Encrypt the SDK result

Note: Encryption is supported only for the "Enrollment Flow" and "Lookup Flow" result.

In addition to digitally signing the result to preserve the integrity of the data we do support encryption as well to preserve confidentiality. In order to enable encryption we need the PEM encoded version of your public key. The public key will be associated with your client id; therefore we will need a public key for the test environment and one public key for the production environment. We do support public key encryption using RSA and Elliptic Curve. Please find below an example on how to generate a PEM encoded public key.

RSA:

$ openssl genrsa 2048 > rsa2048-private-key.pem
$ openssl rsa -in rsa2048-private-key.pem -outform PEM -pubout -out rsa2048-public-key.pem
$ cat rsa2048-public-key.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtG+qxZu5v6XrAMdLt4xx
1GP/rtG/wV35cQvu4rk0ZQ+3Sdde5NkfIy+PKyFnYZm2Qfv6rBXbNWVDHsO5pVcP
Y9d2TjP37+nHPJSnTnUOkM/9Cu7sUqRiuFFOOWcHOUOg2uYSyjjTavcsMbHEiQjD
DqlSQFErCbrFSdEe+rxDNAWy/PaZF6ONzO3DnpskC6zqJ2vQbLwFPsDjoUB+yU2o
hAKsDPrk16Jl1ofRgesaEVUAQQISC76kimjox9FZqAZM6YuaV8h/THN0BWKDQp3p
0TePvvWMI3vhxEepLGmAClBslTJnZ7j3wqxenIGkFE+ffiz+3qvmacsdaZ+LUVJr
RQIDAQAB
-----END PUBLIC KEY-----

EC:

$ openssl ecparam -genkey -name prime256v1 -noout -out ec256-private-key.pem
$ openssl ec -in ec256-private-key.pem -pubout -out ec256-public-key.pem
$ cat ec256-public-key.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+ECRKax4Z+wUfZXDRVYZA3gldcFo
gWsn0qPpaUmYHg6hhMZVtlgjP6JdAHBv2NpZz+UEie99lasLCwYoHKSjwA==
-----END PUBLIC KEY-----

PreviousDownload a Resource NextSecurity & Best Practices

Last updated 2 years ago

Was this helpful?