Any data stored in the blockchain or off-chain is readable for the world. So it is essential that any data stored is either hashed or encrypted.
Elliptic Curve Public/Private Key Encryption requires the creation of a so called “SharedSecrect“. This is calculated with the own private key and the public key of the other end. As Blockchains usually do not public the public keys but only the hashes of a public key you need publish your public key manually in order to exchange encrypted data with other parties.
That is done with the function PublishMyPublicKey of the Identity Namespace. If you do not want to publish your key to the world but only to people knowing your Self-Sovereign Identity you need to use the optional parameter: optionalSSIAddress.
Note: With GetPublicKey you can lookup any published public key.
Encrypt Function
The Encrypt Function of the Identity Namespace requires 4 parameter.
PlainData: The data to be encrypted.
ChainAddress: Your blockchain address.
Password: Your password to unlock your private key.
OtherPublicKey: The public key of the other party. If left empty your own public key will be used and the encrypted data is only readable by yourself. If instead of a public key a blockchain address is used the node will automatically try to lookup the right public key (if published).
Note: The resulting encrypted data can be send to the other party manually via email, messenger, etc. or fully automatic via our various blockchain functions.
EncryptSign
The EncryptSign function additionally digitally signs the encrypted data and returns a comma separated HEX value whereby the first value is the encrypted data and the second value the digital signature. This return package can then decrypted with DecryptSignedData without having to know the sender address or public key.
Note: EncryptSign and DecryptSignedData work ONLY if both parties published their public keys!
Decrypt Function
If you receive encrypted data you need access to your private key and the public key of the sender. If you do not know the public key you can look it up with the function GetPublicKey. As this function requires the sender address the sender of encrypted data should consider to digitally sign the encrypted data as the address can be recovered from the signature.
The decrypt function requires 4 parameter as well.
EncryptedDataHEX: The encrypted data in hex format.
ChainAddress: Your blockchain address.
Password: Your password to unlock your private key.
OtherPublicKey: The public key of the sender. If left empty your own public key will be used. If instead of a public key a blockchain address is used the node will automatically try to lookup the right public key (if published).