Authenticated Data Decryption
This guide is a short tutorial on how to decrypt and then verify data with Virgil Security.
This process is called Authenticated Data Decryption. During this procedure you will work with data that is already both encrypted and signed, and then decrypt and verify the data. A recipient uses their Virgil KeyThe Virgil Key is a wrapper of the user's secure Private Key more ... to decrypt the data, which is followed by using the Sender’s Virgil CardEach Card contains attributes associated with the holder of the Private key and are used to prove the ownership of a Public key more ... to verify the integrity of the data.
Set up your project environment before you begin to work, with the getting started guide.
The Authenticated Data Decryption procedure is shown in the figure below.
In order to decrypt and verify the message, Bob has to have:
- His Virgil Key
- Alice's Virgil Card
Let's review how to decrypt and verify data:
- Developers need to initialize the Virgil SDKThe SDK helps take tedious complexity out of coding by providing APIs for all of Virgil Services.
virgil = VirgilApi.new(access_token: "[YOUR_ACCESS_TOKEN_HERE]")
- Then Bob has to:
- Load his own Virgil Key from secure storage, defined by default
- Search for Alice's Virgil Card on Virgil ServicesVirgil Services is a group of cryptographic services that make up the Virgil Security infrastructure more ...
- Decrypt the encrypted message using his Virgil Key and verify it using Alice's Virgil Card
# load a Virgil Key from device storage
bob_key = virgil.keys.load("[KEY_NAME]", "[OPTIONAL_KEY_PASSWORD]")
# get a sender's Virgil Card
alice_card = virgil.cards.get("[ALICE_CARD_ID]")
# decrypt the message
original_message = bob_key.decrypt_then_verify(ciphertext, alice_card).to_s
To load a Virgil Key from a specific storage, developers need to change the storage path during Virgil SDK initialization.
To decrypt data, you will need Bob's stored Virgil Key. See the Storing Keys guide for more details.