Authenticated Data Encryption
This guide is a short tutorial on how to sign then encrypt data with Virgil Security.
This process is called Authenticated Data Encryption. It is a form of encryption which simultaneously provides confidentiality, integrity, and authenticity assurances on the encrypted data. During this procedure you will sign then encrypt data using Alice’s Virgil KeyThe Virgil Key is a wrapper of the user's secure Private Key more ..., and then Bob’s Virgil CardEach Card contains attributes associated with the holder of the Private key and are used to prove the ownership of a Public key more .... In order to do this, Alice’s Virgil Key must be loaded from the appropriate storage location, then Bob’s Virgil Card must be searched for, followed by preparation of the data for transmission, which is finally signed and encrypted before being sent.
Set up your project environment before you begin to work, with the getting started guide.
The Authenticated Data Encryption procedure is shown in the figure below.
In order to signA Digital Signature can be used with any kind of message, so the receiver can be sure of the sender's identity and that the message arrived intact more ... and encryptEncryption is the process of encoding a message or information in such a way, that only authorized parties can access it more ... a message, Alice has to have:
- Her Virgil Key
- Bob's Virgil Card
Let's review how to sign and encrypt data:
- Developers need to initialize the Virgil SDKThe SDK helps take tedious complexity out of coding by providing APIs for all of Virgil Services.:
$virgilApi = VirgilApi::create('[YOUR_ACCESS_TOKEN_HERE]');
- Alice has to:
- Load her Virgil Key from secure storage defined by default;
- Search for Bob's Virgil Cards on Virgil ServicesVirgil Services is a group of cryptographic services that make up the Virgil Security infrastructure more ...;
- Prepare a message for signature and encryption;
- Encrypt and sign the message for Bob.
// load Alice's Key from storage
$aliceKey = $virgilApi->Keys->load('[KEY_NAME]', '[KEY_PASSWORD]');
// search for Bob's Cards
$bobCards = $virgilApi->Cards->find(['bob']);
$message = 'Hey Bob, how's it going?';
// sign by Alice's key and then encrypt message for found Bob's Cards
$cipherText = $aliceKey->signThenEncrypt($message, $bobCards)->toBase64();
To load a Virgil Key from a specific storage, developers need to change the storage path during Virgil SDK initialization.
In many cases you will need the receiver's Virgil Cards. See Finding Cards guide to find them.