VerifyVASP
  • Welcome
  • Change Log
  • Getting Started
    • Getting Started with VerifyVASP
    • Product Overview
    • Alliance Registration & API Key Creation
    • VASP API Functionality
    • Database
    • Enclave Installation & Execution
    • Security Guide
    • Robot VASP Utilization
    • Enclave Server API Utilization
    • Enclave Server Health Monitoring & Troubleshooting
  • Reference
    • Enclave API Reference
      • v1
        • VASP ID
        • VASP List
        • Screening API
          • Risk Assessment with Chainalysis Sanction API
          • Risk Assessment with Chainalysis KYT API
          • Risk Assessment with Refinitiv WCO API
        • User Account Verification
        • User Verification
        • Verification Result List
        • Verification Result by UUID
        • Transaction Result Report
        • Error Report
        • Transaction Status Query
    • VASP API Reference
      • User Account Verification
      • User Verification
      • Transaction Status Query
      • Callback API
      • Decrypting Database Encryption Key
    • IVMS101 Guide
      • About IVMS101 Standard
      • IVMS101 Message Format Guide
      • IVMS101 Personal Data Fields
    • Supplement
      • Network Field
      • Wallet address and transaction ID standards
    • Glossary
Powered by GitBook
On this page
  • API for decrypting the database encryption key
  • Request Body
  • Response Body
  1. Reference
  2. VASP API Reference

Decrypting Database Encryption Key

API for decrypting the database encryption key

POST VEGA_DECRYPT_API_ENDPOINT

Enclave Environment Variable:

Enter the Decryption API endpoint in VEGA_DECRYPT_API_ENDPOINT field.

Sensitive data fields such as personal information or private key are stored encrypted in the enclave database.

To do this, a symmetric encryption key needs to be set as an environment variable. Rather than use the key directly after load, it is recommended to decrypt using the key only before passing through the external security infrastructures(e.g. HSM) to maximize the security.

After implementing an API to decrypt an encryption key as below, you should set up the API endpoint as an environment value of VEGA_DECRYPT_API_ENDPOINT in the enclave server.

  • When VEGA_DECRYPT_API_ENDPOINT variable is set up, VEGA_ENCRYPTION_KEY_BASE64 variable value is used as an encryption key. (NOT recommended)

  • When VEGA_DECRYPT_API_ENDPOINT variable is set up, VEGA_ENCRYPTION_KEY_BASE64 variable value will be passed in request body of API called in the enclave boot phase.

  • Key management service integration (e.g.AWS KMS): set the AWS ARN to VEGA_ENCRYPTION_KEY_BASE64 and set the endpoint of KMS wrapping server on VEGA_DECRYPT_API_ENDPOINT. Then you can export the actual encryption key from the KMS with ARN.

Request Body

Request Body Examples
{
    "inputKey": "Y9uIJCLAkzVi2XYZrUDmBYJp3szXlJIUwfLfbLsVeHU="
}
Field Name
Data Type
Required
Example
Description

inputKey

string

true

"Y9uIJCLAkzVi2XYZrUDmBYJp3szXlJIUwfLfbLsVeHU="

The value entered as VEGA_ENCRYPTION_KEY_BASE64 environment value. Base64 encoded value.

Response Body

Response Body Examples

  • 200 OK

{
    "outputKey": "d0odhtb/jD9qWWTA59koPGgw2jj0ptov56A3b3dfohY="
}
Field Name
Data Type
Required
Example
Description

outputKey

string

true

"d0odhtb/jD9qWWTA59koPGgw2jj0ptov56A3b3dfohY="

Base64 encoded decrypted value.

PreviousCallback APINextIVMS101 Guide

Last updated 1 year ago