Skip to main content

File Encryption (ECIES)

ECIES is a hybrid encryption scheme which allows to encrypt data to an ECC public key but using symmetric cryptography for encryption and authentication. The symmetric keys are derived from the receiver's public key and an ephemeral private key of the sender with an ECDH agreement. The ephemeral key pair is used only for a single message: its private key will be deleted after encryption and the ephemeral public key is part of the cryptogram such that the receiver can perform the same ECDH agreement and get the same shared symmetric keys.

The REST_API license is required to use ECIES.

Create EC Key

POST: /v1/key

Description: Create a Ec Key request

Replace <keyname>.

{
"label": "<keyname>",
"algorithm": "EC",
"curveOid": "1.3.132.0.34",
"attributes": {
"decrypt": true,
"verify": false,
"sign": false,
"wrap": false,
"unwrap": false,
"derive": true,
"bip32": false,
"extractable": false,
"modifiable": true,
"destroyable": true,
"sensitive": true
},
"policy": null
}

Encrypt a file

POST: /v1/fileEncrypt

Replace <keyname>

{
"fileEncryptRequest": {
"encryptKeyName": "<keyName>"
}
}

Decrypt a file

POST: /v1/synchronousFileDecrypt

Replace <keyname>

{
"fileDecryptRequest": {
"decryptKeyName": "<keyname>"
}
}