublicStateAcceptanceTest.java
@ -21,10 +21,12 @@ import static org.web3j.utils.Restriction.UNRESTRICTED;

 import org.hyperledger.besu.tests.acceptance.dsl.privacy.ParameterizedEnclaveTestBase;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
+import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.web3j.generated.CrossContractReader;
 import org.hyperledger.besu.tests.web3j.generated.EventEmitter;
 import org.hyperledger.besu.tests.web3j.generated.RemoteSimpleStorage;
 import org.hyperledger.besu.tests.web3j.generated.SimpleStorage;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
@ -45,14 +47,17 @@ public class PrivateContractPublicStateAcceptanceTest extends ParameterizedEncla
  private final PrivacyNode transactionNode;

  public PrivateContractPublicStateAcceptanceTest(
-      final Restriction restriction, final EnclaveType enclaveType) throws IOException {
-    super(restriction, enclaveType);
+      final Restriction restriction,
+      final EnclaveType enclaveType,
+      final EnclaveEncryptorType enclaveEncryptorType)
+      throws IOException {
+    super(restriction, enclaveType, enclaveEncryptorType);
    final Network containerNetwork = Network.newNetwork();

    final PrivacyNode minerNode =
        privacyBesu.createPrivateTransactionEnabledMinerNode(
            restriction + "-miner-node",
-            privacyAccountResolver.resolve(0),
+            PrivacyAccountResolver.ALICE.resolve(enclaveEncryptorType),
            enclaveType,
            Optional.of(containerNetwork),
            false,
@ -62,7 +67,7 @@ public class PrivateContractPublicStateAcceptanceTest extends ParameterizedEncla
    transactionNode =
        privacyBesu.createPrivateTransactionEnabledNode(
            restriction + "-transaction-node",
-            privacyAccountResolver.resolve(1),
+            PrivacyAccountResolver.BOB.resolve(enclaveEncryptorType),
            enclaveType,
            Optional.of(containerNetwork),
            false,
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivateGenesisAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivateGenesisAcceptanceTest.java
@ -22,6 +22,7 @@ import org.hyperledger.besu.tests.acceptance.dsl.privacy.ParameterizedEnclaveTes
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.web3j.generated.EventEmitter;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
@ -38,15 +39,18 @@ import org.web3j.utils.Restriction;
 public class PrivateGenesisAcceptanceTest extends ParameterizedEnclaveTestBase {
  private final PrivacyNode alice;

-  public PrivateGenesisAcceptanceTest(final Restriction restriction, final EnclaveType enclaveType)
+  public PrivateGenesisAcceptanceTest(
+      final Restriction restriction,
+      final EnclaveType enclaveType,
+      final EnclaveEncryptorType enclaveEncryptorType)
      throws IOException {

-    super(restriction, enclaveType);
+    super(restriction, enclaveType, enclaveEncryptorType);

    alice =
        privacyBesu.createIbft2NodePrivacyEnabledWithGenesis(
            "node1",
-            PrivacyAccountResolver.ALICE,
+            PrivacyAccountResolver.ALICE.resolve(enclaveEncryptorType),
            true,
            enclaveType,
            Optional.empty(),
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivateLogFilterAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/PrivateLogFilterAcceptanceTest.java
@ -22,6 +22,7 @@ import org.hyperledger.besu.tests.acceptance.dsl.privacy.PrivacyNode;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.account.PrivacyAccountResolver;
 import org.hyperledger.besu.tests.acceptance.dsl.privacy.util.LogFilterJsonParameter;
 import org.hyperledger.besu.tests.web3j.generated.EventEmitter;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.io.IOException;
@ -41,14 +42,17 @@ public class PrivateLogFilterAcceptanceTest extends ParameterizedEnclaveTestBase
  private final PrivacyNode node;

  public PrivateLogFilterAcceptanceTest(
-      final Restriction restriction, final EnclaveType enclaveType) throws IOException {
+      final Restriction restriction,
+      final EnclaveType enclaveType,
+      final EnclaveEncryptorType enclaveEncryptorType)
+      throws IOException {

-    super(restriction, enclaveType);
+    super(restriction, enclaveType, enclaveEncryptorType);

    node =
        privacyBesu.createPrivateTransactionEnabledMinerNode(
            restriction + "-node",
-            PrivacyAccountResolver.ALICE,
+            PrivacyAccountResolver.ALICE.resolve(enclaveEncryptorType),
            enclaveType,
            Optional.empty(),
            false,
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/multitenancy/FlexibleMultiTenancyAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/multitenancy/FlexibleMultiTenancyAcceptanceTest.java
@ -28,6 +28,7 @@ import org.hyperledger.besu.tests.acceptance.dsl.transaction.perm.PermissioningT
 import org.hyperledger.besu.tests.acceptance.dsl.transaction.privacy.PrivacyRequestFactory;
 import org.hyperledger.besu.tests.acceptance.privacy.FlexiblePrivacyAcceptanceTestBase;
 import org.hyperledger.besu.tests.web3j.generated.EventEmitter;
+import org.hyperledger.enclave.testutil.EnclaveEncryptorType;
 import org.hyperledger.enclave.testutil.EnclaveType;

 import java.math.BigInteger;
@ -73,7 +74,11 @@ public class FlexibleMultiTenancyAcceptanceTest extends FlexiblePrivacyAcceptanc
  public void setUp() throws Exception {
    alice =
        privacyBesu.createFlexiblePrivacyGroupEnabledMinerNode(
-            "node1", PrivacyAccountResolver.MULTI_TENANCY, true, enclaveType, Optional.empty());
+            "node1",
+            PrivacyAccountResolver.MULTI_TENANCY.resolve(EnclaveEncryptorType.NACL),
+            true,
+            enclaveType,
+            Optional.empty());
    final BesuNode aliceBesu = alice.getBesu();
    privacyCluster.startNodes(alice);
    final String alice1Token =
--- a/besu/src/main/java/org/hyperledger/besu/cli/BesuCommand.java
+++ b/besu/src/main/java/org/hyperledger/besu/cli/BesuCommand.java
@ -2024,10 +2024,6 @@ public class BesuCommand implements DefaultCommandValues, Runnable {
          "--privacy-public-key-file must be set if isQuorum is set in the genesis file.",
          e);
    }
-    if (key.length() != 44) {
-      throw new IllegalArgumentException(
-          "Contents of enclave public key file needs to be 44 characters long to decode to a valid 32 byte public key.");
-    }
    // throws exception if invalid base 64
    Base64.getDecoder().decode(key);

--- a/besu/src/test/java/org/hyperledger/besu/cli/BesuCommandTest.java
+++ b/besu/src/test/java/org/hyperledger/besu/cli/BesuCommandTest.java
@ -4826,7 +4826,8 @@ public class BesuCommandTest extends CommandTestAbstract {
    assertThat(commandOutput.toString(UTF_8)).isEmpty();
    assertThat(commandErrorOutput.toString(UTF_8))
        .startsWith("Contents of privacy-public-key-file invalid");
-    assertThat(commandErrorOutput.toString(UTF_8)).contains("needs to be 44 characters long");
+    assertThat(commandErrorOutput.toString(UTF_8))
+        .contains("Last unit does not have enough valid bits");
  }

  @Test
--- a/enclave/src/main/java/org/hyperledger/besu/enclave/Enclave.java
+++ b/enclave/src/main/java/org/hyperledger/besu/enclave/Enclave.java
@ -195,9 +195,9 @@ public class Enclave {

  private String removeBase64(final String input) {
    if (input.contains("=")) {
-      final String startInclBase64 = input.substring(0, input.indexOf('='));
+      final String startInclBase64 = input.substring(0, input.lastIndexOf('='));
      final String startTrimmed = startInclBase64.substring(0, startInclBase64.lastIndexOf(" "));
-      final String end = input.substring(input.indexOf("="));
+      final String end = input.substring(input.lastIndexOf("="));
      if (end.length() > 1) {
        // Base64 in middle
        return startTrimmed + end.substring(1);
--- a/ethereum/core/src/main/java/org/hyperledger/besu/ethereum/core/PrivacyParameters.java
+++ b/ethereum/core/src/main/java/org/hyperledger/besu/ethereum/core/PrivacyParameters.java
@ -339,7 +339,8 @@ public class PrivacyParameters {
    public Builder setPrivacyUserIdUsingFile(final File publicKeyFile) throws IOException {
      this.enclavePublicKeyFile = publicKeyFile;
      this.privacyUserId = Files.asCharSource(publicKeyFile, UTF_8).read();
-      validatePublicKey(publicKeyFile);
+      // throws exception if invalid base 64
+      Base64.getDecoder().decode(this.privacyUserId);
      return this;
    }

@ -400,14 +401,5 @@ public class PrivacyParameters {
      config.setGoQuorumPrivacyParameters(goQuorumPrivacyParameters);
      return config;
    }
-
-    private void validatePublicKey(final File publicKeyFile) {
-      if (publicKeyFile.length() != 44) {
-        throw new IllegalArgumentException(
-            "Contents of enclave public key file needs to be 44 characters long to decode to a valid 32 byte public key.");
-      }
-      // throws exception if invalid base 64
-      Base64.getDecoder().decode(this.privacyUserId);
-    }
  }
 }
--- a/testutil/src/main/java/org/hyperledger/enclave/testutil/EnclaveConfiguration.java
+++ b/testutil/src/main/java/org/hyperledger/enclave/testutil/EnclaveConfiguration.java
@ -22,6 +22,7 @@ public class EnclaveConfiguration {

  private final Path[] publicKeys;
  private final Path[] privateKeys;
+  private final EnclaveEncryptorType enclaveEncryptorType;
  private final Path tempDir;
  private final List<String> otherNodes = new ArrayList<>();
  private final boolean clearKnownNodes;
@ -32,6 +33,7 @@ public class EnclaveConfiguration {
      final String name,
      final Path[] publicKeys,
      final Path[] privateKeys,
+      final EnclaveEncryptorType enclaveEncryptorType,
      final Path tempDir,
      final List<String> otherNodes,
      final boolean clearKnownNodes,
@ -39,6 +41,7 @@ public class EnclaveConfiguration {

    this.publicKeys = publicKeys;
    this.privateKeys = privateKeys;
+    this.enclaveEncryptorType = enclaveEncryptorType;
    this.tempDir = tempDir;
    this.otherNodes.addAll(otherNodes);
    this.clearKnownNodes = clearKnownNodes;
@ -77,4 +80,8 @@ public class EnclaveConfiguration {
  public String getName() {
    return name;
  }
+
+  public EnclaveEncryptorType getEnclaveEncryptorType() {
+    return enclaveEncryptorType;
+  }
 }
--- a/testutil/src/main/java/org/hyperledger/enclave/testutil/EnclaveEncryptorType.java
+++ b/testutil/src/main/java/org/hyperledger/enclave/testutil/EnclaveEncryptorType.java
@ -0,0 +1,44 @@
+/*
+ * Copyright ConsenSys AG.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package org.hyperledger.enclave.testutil;
+
+public enum EnclaveEncryptorType {
+  NACL,
+  EC,
+  NOOP;
+
+  public String toTesseraEncryptorConfigJSON() {
+    switch (this) {
+      case NACL:
+        return "    \"encryptor\":{\n"
+            + "        \"type\":\"NACL\",\n"
+            + "        \"properties\":{\n"
+            + "        }\n"
+            + "    },\n";
+      case EC:
+        return "    \"encryptor\":{\n"
+            + "        \"type\":\"EC\",\n"
+            + "        \"properties\":{\n"
+            + "            \"symmetricCipher\": \"AES/GCM/NoPadding\",\n"
+            + "            \"ellipticCurve\": \"secp256r1\",\n"
+            + "            \"nonceLength\": \"24\",\n"
+            + "            \"sharedKeyLength\": \"32\"\n"
+            + "        }\n"
+            + "    },\n";
+      default:
+        return "";
+    }
+  }
+}
--- a/testutil/src/main/java/org/hyperledger/enclave/testutil/EnclaveKeyConfiguration.java
+++ b/testutil/src/main/java/org/hyperledger/enclave/testutil/EnclaveKeyConfiguration.java
@ -17,15 +17,24 @@ package org.hyperledger.enclave.testutil;
 public class EnclaveKeyConfiguration {
  private final String[] pubKeyPaths;
  private final String[] privKeyPaths;
+  private EnclaveEncryptorType enclaveEncryptorType;

  public EnclaveKeyConfiguration(final String pubKeyPath, final String privKeyPath) {
    this.pubKeyPaths = new String[] {pubKeyPath};
    this.privKeyPaths = new String[] {privKeyPath};
  }

-  public EnclaveKeyConfiguration(final String[] pubKeyPaths, final String[] privKeyPaths) {
+  public EnclaveKeyConfiguration(
+      final String[] pubKeyPaths,
+      final String[] privKeyPaths,
+      final EnclaveEncryptorType enclaveEncryptorType) {
    this.pubKeyPaths = pubKeyPaths;
    this.privKeyPaths = privKeyPaths;
+    this.enclaveEncryptorType = enclaveEncryptorType;
+  }
+
+  public EnclaveKeyConfiguration(final String[] pubKeyPaths, final String[] privKeyPaths) {
+    this(pubKeyPaths, privKeyPaths, EnclaveEncryptorType.NACL);
  }

  public String[] getPubKeyPaths() {
@ -35,4 +44,8 @@ public class EnclaveKeyConfiguration {
  public String[] getPrivKeyPaths() {
    return privKeyPaths;
  }
+
+  public EnclaveEncryptorType getEnclaveEncryptorType() {
+    return enclaveEncryptorType;
+  }
 }
--- a/testutil/src/main/java/org/hyperledger/enclave/testutil/TesseraTestHarness.java
+++ b/testutil/src/main/java/org/hyperledger/enclave/testutil/TesseraTestHarness.java
@ -163,11 +163,7 @@ public class TesseraTestHarness implements EnclaveTestHarness {
    String confString =
        "{\n"
            + "    \"mode\" : \"orion\",\n"
-            + "    \"encryptor\":{\n"
-            + "        \"type\":\"NACL\",\n"
-            + "        \"properties\":{\n"
-            + "        }\n"
-            + "    },\n"
+            + enclaveConfiguration.getEnclaveEncryptorType().toTesseraEncryptorConfigJSON()
            + "    \"useWhiteList\": false,\n"
            + "    \"jdbc\": {\n"
            + "        \"username\": \"sa\",\n"
--- a/testutil/src/main/java/org/hyperledger/enclave/testutil/TesseraTestHarnessFactory.java
+++ b/testutil/src/main/java/org/hyperledger/enclave/testutil/TesseraTestHarnessFactory.java
@ -39,6 +39,7 @@ public class TesseraTestHarnessFactory {
        tempDir,
        enclaveConfig.getPubKeyPaths(),
        enclaveConfig.getPrivKeyPaths(),
+        enclaveConfig.getEnclaveEncryptorType(),
        Collections.emptyList(),
        containerNetwork);
  }
@ -48,12 +49,14 @@ public class TesseraTestHarnessFactory {
      final Path tempDir,
      final String[] pubKeyPaths,
      final String[] privKeyPaths,
+      final EnclaveEncryptorType enclaveEncryptorType,
      final List<String> othernodes,
      final Optional<Network> containerNetwork) {
    final Path[] pubKeys = stringArrayToPathArray(tempDir, pubKeyPaths);
    final Path[] privKeys = stringArrayToPathArray(tempDir, privKeyPaths);

-    return create(name, tempDir, pubKeys, privKeys, othernodes, containerNetwork);
+    return create(
+        name, tempDir, pubKeys, privKeys, enclaveEncryptorType, othernodes, containerNetwork);
  }

  public static TesseraTestHarness create(
@ -61,10 +64,12 @@ public class TesseraTestHarnessFactory {
      final Path tempDir,
      final Path[] key1pubs,
      final Path[] key1keys,
+      final EnclaveEncryptorType enclaveEncryptorType,
      final List<String> othernodes,
      final Optional<Network> containerNetwork) {
    return new TesseraTestHarness(
-        new EnclaveConfiguration(name, key1pubs, key1keys, tempDir, othernodes, false, storage),
+        new EnclaveConfiguration(
+            name, key1pubs, key1keys, enclaveEncryptorType, tempDir, othernodes, false, storage),
        containerNetwork);
  }

--- a/testutil/src/main/resources/enclave_ec_key_0.key
+++ b/testutil/src/main/resources/enclave_ec_key_0.key
@ -0,0 +1 @@
+{"data":{"bytes":"MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCA3i4I2sXNvZ/oP+faqfqFVKhc3lIthuqa5nczOMMmjVg=="},"type":"unlocked"}
--- a/testutil/src/main/resources/enclave_ec_key_0.pub
+++ b/testutil/src/main/resources/enclave_ec_key_0.pub
@ -0,0 +1 @@
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAES8nC4qT/KdoAoTSF3qs/47DUsDihyVbWiRjZAiyvqp9eSDkqV1RzlM+58oOwnpFRwvWNZM+AxMVxT+MvxdsqMA==
--- a/testutil/src/main/resources/enclave_ec_key_1.key
+++ b/testutil/src/main/resources/enclave_ec_key_1.key
@ -0,0 +1 @@
+{"data":{"bytes":"MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCA/80gy3GG2gCdmCk3Xp4hcO06c3OomIf+aH3oZGVSYfQ=="},"type":"unlocked"}
--- a/testutil/src/main/resources/enclave_ec_key_1.pub
+++ b/testutil/src/main/resources/enclave_ec_key_1.pub
@ -0,0 +1 @@
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXIgZqRA25V+3nN+Do6b5r0jiUunub6ubjPhqwHpPxP44uUYh9RKCQNRnsqCJ9PjeTnC8R3ieJk7HWAlycU1bug==
--- a/testutil/src/main/resources/enclave_ec_key_2.key
+++ b/testutil/src/main/resources/enclave_ec_key_2.key
@ -0,0 +1 @@
+{"data":{"bytes":"MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCC64DUSx9FrS2wHVOa1CWMStiq1jo2u7Oef0hzpgOK+8w=="},"type":"unlocked"}
--- a/testutil/src/main/resources/enclave_ec_key_2.pub
+++ b/testutil/src/main/resources/enclave_ec_key_2.pub
@ -0,0 +1 @@
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFl85WnNPyzSEX+evc774xoqUQdjSnQMTE1uIyMOve+iVwjs6dUEUwz5teiKuUUf63a/qYe4n6SGnQ7HnmtDViQ==
				`@ -0,0 +1 @@`
				`{"data":{"bytes":"MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCA3i4I2sXNvZ/oP+faqfqFVKhc3lIthuqa5nczOMMmjVg=="},"type":"unlocked"}`
				`@ -0,0 +1 @@`
				`MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAES8nC4qT/KdoAoTSF3qs/47DUsDihyVbWiRjZAiyvqp9eSDkqV1RzlM+58oOwnpFRwvWNZM+AxMVxT+MvxdsqMA==`
				`@ -0,0 +1 @@`
				`MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXIgZqRA25V+3nN+Do6b5r0jiUunub6ubjPhqwHpPxP44uUYh9RKCQNRnsqCJ9PjeTnC8R3ieJk7HWAlycU1bug==`
				`@ -0,0 +1 @@`
				`MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFl85WnNPyzSEX+evc774xoqUQdjSnQMTE1uIyMOve+iVwjs6dUEUwz5teiKuUUf63a/qYe4n6SGnQ7HnmtDViQ==`