Installation and usage of the platform

gRPC: encryption and decryption methods

The gRPC interface of the node provides the ability to encrypt arbitrary data using the encryption algorithms of the Waves Enterprise blockchain platform, as well as to decrypt them. For this purpose, a set of requests described in the contract_crypto_service.proto file is provided:

  • EncryptSeparate – encryption of data with unique CEK keys separately for each recipient, each CEK is encrypted (wrapped) with a separate KEK key;

  • EncryptCommon – data encryption with a single CEK key for all recipients, each CEK key is encrypted (wrapped) with a separate KEK key for each recipient;

  • Decrypt – data decryption.

Important

The field data types for the request and response are specified in the protobuf files.

Hint

Decryption of data is possible if the recipient’s key is in the keystore of the node.

Encryption queries and responses

The EncryptSeparate and EncryptCommon queries require the following data:

  • sender – data sender address;

  • password – password to the encrypted data;

  • encryption_data – data to be encrypted (as an array of bytes in base64 encoding);

  • recipients_public_keys – public keys of the recipients participating in the network;

  • crypto_algo – cryptographic algorithm in use. Available values:

    • 1 – GOST 28147-89;

    • 2 – GOST 34.12-2015;

    • 3 – AES.

The response to the EncryptSeparate request includes the following data for each recipient:

  • encrypted_data – encrypted data;

  • public_key – recipient public key;

  • wrapped_key – result of key encryption for a recipient.

In response to the EncryptCommon query the following data is received:

  • encrypted_data – encrypted data;

  • recipient_to_wrapped_structure – a structure in the “key : value” format containing the public keys of the recipients with the corresponding key encryption results for each of them.

Decryption query and response

When Decrypt is requested, the following data is entered:

  • recipient – recipient’s public key from the node keystore;

  • password – password to the encrypted data;

  • encrypted_data – encrypted data;

  • wrapped_key – result of key encryption for a recipient;

  • sender_public_key – the public key of the data sender;

  • crypto_algo – cryptographic algorithm in use. Available values:

    • 0 – the algorithm is unknown;

    • 1 – GOST 28147-89;

    • 2 – GOST 34.12-2015;

    • 3 – AES.

In response to the Decrypt query, the decrypted_data field is received, containing the decrypted data in the form of an array of bytes in base64 encoding.

See also