Parsing a SensePrint

Obtaining information about a SensePrint without decrypting it

Sometimes it is necessary to parse a SensePrint without decrypting it with the face.

Such functionality is, for example, useful to know whether the SensePrint was created with an additional password so that the UI can prompt a user to enter the password before attempting to decrypt the SensePrint.

Additionally, a SensePrint may contain information that can be read without decrypting it using the user's face. This information, which we call cleartext_data, is actually still stored encrypted in a SensePrint (it is encrypted with keys associated with your server license) and it cannot be read by another SenseCrypt customer.

However, given a reader has the same license, the cleartext_data can be read without a face scan.

Use cases for cleartext_data include have non-sensitive information such as an eID holder's name as cleartext_data while maintaining sensitive attributes such as postal address in the sensitive, face encrypted metadata portion of a SensePrint.

Also, parsing a SensePrint also reveals whether liveness checks must be performed before their decryption.

To parse raw SensePrint bytes, expand the /parse-raw section and click on Try it out as before:

Upon clicking Try it out, the following JSON text will become editable:

{
  "senseprint_base_64": "senseprint_base_64",
  "verifiers_auth_key": "(optional) verifiers_auth_key"
}

senseprint_base_64 is the value obtained by making an API call to the /senseprint-raw in the Generating a raw SensePrint section.

verifiers_auth_key parameter specifies a secret that is shared with a verifier of the eID. It must be the same as the value that was used to generate the SensePrint. If no value was specified when generating a SensePrint, this parameter can be omitted.

PreviousDecrypting a raw SensePrint NextSenseCrypt Face PKI

Last updated 2 months ago