Installation and usage of the platform

REST API: encryption and decryption methods

https://img.shields.io/badge/auth-required-orange.svg

REST API methods of the crypto group are provided to implement encryption methods.

The working principle of this group of methods is similar to the set gRPC-methods contract_crypto_service.proto.

POST /crypto/encryptSeparate

Encryption of data transmitted in the request, is performed with unique keys CEK separately for each recipient, each CEK is encrypted (wrapped) with a separate key KEK.

The following data are submitted in the query:

  • sender – data sender address;

  • password – password to the encrypted data;

  • encryptionText – data to be encrypted (as a string);

  • recipients_public_keys – public keys of the recipients participating in the network;

  • cryptAlgo – encryption algorithm in use. Available values:

    • gost-3412-2015-k;

    • aes.

Note

Since version 1.8 the encryption algorithm GOST 28147-89 (value gost-28147) is not supported.

If your network uses GOST encryption, only the gost-3412-2015-k algorithm is available to you. If GOST encryption is disabled, only the aes encryption algorithm is available.

Query example:

POST /crypto/encryptSeparate:
{
  "sender": "3MsHHc8LvyjPCKeSst9vsYcsHeQVzH6YJkL",
  "password": "",
  "encryptionText": "some string to encrypt",
  "recipientsPublicKeys": [
    "3MuNFC1Z8Tuy73pMzVUT6yowk4anWA8MNNE"
  ],
  "cryptoAlgo": "aes"
}

The response includes the following data for each recipient:

  • encrypted_data – encrypted data;

  • public_key – recipient public key;

  • wrapped_key – the result of key encryption for a recipient.

Response example:

POST /crypto/encryptSeparate:
{
 "encryptedText": "IZ5Kk5YNspMWl/jmlTizVxD6Nik=",
 "publicKey": "5R65oLxp3iwPekwirA4VwwUXaySz6W6YKXBKBRL352pwwcpsFcjRHJ1VVHLp63LkrkxsNod64V1pffeiZz5i2qXc",
 "wrappedKey": "uWVoxJAzruwTDDSbphDS31TjSQX6CSWXivp3x34uE3XtnMqqK9swoaZ3LyAgFDR7o6CfkgzFkWmTen4qAZewPfBbwR"
},

POST /crypto/encryptCommon

Encryption of data transmitted in the request with a single CEK key for all recipients, each CEK key is encrypted (wrapped) with a separate KEK key for each recipient.

The POST /crypto/encryptCommon request contains data similar to the POST /crypto/encryptSeparate request.

The response includes the following data for each recipient:

  • encrypted_data – encrypted data;

  • recipient_to_wrapped_structure – a structure in the “key : value” format containing the public keys of the recipients with the corresponding key encryption results for each of them.

Response example:

POST /crypto/encryptCommon:
{
  "encryptedText": "NpCCig2i3jzo0xBnfqjfedbti8Y=",
  "recipientToWrappedStructure": {
    "5R65oLxp3iwPekwirA4VwwUXaySz6W6YKXBKBRL352pwwcpsFcjRHJ1VVHLp63LkrkxsNod64V1pffeiZz5i2qXc":
  "M8pAe8HnKiWLE1HsC1ML5t8b7giWxiHfvagh7Y3F7rZL8q1tqMCJMYJo4qz4b3xjcuuUiV57tY3k7oSig53Aw1Dkkw",
    "9LopMj2GqWxBYgnZ2gxaNxwXqxXHuWd6ZAdVqkprR1fFMNvDUHYUCwFxsB79B9sefgxNdqwNtqzuDS8Zmn48w3S":
  "Doqn6gPvBBeSu2vdwgFYMbDHM4knEGMbqPn8Np76mNRRoZXLDioofyVbSSaTTEr4cvXwzEwVMugiy2wuzFWk3zCiT3"
   }
  }

POST /crypto/decrypt

Decryption of data encrypted with the cryptographic algorithm used by the network. Decryption is possible if the recipient’s key is in the keystore of the node.

The following data are submitted in the query:

  • recipient – recipient’s public key from the node keystore;

  • password – password to the encrypted data;

  • encryptedText – encrypted string;

  • wrapped_key – the result of key encryption for the recipient;

  • senderPublicKey – data sender public key;

  • cryptAlgo – encryption algorithm in use. Available values:

    • gost-3412-2015-k;

    • aes.

Note

Since version 1.8 the encryption algorithm GOST 28147-89 (value gost-28147) is not supported.

If your network uses GOST encryption, only the gost-3412-2015-k algorithm is available to you. If GOST encryption is disabled, only the aes encryption algorithm is available.

Query example:

POST /crypto/decrypt:
{
  "recipient": "3NkZd8Xd4KsuPiNVsuphRNCZE3SqJycqv8d",
  "password": "12345qwert",
  "encryptedText": "t859AE7idnjPpn3lUiorfzSGwcGPMVdOhQe1HAhoI0MOXOQPBc8TUhn+8pKRCL8evH2Ra9Vc",
  "wrappedKey": "2nfob2yW76xj2rQBWZkzFD2UjYymWqQUCpFqbSWQiSYnuaw6DZoAde8KsTCMxPFVHA",
  "senderPublicKey": "CgqRPcPnexY533gCh2SSvBXh5bca1qMs7KFGntawHGww",
  "cryptoAlgo": "aes"
}

The decryptedText field, which contains the decrypted string, arrives in response to the request.

Response example:

POST /crypto/decrypt:
{
"decryptedText": "some string for encryption",
}
See also