Installation and usage of the platform

REST API: encryption and decryption methods

https://img.shields.io/badge/auth-required-orange.svg

The REST API interface of the node provides the methods to encrypt arbitrary data using the encryption algorithms of the Waves Enterprise blockchain platform, as well as to decrypt them. For this purpose, methods of the crypto group are provided:

  • encryptSeparate – encryption of data transmitted in the request is performed with unique CEK keys separately for each recipient, each CEK is encrypted (wrapped) with a separate KEK key.

  • EncryptCommon – encryption of data transmitted in the request with a single CEK key for all recipients, each CEK key is encrypted (wrapped) with a separate KEK key for each recipient.

  • Decrypt – data decryption.

Important

The crypto/encryptCommon, crypto/encryptSeparate, crypto/decrypt methods are not available when PKI is used, that is, when the node configuration file parameter node.crypto.pki.mode is set to ON. The methods can be used in PKI test mode (node.crypto.pki.mode = TEST) or with PKI disabled (node.crypto.pki.mode = OFF).

POST /crypto/encryptSeparate

Encryption of data transmitted in the request, is performed with unique keys CEK separately for each recipient, each CEK is encrypted (wrapped) with a separate key KEK.

The following data are submitted in the query:

  • sender – data sender address;

  • password – password to the encrypted data;

  • encryptionText – data to be encrypted (as a string);

  • recipients_public_keys – public keys of the recipients participating in the network;

  • cryptAlgo – encryption algorithm in use. Available values:

    • gost-3412-2015-k;

    • aes.

Note

Since version 1.8 the encryption algorithm GOST 28147-89 (value gost-28147) is not supported.

If your network uses GOST encryption, only the gost-3412-2015-k algorithm is available to you. If GOST encryption is disabled, only the aes encryption algorithm is available.

Query example:

The response includes the following data for each recipient:

  • encrypted_data – encrypted data;

  • public_key – recipient public key;

  • wrapped_key – the result of key encryption for a recipient.

Response example:

POST /crypto/encryptCommon

Encryption of data transmitted in the request with a single CEK key for all recipients, each CEK key is encrypted (wrapped) with a separate KEK key for each recipient.

The POST /crypto/encryptCommon request contains data similar to the POST /crypto/encryptSeparate request.

The response includes the following data for each recipient:

  • encrypted_data – encrypted data;

  • recipient_to_wrapped_structure – a structure in the “key : value” format containing the public keys of the recipients with the corresponding key encryption results for each of them.

Response example:

POST /crypto/decrypt

Decryption of data encrypted with the cryptographic algorithm used by the network. Decryption is possible if the recipient’s key is in the keystore of the node.

The following data are submitted in the query:

  • recipient – recipient’s public key from the node keystore;

  • password – password to the encrypted data;

  • encryptedText – encrypted string;

  • wrapped_key – the result of key encryption for the recipient;

  • senderPublicKey – data sender public key;

  • cryptAlgo – encryption algorithm in use. Available values:

    • gost-3412-2015-k;

    • aes.

Note

Since version 1.8 the encryption algorithm GOST 28147-89 (value gost-28147) is not supported.

If your network uses GOST encryption, only the gost-3412-2015-k algorithm is available to you. If GOST encryption is disabled, only the aes encryption algorithm is available.

Query example:

The decryptedText field, which contains the decrypted string, arrives in response to the request.

Response example: