Authenticated Data Decryption
This guide is a short tutorial on how to decrypt and then verify data with Virgil Security.
This process is called Authenticated Data Decryption. During this procedure you will work with data that is already both encrypted and signed, and then decrypt and verify the data. A recipient uses their to decrypt the data, which is followed by using the Sender’s to verify the integrity of the data.
Set up your project environment before you begin to work, with the getting started guide.
The Authenticated Data Decryption procedure is shown in the figure below.
In order to decrypt and verify the message, Bob has to have:
- His Virgil Key
- Alice's Virgil Card
Let's review how to decrypt and verify data:
- Developers need to initialize the
api, err := virgilapi.New("[YOUR_ACCESS_TOKEN_HERE]")
- Then Bob has to:
- Load his own Virgil Key from secure storage, defined by default
- Search for Alice's Virgil Card on
- Decrypt the encrypted message using his Virgil Key and verify it using Alice's Virgil Card
// load a Virgil Key from device storage
bobKey, err := api.Keys.Load("[KEY_NAME]", "[OPTIONAL_KEY_PASSWORD]")
// get a sender's Virgil Card
aliceCard, err := api.Cards.Get("[ALICE_CARD_ID]")
// decrypt the message
originalMessageBuf, err := bobKey.DecryptThenVerify(ciphertext, aliceCard)
originalMessage := originalMessageBuf.ToString()
To load a Virgil Key from a specific storage, developers need to change the storage path during Virgil SDK initialization.
To decrypt data, you will need Bob's stored Virgil Key. See the Storing Keys guide for more details.