Authenticated Data Encryption
This guide is a short tutorial on how to sign then encrypt data with Virgil Security.
This process is called Authenticated Data Encryption. It is a form of encryption which simultaneously provides confidentiality, integrity, and authenticity assurances on the encrypted data. During this procedure you will sign then encrypt data using Alice’s , and then Bob’s . In order to do this, Alice’s Virgil Key must be loaded from the appropriate storage location, then Bob’s Virgil Card must be searched for, followed by preparation of the data for transmission, which is finally signed and encrypted before being sent.
Set up your project environment before you begin to work, with the getting started guide.
The Authenticated Data Encryption procedure is shown in the figure below.
In order to and a message, Alice has to have:
- Her Virgil Key
- Bob's Virgil Card
Let's review how to sign and encrypt data:
- Developers need to initialize the :
api, err := virgilapi.New("[YOUR_ACCESS_TOKEN_HERE]")
- Alice has to:
- Load her Virgil Key from secure storage defined by default;
- Search for Bob's Virgil Cards on ;
- Prepare a message for signature and encryption;
- Encrypt and sign the message for Bob.
// load a Virgil Key from device storage
aliceKey, err := api.Keys.Load("[KEY_NAME]", "[OPTIONAL_KEY_PASSWORD]")
// search for Virgil Cards
bobCards, err := api.Cards.Find("bob")
// prepare the message
message := "Hey Bob, how's it going?"
// sign and encrypt the message
ciphertextBuf, err := aliceKey.SignThenEncryptString(message, bobCards...)
ciphertext := ciphertextBuf.ToBase64String()
To load a Virgil Key from a specific storage, developers need to change the storage path during Virgil SDK initialization.
In many cases you will need the receiver's Virgil Cards. See Finding Cards guide to find them.