diff --git a/codegen/auth_enclave/bindings.h b/codegen/auth_enclave/bindings.h
index 7b1b2bb4..82acd2ed 100644
--- a/codegen/auth_enclave/bindings.h
+++ b/codegen/auth_enclave/bindings.h
@@ -14,7 +14,7 @@
 
 #define ARCHIVED_ENCLAVE_ID_SIZE 8
 
-#define SET_ACCESS_KEY_REQUEST_SIZE 40
+#define SET_ACCESS_KEY_REQUEST_SIZE 48
 
 #define SET_ACCESS_KEY_RESPONSE_SIZE 1
 
@@ -55,6 +55,88 @@ typedef struct ExecReqMetadata {
   Nonce nonce;
 } ExecReqMetadata;
 
+typedef uint8_t RecommendedAesGcmIv[12];
+
+typedef struct SetAccessKeyEncryptedResponse {
+  sgx_aes_gcm_128bit_tag_t tag;
+  uint8_t ciphertext[SET_ACCESS_KEY_RESPONSE_SIZE];
+  uint8_t aad[0];
+  RecommendedAesGcmIv nonce;
+} SetAccessKeyEncryptedResponse;
+
+/**
+ * Failed to acquire session / protected channel.
+ *
+ * See: `rtc_tenclave::dh::sessions::DhSessions`
+ */
+typedef enum AcquireSessionError_Tag {
+  /**
+   * This should generally be treated as an unrecoverable error.
+   */
+  ACQUIRE_SESSION_ERROR_CHANNEL_MUTEX_POISONED,
+  ACQUIRE_SESSION_ERROR_NO_ACTIVE_SESSION,
+  ACQUIRE_SESSION_ERROR_SGX,
+} AcquireSessionError_Tag;
+
+typedef struct AcquireSessionError {
+  AcquireSessionError_Tag tag;
+  union {
+    struct {
+      sgx_enclave_id_t no_active_session;
+    };
+    struct {
+      sgx_status_t sgx;
+    };
+  };
+} AcquireSessionError;
+
+typedef enum SealingError_Tag {
+  SEALING_ERROR_CHANNEL_NOT_FOUND,
+  SEALING_ERROR_RKYV_BUFFER_SERIALIZER_ERROR,
+  SEALING_ERROR_SGX,
+} SealingError_Tag;
+
+typedef struct SealingError {
+  SealingError_Tag tag;
+  union {
+    struct {
+      struct AcquireSessionError channel_not_found;
+    };
+    struct {
+      sgx_status_t sgx;
+    };
+  };
+} SealingError;
+
+/**
+ * FFI safe result type that can be converted to and from a rust result.
+ */
+typedef enum EcallResult_SetAccessKeyEncryptedResponse__SealingError_Tag {
+  ECALL_RESULT_SET_ACCESS_KEY_ENCRYPTED_RESPONSE_SEALING_ERROR_OK_SET_ACCESS_KEY_ENCRYPTED_RESPONSE_SEALING_ERROR,
+  ECALL_RESULT_SET_ACCESS_KEY_ENCRYPTED_RESPONSE_SEALING_ERROR_ERR_SET_ACCESS_KEY_ENCRYPTED_RESPONSE_SEALING_ERROR,
+} EcallResult_SetAccessKeyEncryptedResponse__SealingError_Tag;
+
+typedef struct EcallResult_SetAccessKeyEncryptedResponse__SealingError {
+  EcallResult_SetAccessKeyEncryptedResponse__SealingError_Tag tag;
+  union {
+    struct {
+      struct SetAccessKeyEncryptedResponse ok;
+    };
+    struct {
+      struct SealingError err;
+    };
+  };
+} EcallResult_SetAccessKeyEncryptedResponse__SealingError;
+
+typedef struct EcallResult_SetAccessKeyEncryptedResponse__SealingError SetAccessKeyResult;
+
+typedef struct SetAccessKeyEncryptedRequest {
+  sgx_aes_gcm_128bit_tag_t tag;
+  uint8_t ciphertext[SET_ACCESS_KEY_REQUEST_SIZE];
+  uint8_t aad[ARCHIVED_ENCLAVE_ID_SIZE];
+  RecommendedAesGcmIv nonce;
+} SetAccessKeyEncryptedRequest;
+
 /**
  * FFI safe result type that can be converted to and from a rust result.
  */
diff --git a/codegen/auth_enclave/rtc_auth_t.c b/codegen/auth_enclave/rtc_auth_t.c
index fdab0226..13d9ad7f 100644
--- a/codegen/auth_enclave/rtc_auth_t.c
+++ b/codegen/auth_enclave/rtc_auth_t.c
@@ -34,6 +34,11 @@ typedef struct ms_enclave_create_report_t {
 	sgx_report_t* ms_p_report;
 } ms_enclave_create_report_t;
 
+typedef struct ms_save_access_key_t {
+	SetAccessKeyResult ms_retval;
+	SetAccessKeyEncryptedRequest ms_encrypted_request;
+} ms_save_access_key_t;
+
 typedef struct ms_issue_execution_token_t {
 	IssueTokenResult ms_retval;
 	const uint8_t* ms_payload_ptr;
@@ -653,6 +658,24 @@ static sgx_status_t SGX_CDECL sgx_enclave_create_report(void* pms)
 	return status;
 }
 
+static sgx_status_t SGX_CDECL sgx_save_access_key(void* pms)
+{
+	CHECK_REF_POINTER(pms, sizeof(ms_save_access_key_t));
+	//
+	// fence after pointer checks
+	//
+	sgx_lfence();
+	ms_save_access_key_t* ms = SGX_CAST(ms_save_access_key_t*, pms);
+	sgx_status_t status = SGX_SUCCESS;
+
+
+
+	ms->ms_retval = save_access_key(ms->ms_encrypted_request);
+
+
+	return status;
+}
+
 static sgx_status_t SGX_CDECL sgx_issue_execution_token(void* pms)
 {
 	CHECK_REF_POINTER(pms, sizeof(ms_issue_execution_token_t));
@@ -911,11 +934,12 @@ static sgx_status_t SGX_CDECL sgx_end_session(void* pms)
 
 SGX_EXTERNC const struct {
 	size_t nr_ecall;
-	struct {void* ecall_addr; uint8_t is_priv; uint8_t is_switchless;} ecall_table[7];
+	struct {void* ecall_addr; uint8_t is_priv; uint8_t is_switchless;} ecall_table[8];
 } g_ecall_table = {
-	7,
+	8,
 	{
 		{(void*)(uintptr_t)sgx_enclave_create_report, 0, 0},
+		{(void*)(uintptr_t)sgx_save_access_key, 0, 0},
 		{(void*)(uintptr_t)sgx_issue_execution_token, 0, 0},
 		{(void*)(uintptr_t)sgx_t_global_init_ecall, 0, 0},
 		{(void*)(uintptr_t)sgx_t_global_exit_ecall, 0, 0},
@@ -927,83 +951,83 @@ SGX_EXTERNC const struct {
 
 SGX_EXTERNC const struct {
 	size_t nr_ocall;
-	uint8_t entry_table[73][7];
+	uint8_t entry_table[73][8];
 } g_dyn_entry_table = {
 	73,
 	{
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
-		{0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
+		{0, 0, 0, 0, 0, 0, 0, 0, },
 	}
 };
 
diff --git a/codegen/auth_enclave/rtc_auth_t.h b/codegen/auth_enclave/rtc_auth_t.h
index 73083339..1194f482 100644
--- a/codegen/auth_enclave/rtc_auth_t.h
+++ b/codegen/auth_enclave/rtc_auth_t.h
@@ -26,6 +26,7 @@ extern "C" {
 #endif
 
 CreateReportResult enclave_create_report(const sgx_target_info_t* p_qe3_target, EnclaveHeldData enclave_data, sgx_report_t* p_report);
+SetAccessKeyResult save_access_key(SetAccessKeyEncryptedRequest encrypted_request);
 IssueTokenResult issue_execution_token(const uint8_t* payload_ptr, size_t payload_len, const ExecReqMetadata* metadata, uint8_t* out_token_ptr, size_t out_token_capacity, size_t* out_token_used);
 void t_global_init_ecall(uint64_t id, const uint8_t* path, size_t len);
 void t_global_exit_ecall(void);
diff --git a/codegen/auth_enclave/rtc_auth_u.c b/codegen/auth_enclave/rtc_auth_u.c
index 8c77d079..c2f171c6 100644
--- a/codegen/auth_enclave/rtc_auth_u.c
+++ b/codegen/auth_enclave/rtc_auth_u.c
@@ -8,6 +8,11 @@ typedef struct ms_enclave_create_report_t {
 	sgx_report_t* ms_p_report;
 } ms_enclave_create_report_t;
 
+typedef struct ms_save_access_key_t {
+	SetAccessKeyResult ms_retval;
+	SetAccessKeyEncryptedRequest ms_encrypted_request;
+} ms_save_access_key_t;
+
 typedef struct ms_issue_execution_token_t {
 	IssueTokenResult ms_retval;
 	const uint8_t* ms_payload_ptr;
@@ -1225,6 +1230,16 @@ sgx_status_t rtc_auth_enclave_create_report(sgx_enclave_id_t eid, CreateReportRe
 	return status;
 }
 
+sgx_status_t rtc_auth_save_access_key(sgx_enclave_id_t eid, SetAccessKeyResult* retval, SetAccessKeyEncryptedRequest encrypted_request)
+{
+	sgx_status_t status;
+	ms_save_access_key_t ms;
+	ms.ms_encrypted_request = encrypted_request;
+	status = sgx_ecall(eid, 1, &ocall_table_rtc_auth, &ms);
+	if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval;
+	return status;
+}
+
 sgx_status_t rtc_auth_issue_execution_token(sgx_enclave_id_t eid, IssueTokenResult* retval, const uint8_t* payload_ptr, size_t payload_len, const ExecReqMetadata* metadata, uint8_t* out_token_ptr, size_t out_token_capacity, size_t* out_token_used)
 {
 	sgx_status_t status;
@@ -1235,7 +1250,7 @@ sgx_status_t rtc_auth_issue_execution_token(sgx_enclave_id_t eid, IssueTokenResu
 	ms.ms_out_token_ptr = out_token_ptr;
 	ms.ms_out_token_capacity = out_token_capacity;
 	ms.ms_out_token_used = out_token_used;
-	status = sgx_ecall(eid, 1, &ocall_table_rtc_auth, &ms);
+	status = sgx_ecall(eid, 2, &ocall_table_rtc_auth, &ms);
 	if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval;
 	return status;
 }
@@ -1247,14 +1262,14 @@ sgx_status_t rtc_auth_t_global_init_ecall(sgx_enclave_id_t eid, uint64_t id, con
 	ms.ms_id = id;
 	ms.ms_path = path;
 	ms.ms_len = len;
-	status = sgx_ecall(eid, 2, &ocall_table_rtc_auth, &ms);
+	status = sgx_ecall(eid, 3, &ocall_table_rtc_auth, &ms);
 	return status;
 }
 
 sgx_status_t rtc_auth_t_global_exit_ecall(sgx_enclave_id_t eid)
 {
 	sgx_status_t status;
-	status = sgx_ecall(eid, 3, &ocall_table_rtc_auth, NULL);
+	status = sgx_ecall(eid, 4, &ocall_table_rtc_auth, NULL);
 	return status;
 }
 
@@ -1263,7 +1278,7 @@ sgx_status_t rtc_auth_session_request(sgx_enclave_id_t eid, SessionRequestResult
 	sgx_status_t status;
 	ms_session_request_t ms;
 	ms.ms_src_enclave_id = src_enclave_id;
-	status = sgx_ecall(eid, 4, &ocall_table_rtc_auth, &ms);
+	status = sgx_ecall(eid, 5, &ocall_table_rtc_auth, &ms);
 	if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval;
 	return status;
 }
@@ -1274,7 +1289,7 @@ sgx_status_t rtc_auth_exchange_report(sgx_enclave_id_t eid, ExchangeReportResult
 	ms_exchange_report_t ms;
 	ms.ms_src_enclave_id = src_enclave_id;
 	ms.ms_dh_msg2 = dh_msg2;
-	status = sgx_ecall(eid, 5, &ocall_table_rtc_auth, &ms);
+	status = sgx_ecall(eid, 6, &ocall_table_rtc_auth, &ms);
 	if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval;
 	return status;
 }
@@ -1284,7 +1299,7 @@ sgx_status_t rtc_auth_end_session(sgx_enclave_id_t eid, sgx_status_t* retval, sg
 	sgx_status_t status;
 	ms_end_session_t ms;
 	ms.ms_src_enclave_id = src_enclave_id;
-	status = sgx_ecall(eid, 6, &ocall_table_rtc_auth, &ms);
+	status = sgx_ecall(eid, 7, &ocall_table_rtc_auth, &ms);
 	if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval;
 	return status;
 }
diff --git a/codegen/auth_enclave/rtc_auth_u.h b/codegen/auth_enclave/rtc_auth_u.h
index 38074d3c..69a6a9ba 100644
--- a/codegen/auth_enclave/rtc_auth_u.h
+++ b/codegen/auth_enclave/rtc_auth_u.h
@@ -320,6 +320,7 @@ int32_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_do_file_recovery, (const
 #endif
 
 sgx_status_t rtc_auth_enclave_create_report(sgx_enclave_id_t eid, CreateReportResult* retval, const sgx_target_info_t* p_qe3_target, EnclaveHeldData enclave_data, sgx_report_t* p_report);
+sgx_status_t rtc_auth_save_access_key(sgx_enclave_id_t eid, SetAccessKeyResult* retval, SetAccessKeyEncryptedRequest encrypted_request);
 sgx_status_t rtc_auth_issue_execution_token(sgx_enclave_id_t eid, IssueTokenResult* retval, const uint8_t* payload_ptr, size_t payload_len, const ExecReqMetadata* metadata, uint8_t* out_token_ptr, size_t out_token_capacity, size_t* out_token_used);
 sgx_status_t rtc_auth_t_global_init_ecall(sgx_enclave_id_t eid, uint64_t id, const uint8_t* path, size_t len);
 sgx_status_t rtc_auth_t_global_exit_ecall(sgx_enclave_id_t eid);
diff --git a/codegen/data_enclave/bindings.h b/codegen/data_enclave/bindings.h
index f84efde4..9c07553b 100644
--- a/codegen/data_enclave/bindings.h
+++ b/codegen/data_enclave/bindings.h
@@ -14,7 +14,7 @@
 
 #define ARCHIVED_ENCLAVE_ID_SIZE 8
 
-#define SET_ACCESS_KEY_REQUEST_SIZE 40
+#define SET_ACCESS_KEY_REQUEST_SIZE 48
 
 #define SET_ACCESS_KEY_RESPONSE_SIZE 1
 
diff --git a/codegen/exec_enclave/bindings.h b/codegen/exec_enclave/bindings.h
index 949ef402..29da62e9 100644
--- a/codegen/exec_enclave/bindings.h
+++ b/codegen/exec_enclave/bindings.h
@@ -14,7 +14,7 @@
 
 #define ARCHIVED_ENCLAVE_ID_SIZE 8
 
-#define SET_ACCESS_KEY_REQUEST_SIZE 40
+#define SET_ACCESS_KEY_REQUEST_SIZE 48
 
 #define SET_ACCESS_KEY_RESPONSE_SIZE 1
 
diff --git a/rtc_auth_enclave/rtc_auth.edl b/rtc_auth_enclave/rtc_auth.edl
index f10f7c83..ba4e0dc7 100644
--- a/rtc_auth_enclave/rtc_auth.edl
+++ b/rtc_auth_enclave/rtc_auth.edl
@@ -13,6 +13,9 @@ enclave {
         public CreateReportResult enclave_create_report([in]const sgx_target_info_t* p_qe3_target,
                                               [out, isary]EnclaveHeldData enclave_data,
                                               [out]sgx_report_t* p_report);
+
+        public SetAccessKeyResult save_access_key(SetAccessKeyEncryptedRequest encrypted_request);
+
         public IssueTokenResult issue_execution_token([in, count=payload_len]const uint8_t* payload_ptr,
                                           size_t payload_len,
                                           [in]const ExecReqMetadata* metadata,
diff --git a/rtc_auth_enclave/src/ecalls/mod.rs b/rtc_auth_enclave/src/ecalls/mod.rs
new file mode 100644
index 00000000..e82fa3cc
--- /dev/null
+++ b/rtc_auth_enclave/src/ecalls/mod.rs
@@ -0,0 +1,6 @@
+//! ECALL definitions
+
+mod save_access_key;
+mod save_access_key_impl;
+
+pub use save_access_key::save_access_key;
diff --git a/rtc_auth_enclave/src/ecalls/save_access_key.rs b/rtc_auth_enclave/src/ecalls/save_access_key.rs
new file mode 100644
index 00000000..74c8380f
--- /dev/null
+++ b/rtc_auth_enclave/src/ecalls/save_access_key.rs
@@ -0,0 +1,59 @@
+//! ECALL definition: [`save_access_key`]
+
+use rtc_tenclave::dh::{sealing, ProtectedChannel};
+use rtc_types::enclave_messages::{ffi_set_access_key, set_access_key};
+use sgx_types::sgx_enclave_id_t;
+
+use crate::ecalls::save_access_key_impl::save_access_key_impl;
+use crate::DhSessions;
+
+/// FFI wrapper.
+///
+/// This takes care of converting between the [`ffi_set_access_key`] and [`set_access_key`] types.
+#[no_mangle]
+pub unsafe extern "C" fn save_access_key(
+    encrypted_request: ffi_set_access_key::SetAccessKeyEncryptedRequest,
+) -> ffi_set_access_key::SetAccessKeyResult {
+    let encrypted_request: set_access_key::EncryptedRequest = encrypted_request.into();
+    let result: set_access_key::SetAccessKeyResult =
+        unsafe { save_access_key_acquiring_channel(encrypted_request) };
+    result.into()
+}
+
+/// This takes care of acquiring the sending enclave's channel.
+unsafe fn save_access_key_acquiring_channel(
+    encrypted_request: set_access_key::EncryptedRequest,
+) -> set_access_key::SetAccessKeyResult {
+    let &claimed_sending_enclave_id = unsafe {
+        sealing::rkyv_peek_associated::<set_access_key::Request, sgx_enclave_id_t>(
+            &encrypted_request,
+        )
+    };
+
+    let sessions: &DhSessions<_, _> = crate::dh_sessions();
+    let result = sessions
+        .with_acquire_established(claimed_sending_enclave_id, |channel| unsafe {
+            save_access_key_sealing(channel, encrypted_request)
+        })?;
+    result
+}
+
+/// This takes care of the sealing and unsealing.
+unsafe fn save_access_key_sealing(
+    channel: &mut ProtectedChannel,
+    encrypted_request: set_access_key::EncryptedRequest,
+) -> set_access_key::SetAccessKeyResult {
+    // Unseal the request
+    let (request, _sending_enclave_id) = unsafe {
+        sealing::rkyv_unseal_associated::<set_access_key::Request, sgx_enclave_id_t>(
+            channel,
+            encrypted_request,
+        )
+    }?;
+
+    let response = &save_access_key_impl(request);
+
+    // Seal the response
+    let sealed_response = sealing::rkyv_seal(channel, response)?;
+    Ok(sealed_response)
+}
diff --git a/rtc_auth_enclave/src/ecalls/save_access_key_impl.rs b/rtc_auth_enclave/src/ecalls/save_access_key_impl.rs
new file mode 100644
index 00000000..ec4de111
--- /dev/null
+++ b/rtc_auth_enclave/src/ecalls/save_access_key_impl.rs
@@ -0,0 +1,25 @@
+//! Implementation for [`crate::ecalls::save_access_key`]
+
+use std::println;
+
+use rtc_types::enclave_messages::set_access_key;
+use uuid::Uuid;
+
+use crate::token_store;
+
+pub(crate) fn save_access_key_impl(
+    set_access_key::Request {
+        uuid,
+        access_key,
+        unsealed_size,
+    }: set_access_key::Request,
+) -> set_access_key::Response {
+    // TODO: Pass dataset size
+    let success = token_store::save_access_key(Uuid::from_bytes(uuid), access_key, unsealed_size)
+        .map_err(|err| {
+            println!("token_store::save_access_key failed: {}", err);
+            err
+        })
+        .is_ok();
+    set_access_key::Response { success }
+}
diff --git a/rtc_auth_enclave/src/lib.rs b/rtc_auth_enclave/src/lib.rs
index 082446f4..f82067cd 100644
--- a/rtc_auth_enclave/src/lib.rs
+++ b/rtc_auth_enclave/src/lib.rs
@@ -3,6 +3,7 @@
 #![deny(unsafe_op_in_unsafe_fn)]
 #![deny(clippy::mem_forget)]
 
+mod ecalls;
 mod jwt;
 mod token_store;
 
diff --git a/rtc_auth_enclave/src/token_store.rs b/rtc_auth_enclave/src/token_store.rs
index 2923ddf0..68eaecae 100644
--- a/rtc_auth_enclave/src/token_store.rs
+++ b/rtc_auth_enclave/src/token_store.rs
@@ -71,7 +71,6 @@ fn kv_store<'a>() -> MutexGuard<'a, impl KvStore<ExecutionTokenSet, Error = io::
 /// # Panics
 ///
 /// If `dataset_uuid` already exists in the store. (This should not happen.)
-#[allow(dead_code)] // TODO
 pub(crate) fn save_access_key(
     dataset_uuid: Uuid,
     access_key: [u8; 24],
diff --git a/rtc_data_service/tests/ecalls/mod.rs b/rtc_data_service/tests/ecalls/mod.rs
index 4948a04c..caa3601f 100644
--- a/rtc_data_service/tests/ecalls/mod.rs
+++ b/rtc_data_service/tests/ecalls/mod.rs
@@ -2,3 +2,4 @@
 
 mod issue_execution_token;
 mod local_attestation;
+mod save_access_key;
diff --git a/rtc_data_service/tests/ecalls/save_access_key.rs b/rtc_data_service/tests/ecalls/save_access_key.rs
new file mode 100644
index 00000000..2cb92e94
--- /dev/null
+++ b/rtc_data_service/tests/ecalls/save_access_key.rs
@@ -0,0 +1,28 @@
+//! Test ECALL: `save_access_key`
+
+use rtc_types::byte_formats::rkyv_format;
+use rtc_types::enclave_messages::set_access_key;
+use sgx_types::sgx_enclave_id_t;
+
+use crate::helpers;
+
+#[test]
+fn save_access_key_smoke_test() {
+    let auth_enclave = helpers::init_auth_enclave();
+
+    let dummy_ciphertext = [123; set_access_key::REQUEST_SIZE];
+    let dummy_sending_enclave_id: sgx_enclave_id_t = 456;
+    let encrypted_request = set_access_key::EncryptedRequest {
+        tag: Default::default(),
+        ciphertext: dummy_ciphertext,
+        aad: rkyv_format::write_array(&dummy_sending_enclave_id).unwrap(),
+        nonce: Default::default(),
+    };
+    let result = auth_enclave.save_access_key(encrypted_request).unwrap();
+    let sealing_error = result.unwrap_err();
+
+    assert_eq!(
+        format!("{}", sealing_error),
+        "Failed to acquire ProtectedChannel: No active session for enclave ID 456"
+    )
+}
diff --git a/rtc_types/src/enclave_messages/ffi_set_access_key.rs b/rtc_types/src/enclave_messages/ffi_set_access_key.rs
index 2b445587..c307e761 100644
--- a/rtc_types/src/enclave_messages/ffi_set_access_key.rs
+++ b/rtc_types/src/enclave_messages/ffi_set_access_key.rs
@@ -22,7 +22,7 @@ pub const ARCHIVED_ENCLAVE_ID_SIZE: usize = 8;
 // (Keep these FFI type comments in sync between set_access_key and ffi_set_access_key, for diffing!)
 
 // FFI type: REQUEST_SIZE
-pub const SET_ACCESS_KEY_REQUEST_SIZE: usize = 40;
+pub const SET_ACCESS_KEY_REQUEST_SIZE: usize = 48;
 
 // FFI type: EncryptedRequest
 #[repr(C)]
diff --git a/rtc_types/src/enclave_messages/set_access_key.rs b/rtc_types/src/enclave_messages/set_access_key.rs
index dbd1215d..e2afa417 100644
--- a/rtc_types/src/enclave_messages/set_access_key.rs
+++ b/rtc_types/src/enclave_messages/set_access_key.rs
@@ -11,6 +11,9 @@ pub struct Request {
     //      It might make sense to conditionally export this as public.
     pub uuid: [u8; 16],       // TODO: Use UUID crate?
     pub access_key: [u8; 24], // [u8; ACCESS_KEY_BYTES]
+
+    /// Size of the dataset in bytes, to be cached alongside the UUID.
+    pub unsealed_size: u64,
 }
 
 #[derive(Archive, Deserialize, Serialize, Debug, PartialEq)]
@@ -48,6 +51,7 @@ mod test {
         let request = set_access_key::Request {
             uuid: [5u8; 16],
             access_key: [2u8; 24],
+            unsealed_size: 42,
         };
 
         let buf = rkyv_format::write_array(&request).unwrap();
diff --git a/rtc_uenclave/auth-sys/src/lib.rs b/rtc_uenclave/auth-sys/src/lib.rs
index 13234a1a..47b257db 100644
--- a/rtc_uenclave/auth-sys/src/lib.rs
+++ b/rtc_uenclave/auth-sys/src/lib.rs
@@ -1,5 +1,6 @@
 use rtc_ecalls::RtcEnclaveEcalls;
 use rtc_types::dh::*;
+pub use rtc_types::enclave_messages::ffi_set_access_key::*;
 use rtc_types::*;
 use rtc_udh;
 use sgx_types::*;
diff --git a/rtc_uenclave/src/enclaves/rtc_auth.rs b/rtc_uenclave/src/enclaves/rtc_auth.rs
index a1fd4552..6dd98ea7 100644
--- a/rtc_uenclave/src/enclaves/rtc_auth.rs
+++ b/rtc_uenclave/src/enclaves/rtc_auth.rs
@@ -1,6 +1,7 @@
 use std::borrow::Borrow;
 
 use auth_sys::AuthSys;
+use rtc_types::enclave_messages::set_access_key;
 use rtc_types::{EcallError, EncryptedMessage, ExecReqMetadata, ExecTokenError};
 use sgx_types::*;
 
@@ -50,6 +51,17 @@ where
         self.0.geteid()
     }
 
+    /// Save the generated access key for some data.
+    ///
+    /// This should be called from the data enclave with messages encrypted
+    /// using an established protected channel.
+    pub fn save_access_key(
+        &self,
+        encrypted_request: set_access_key::EncryptedRequest,
+    ) -> Result<set_access_key::SetAccessKeyResult, sgx_status_t> {
+        ecalls::save_access_key(self.0.geteid(), encrypted_request)
+    }
+
     /// Issues an execution token using the provided payload
     pub fn issue_execution_token(
         &self,
@@ -61,10 +73,34 @@ where
 }
 
 pub mod ecalls {
+    //! Rust-friendly wrappers for the Edger8r-generated untrusted ECALL bridge functions.
+
     use auth_sys::ffi;
+    use rtc_types::enclave_messages::{ffi_set_access_key, set_access_key};
     use rtc_types::*;
     use sgx_types::*;
 
+    /// Implement [`super::RtcAuthEnclave::save_access_key`].
+    ///
+    /// This takes care of converting between the [`set_access_key`] and [`ffi_set_access_key`] types.
+    pub(crate) fn save_access_key(
+        eid: sgx_enclave_id_t,
+        encrypted_request: set_access_key::EncryptedRequest,
+    ) -> Result<set_access_key::SetAccessKeyResult, sgx_status_t> {
+        let mut retval = ffi_set_access_key::SetAccessKeyResult::default();
+        let encrypted_request: ffi_set_access_key::SetAccessKeyEncryptedRequest =
+            encrypted_request.into();
+
+        // Safety: Copies ffi_set_access_key::SetAccessKeyResult into retval,
+        // but only valid for sgx_status_t::SGX_SUCCESS.
+        let status = unsafe { ffi::rtc_auth_save_access_key(eid, &mut retval, encrypted_request) };
+
+        match status {
+            sgx_status_t::SGX_SUCCESS => Ok(set_access_key::SetAccessKeyResult::from(retval)),
+            err => Err(err),
+        }
+    }
+
     pub fn issue_execution_token(
         eid: sgx_enclave_id_t,
         payload: &[u8],