Installation and usage of the platform

REST API: encryption and decryption methods

https://img.shields.io/badge/auth-required-orange.svg

REST API methods of the crypto group are provided to implement encryption methods.

The working principle of this group of methods is similar to the set gRPC-methods contract_crypto_service.proto.

POST /crypto/encryptSeparate

Encryption of data transmitted in the request, is performed with unique keys CEK separately for each recipient, each CEK is encrypted (wrapped) with a separate key KEK.

The following data are submitted in the query:

  • sender - an address of data sender;

  • password - password to the encrypted data;

  • encryptionText - data to be encrypted (as a string);

  • recipients_public_keys - public keys of the recipients participating in the network;

  • crypto_algo - encryption algorithm in use. Available values: gost-28147; gost-3412-2015-k; aes.

If your network uses GOST encryption, only the algorithms gost-28147 and gost-3412-2015-k are available to you. If GOST encryption is disabled, only the aes encryption algorithm is available.

Query example:

The response includes the following data for each recipient:

  • encrypted_data - encrypted data;

  • public_key - recipient public key;

  • wrapped_key - result of key encryption for a recipient.

Response example:

POST /crypto/encryptCommon

Encryption of data transmitted in the request with a single CEK key for all recipients, each CEK key is encrypted (wrapped) with a separate KEK key for each recipient.

The POST /crypto/encryptCommon request contains data similar to the POST /crypto/encryptSeparate request.

The response includes the following data for each recipient:

  • encrypted_data - encrypted data;

  • recipient_to_wrapped_structure - a structure in the “key : value” format containing the public keys of the recipients with the corresponding key encryption results for each of them.

Response example:

POST /crypto/decrypt

Decryption of data encrypted with the cryptographic algorithm used by the network. Decryption is possible if the recipient’s key is in the keystore of the node.

The following data are submitted in the query:

  • recipient - recipient’s public key from the node keystore;

  • password - password to the encrypted data;

  • encryptedText - encrypted string;

  • wrapped_key - result of key encryption for a recipient;

  • senderPublicKey – a public key of data sender;

  • crypto_algo - encryption algorithm in use. Available values: gost-28147; gost-3412-2015-k; aes.

If your network uses GOST encryption, only the algorithms gost-28147 and gost-3412-2015-k are available to you. If GOST encryption is disabled, only the aes encryption algorithm is available.

Query example:

The decryptedText field, which contains the decrypted string, arrives in response to the request.

Response example: