POST /encryptions
Channel
, you must upload an Encryption
object to the server. At any time, the decryptor can retrieve the Encryption
object using the hash of the token value, which acts as an identifier of the channel. The decryptor may choose to retrieve the Encryption
object immediately in order to independently store the encrypted values, or may only do so when a decryption is requested. In any case, no decryption can occur unless the decryptor has posted a data request and sufficient trustees and validators have responded. Read the code samples section for details and information about how to construct Encryption
objects.Encryption
object securely in some use cases (Find-me, for example), you can send a channel key along with this request. This ensures only you who has the private key counterpart of the channel key can change the Encryption
object in this channel.channelKey
GET /encryptions/{token-hash}/status
encryption
, namely whether or not the data has been requested by the decryptor. If a request has been made, then this status also gives which trustees and validators have responded to the data request. This information is retrieved and provided by the PAD server. To eliminate the need to trust the PAD service, this data should be checked for consistency with trustee attestations of the ledger state.GET /encryptions/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/status
Encryption
.ok
encryptionStatus
requested
PUT /encryptions/{token-hash}
Encryption
after establishing an encryption channel.Encryption
object with the channel private key.PUT /encryptions/d033713dd14552c060c55746afdb989cfee8e624ae94a932d79fd25630f728a4
Encryption
is successfully updated.[a-zA-Z0-9-_]{3,30}
[a-zA-Z0-9-_]{3,30}
Encryption
is identified by tokenHash
and the instance in which it lives. It contains the ciphertext encrypted by both the decryptor's key and a fresh symmetric key k
. It also contains the encrypted shares of k
for the trustees and validators. For more details, read the code samples page.description
trusteeId
]encrypted
validatorId
]/[0-9a-fA-F]{64}/
Trustee
) and its public keys.fullName
/Trustee-[0-9a-zA-Z_]+/
role
encryptionKey
verificationKey
Trustee
Validator
) and its public keys.fullName
/Validator-[0-9a-zA-Z_]+/
encryptionKey
verificationKey
Validator
t
tPrime
ok
message
encryption
. The decryptor posts it on the ledger at data request stage./[0-9a-fA-Z]{32}/
.
) or dashes (-
). It must start with a lowercase letter./[a-z][a-z0-9.-]{3,29}/