LogoLogo
  • Introduction
  • Getting Started
  • SenseCrypt Server
    • Starting the server
    • Configuration
    • Licensing and Authorization
    • Using the Swagger Docs page
    • Authorization
    • Using a JWT Token for Mobile Authorization
    • Getting information about your license
    • SenseCrypt eID
      • Generating your first SensePrint eID QR
      • Generating a raw SensePrint
      • Decrypting a raw SensePrint
      • Parsing a SensePrint
    • SenseCrypt Face PKI
      • Configuration
      • Accessing your Root Certificate
      • Generate your first Face Certificate
      • Verifying a Face Certificate
      • Encrypting Data/Keys using a Face Certificate
      • Face Decrypting Data/Keys
      • Face Signing
      • Face Signature Verification
    • Accessing the server for testing
    • Liveness Image Requirements
  • SenseCrypt Mobile SDKs
    • Licensing
    • Authorization for Online SDKs
    • Liveness and Face Capture
    • Android SDK
    • iOS SDK
  • Conclusion
  • FAQ & Search
  • Appendix
    • Privacy Preserving Biometric Verifiability
    • Principles of Privacy Preserving Face Verification
    • Foundational vs Functional eID
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. SenseCrypt Server
  2. SenseCrypt Face PKI

Face Decrypting Data/Keys

How to decrypt keys using a face

PreviousEncrypting Data/Keys using a Face CertificateNextFace Signing

Last updated 9 months ago

Was this helpful?

In the previous section, we saw how to encrypt a key using a Face Certificate.

The key is encrypted using ECIES using the public key in the Face Certificate.

To decrypt the encrypted key, the right private key must be generated from your SensePrint, face, and purpose ID.

As before, on the Swagger Docs page authorize using the API Key you setup earlier.

Expand the /face-decrypt section and then click the Try it out button as shown below:

Upon clicking Try it out you should be able to submit the data as shown below:

{
  "encrypted_key_base_64": "MHQCAQEEIKu0Xuf....",
  "face_base_64": "face_base_64",
  "liveness_tolerance": "REGULAR",
  "os": "DESKTOP",
  "password": "(optional) password",
  "purpose_id": "login:www.example.com",
  "senseprint_base_64": "senseprint_base_64",
  "verifiers_auth_key": "(optional) verifiers_auth_key"
}

The following summarizes the parameters for the request:

  1. encrypted_key_base_64 - this is the encrypted key that was obtained using the /encrypt-with-face-certificate end-point described in the previous section.

  2. face_base_64 - the face of the SensePrint eID holder.

  3. liveness_tolerance (optional) - the tolerance of the liveness algorithm used to check for a live face before allowing the decryption to proceed.

  4. os (optional) - indicates the operating system the image was captured on. Valid values are ANDROID / IOS / DESKTOP.

  5. password (optional) - the same password (if one was specified) that was used during the SensePrint generation.

  6. purpose_id - a unique purpose ID. This should match the purpose ID that was used to generate the Face Certificate used to encrypt the key.

  7. senseprint_base_64 - the foundational SensePrint eID in raw form.

  8. verifiers_auth_key (optional) - the same verifiers_auth_key (if one was specified) that was used during the SensePrint generation.

Using the /face-decrypt end-point