Get Started with PureKit

This guide is the first step to adding password-hardened encryption to your database. Here you can learn how to set up PureKit at your backend to protect your users's passwords and data.

For more details about password-hardened encryption (PHE), take a look at our overview here.

Install and configure PureKit

Install PureKit package

Use your package manager to download PureKit into your backend.

The PureKit .NET SDK is provided as a package named PureKit and distributed via NuGet package management system The package is available for .NET Framework 4.5 and newer.

Install the PureKit .NET SDK package using Package Manager Console:

PM > Install-Package Virgil.PureKit -Version 2.0.0

Configure PureKit

Navigate to Virgil Dashboard, create a new Pure application and configure PureKit framework with your application credentials:

using Virgil.PureKit; // here set your PureKit credentials var context = ProtocolContext.Create( appToken: "AT.OSoPhirdopvijQlFPKdlSydN9BUrn5oEuDwf3Hqps", servicePublicKey: "PK.1.BFFiWkunWRuVMvJVybtCOZEReUui5V3NmwY21doyxoFlurSYEo1fwSW22mQ8ZPq9pUWVm1rvYhF294wstqu//a4=", appSecretKey: "SK.1.YEwMBsXkJ5E5Mb9VKD+pu+gRXOySZXWaRXvkFebRYOc=" ); var protocol = new Protocol(context);

Prepare your database

A Pure record is a user password that is protected with our PureKit technology. A Pure Record contains the version, client & server random salts, and two values obtained during the execution of the PHE protocol.

In order to create and work with a user's record, you need to add an additional column to your database table.

The column must have the following parameters:

ParametersTypeSize (bytes)Description
recordbytearray210A unique Pure record, namely a user's protected password.

Generate a recovery key pair (optional)

To be able to move away from Pure without having to put your users through registering again, or just to be able to recover data that your users may lose, you need to make a backup of your database, generate a recovery key pair and encrypt your backup with the recovery public key. The public key will be used to encrypt the database at the enrollment step.

To generate a recovery keypair, install Virgil Crypto Library and use the code snippet below. Store the public key in your database and save the private key securely on another external device.

You won’t be able to restore your recovery private key, so it is crucial not to lose it.

package main import ( "encoding/base64" "gopkg.in/virgilsecurity/virgil-crypto-go.v5" ) func main() { crypto := virgil_crypto_go.NewVirgilCrypto() kp, err := crypto.GenerateKeypair() if err != nil { panic(err) } pk, err := crypto.ExportPublicKey(kp.PublicKey()) if err != nil { panic(err) } sk, err := crypto.ExportPrivateKey(kp.PrivateKey(), "") if err != nil { panic(err) } recoveryPrivateKey := base64.StdEncoding.EncodeToString(pk) recoveryPublicKey := base64.StdEncoding.EncodeToString(sk) }

To get the original data back using the recovery private key, go through the recovery guide.

Next step

Now that you have PureKit installed and configured, you are ready to move on to encrypting users' passwords: