How to decrypt keys using a face
In the previous section, we saw how to encrypt a key using a Face Certificate.
The key is encrypted using ECIES using the public key in the Face Certificate.
To decrypt the encrypted key, the right private key must be generated from your SensePrint, face, and purpose ID.
As before, on the Swagger Docs page authorize using the API Key you setup earlier.
Expand the /face-decrypt section and then click the Try it out button as shown below:
Upon clicking Try it out you should be able to submit the data as shown below:
The following summarizes the parameters for the request:
encrypted_key_base_64 - this is the encrypted key that was obtained using the /encrypt-with-face-certificate end-point described in the previous section.
face_base_64 - the face of the SensePrint eID holder.
liveness_tolerance (optional) - the tolerance of the liveness algorithm used to check for a live face before allowing the decryption to proceed.
os (optional) - indicates the operating system the image was captured on. Valid values are ANDROID / IOS / DESKTOP.
password (optional) - the same password (if one was specified) that was used during the SensePrint generation.
purpose_id - a unique purpose ID. This should match the purpose ID that was used to generate the Face Certificate used to encrypt the key.
senseprint_base_64 - the foundational SensePrint eID in raw form.
verifiers_auth_key (optional) - the same verifiers_auth_key (if one was specified) that was used during the SensePrint generation.