An access token provides authenticated and secure access to Virgil Security services. The access token also allows the API to associate your app requests with your Virgil Security Developer’s account.
An ID used to compare a confirmation code with a related validation action.
This is a Private Key, that is generated in pair with a Public Key, which is part of an App's Card. During Key Pair generation at the Virgil Development Portal, the App Key is encrypted with an additional password.
The App Key has a DER format.
This is an identifier, which uniquely identifies an Application at Virgil Services.
During Application Registration at the Virgil Development Portal, the App ID is created on the App's Virgil Card. The Card has its own ID, which is also the App ID
The process of utilizing cryptographic Digital Signatures to prove the integrity and origin of data. By using a Virgil Key to sign data before transmission, a recipient is able to determine exactly who sent the message and if any part of the message was tampered with.
The process of encrypting and then signing data using the Sender’s Virgil Key and the Recipient’s Virgil Card. In order to do this, the Sender’s Virgil Key must be loaded from the appropriate storage, then the Recipient’s Virgil Card must be searched for, followed by preparation of the data for transmission, which is finally signed and encrypted before being sent.
Authenticated Decryption - the process of taking data that is already both encrypted and signed, and then decrypting and verifying the data. A recipient uses their Virgil Key to decrypt the data, which is followed by using the Sender’s Virgil Card to verify the integrity of the data.
Applying an encryption algorithm (or cipher) to some plaintext results in the creation of a Ciphertext. The Ciphertext is encoded information that contains an encrypted form of the plaintext, but is unreadable to any human or computer without the proper Decryption Algorithm, which is based on a private key.
Command Line Interface (CLI)
A program and command line tool for utilizing Virgil Services. The CLI can be used for a variety of actions on Virgil Services including, generating keys, retrieving keys, key search, key revocation, data encryption and decryption, data signature and verification, etc. The CLI is available for both Mac OS and Linux platforms.
A code used to confirm ownership of a global identifier, such as an email or phone number.
An identity which has passed both
confirm actions by the Identity service.
Unconfirmed Identity - An identity which hasn't passed the verify and confirm actions by the Identity service.
Count to Live (CTL)
This parameter is used to restrict the number of confirmation token usages (maximum value is 100). The
count_to_live default value is 1.
A library of API function calls and cryptographic algorithms, used by developers to implement cryptography into their software. Virgil consists of an open-source encryption library, which implements Cryptographic Message Syntax (CMS) and Elliptic Curve Integrated Encryption Scheme (ECIES) (including RSA schema), a Key Management API, and a cloud-based Key Management Service (Virgil Keys).
The ability to ensure and maintain that some data has a known sender (one who cannot deny having sent the data) and has not been altered over its life-cycle. Data integrity is meant to safeguard data from any unintended changes to it as a result of storage, processing, transmission, malicious intent, or human error. Proper data integrity measures ensure that the data is accurate, consistent, and has a verifiable origin. It is vital to any system that sends or receives data, where privacy is concerned.
The process of taking encrypted information or ciphertext and converting it back into plaintext or an unencrypted form. This can only be done with the appropriate decryption algorithm and the associated private key, whose pair is the public key that encrypted the data in the first place.
A private cryptographic key that is used to turn related ciphertext into plaintext. The decryption key serves as a parameter for the cryptographic algorithm used in decrypting some data. Decryption keys are easy to keep secret and secure. It’s also easy to change or revoke a key should it become compromised.
Signature is a mathematical scheme for demonstrating the authenticity of digital messages, requests etc. A valid digital signature gives a recipient reason to believe the following; that the message was created by a known sender, that the sender cannot deny having sent the message, and that the message was not altered in transit. It can be used with any kind of message - whether it is encrypted or not.
A truly secure computing environment would not be complete without the use of encryption technology. The term encryption refers to the practice of obscuring the meaning of some information by encoding it in such a way that it can only be decoded, read and understood by people for whom the information is intended. Encryption is more than just obfuscation. It allows people to communicate freely and out in the open, with virtually no chance for unauthorized entities to steal, spy, or tamper with your data.
Encryption can be used to provide the highest levels of security to network communications, e-mails, files stored in the cloud, and other data that requires protection.
When two parties desire to communicate without some third-party knowing. This communication must not be able to be read or understood by any unauthorized party, leading to the need to use a cipher and/or code. Encrypted communication can be achieved through cryptographic means, which require the use of information based keys to encrypt and later decrypt some message.
The storage of data that is technically out in the open for anyone to access but unable to be read or understood by anyone except the holders of the appropriate cryptographic keys. Encryption must be end-to-end for any data to be stored safely.
Encrypting for Multiple Recipients
Encryption requires the Virgil Card of the recipient, so that only the recipient’s Virgil Key can decrypt the message. For multiple recipients, the sender must have the Virgil Card of every recipient they intend to send a message to. The sender can find Virgil Cards for each recipient using Virgil Services, which they can then use to encrypt a message for each recipient, that can only be decrypted on an individual basis.
The way in which plaintext is turned to ciphertext, or any kind of data is changed to a format that cannot be read with the proper Decryption Key and Decryption Algorithm. An encryption algorithm should be designed so that the ciphertext yields no information about the original plaintext. Virgil’s encryption framework (ISO 18033-2, SECG SEC1) is secure against Chosen-Ciphertext Attacks, which attempt to decipher encrypted data by trying many different decryption algorithms and reading their plaintext output.
A random string of data that is used to turn plaintext into ciphertext, or scramble information and make it unreadable to anyone without the proper decryption key and algorithm. The key acts as a parameter for the encryption algorithm used, and determines its output. Virgil uses state of the art cryptographic functions to generate, derive, and exchange keys that are unpredictable, unique, and long enough to withstand even the most powerful attacks.
Global Virgil Card
A Virgil Card is the primary entity of the Public Keys Service, it includes information about the user and their public key. The Virgil Card identifies a user by one of their available types, such as an email, a phone number, etc. Global Cards are created with the validation token received after verification through Virgil Identity Service. Any developer with a Virgil account can create a Global Virgil Card. Virgil Identity Service ensures the user that the account, with a particular email, has been verified and that the email owner is also the Identity owner.
A mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size.
Virgil empowers developers with the ability to specify and maintain their own key storage, while also offering secure key storage in the cloud, through Virgil Key Services. Virgil Security maintains separate Key Services for Private and Public Keys, while also providing the tools needed to secure private keys locally.
The ability to log into applications or systems without the need for a password, by using Virgil Services to generate encrypted challenges and responses that can only be passed with the appropriate cryptographic keys. When an app receives permission to authorize users with a Virgil account, it can request authorization from Virgil Security when a user wants to log in without a password. Virgil verifies whether the app is trusted and receives user’s private key for further access to the system. If the key is correct, Virgil authenticates the user and returns an authorization code to the app. The app then receives an authentication token which allows for a unique and secure data transmission of the rest of the user details required to grant access to the application. This allows authorized users to access the application without a password, while maintaining a higher standard of security.
A mechanism that produces a set of keys from keying material and some optional parameters.
Unencrypted data or text. This also refers to encrypted data that has already been decrypted. Plaintext can be read and understood without any kind of cipher or decryption key, has no special formatting, and is not tagged for any kind of security measure.
Private keys should never be stored verbatim or in plain text on a local computer. If you need to store a private key, you should use a secure key container, which will depend on your platform of choice. You also can use the Virgil Keys Service to store and synchronize private keys. This will allow you to easily synchronize private keys between clients’ devices and their applications.
Private Key Password
A password set for a private key adds an additional security stage and prevents any data leakage after the private key has been compromised. It is optional but highly recommended to set a private key password.
A cryptographic key that can be obtained by anyone and used to encrypt data that can only be decrypted by its associated Private Key. A Public Key cannot be used to create a secure digital signature, but it can be used to verify the digital signature of any data signed with its matching Private Key. The Public Key is generated at the same time as its associated Private Key and cannot be used to derive said Private Key.
An Identifier of a recipient's Virgil Card.
Random data that is used as additional input for a hash function.
Time to Live (TTL)
This parameter is used to limit the lifetime of a confirmation token in seconds (maximum value is
60 * 60 * 24 * 365 = 1 year). Default
time_to_live value is 3600.
A type of Identity which is validated using a concatenated type and value of the Identity, signed by the application's private key.
A validation token is used to prevent unauthorized card registration. The validation token is generated based on the Application's Private Key and Client Identity. The global ValidationToken is used for creating global Cards. The global ValidationToken can be obtained only by checking the ownership of the Identity on the Virgil Identity Service. The private ValidationToken is used for creating Private Cards. The private ValidationToken can be generated on the developer’s side, using their own service for verification, instead of the Virgil Identity Service. Developers can also completely avoid verification, by generating a validation token using the app’s Private Key created on our Developer portal.
The Virgil Card is the main entity of Virgil Services. Every user/device is represented with a Virgil Card which contains all the necessary information to identify them. Users will also need their Virgil Card to obtain their Virgil Key for further cryptographic operations.
The Virgil Key is a Private Key, which never leaves its device. The Virgil Key allows only those who hold it to sign and decode a message.
The Virgil Key has a DER format.
Virgil Card ID
A unique identifier of a Virgil Card. Virgil Card receives its ID after its publication on Virgil Services. It is used for every operation with Virgil Cards.
Each Virgil Card is created by passing the content snapshot, which contains all data related to the Virgil Card, and is represented as a JSON. This JSON representation will be used to calculate the Virgil Card's Fingerprint. If you convert the Fingerprint to its hexadecimal representation, it will return the Virgil Card's ID.