Role-Based Encryption

This guide shows how to provide access for a group of users with the same role (for example, doctor) to specific data. PureKit provides you with the functionality to encrypt data for a role, where each role has its own data encryption key that is shared between its participants.

Create role

To create a specific role use the createRole function.

While creating a role, it is required to have at least one existing user that will be related to this role, otherwise, you can assign this role to an admin.

pure.createRole("Doctor", doctorAdminUserId);

In this example, doctorAdminUserId is the ID of the first user who this role will be assigned to.

Assign role

To assign a specific role to a user use the assignRole function.

This function allows you to share access to the data shared with a specific role with every newly assigned role member.

pure.assignRole("Doctor", doctorAdminGrant, someDoctorUserId);

In this example, doctorAdminGrant is the user Grant of the role admin. Learn more about Pure Grant in this article.

In case if the role is taken away from a user, they also lose access to the data shared for this role.

Encrypt data for specific role

Now when you need to encrypt some data for specific role(s), create a list of roleName(s) of the roles you want to encrypt for. Then, pass the list to the encrypt function:

byte[] cipherText = pure.encrypt(userId1, dataId, Collections.emptySet(), Collections.singleton(roleName), Collections.emptyList(), text);

Decrypt data for specific role

To decrypt data encrypted for a specific role, use the decrypt function. The user will be able to decrypt the data if they are assigned with the role that the data was encrypted for:

byte[] plainText = pure.decrypt(authResult.getGrant(), dataId, cipherText);