Data Encryption
🔐 REL-ID SDK API Documentation: EncryptDataPacket & DecryptDataPacket
📘 Overview
The EncryptDataPacket and DecryptDataPacket APIs in the REL-ID SDK are used to securely encrypt and decrypt string data using defined cipher algorithms, salts, and privacy scopes. These APIs support secure data handling in various security contexts like session-based, user-based, device-based, or application-based.
🎯 Purpose
- EncryptDataPacket: Securely transforms plain text into encrypted form using REL-ID cryptographic services.
- DecryptDataPacket: Restores encrypted text back to readable plain text using the same parameters.
These functions are essential in scenarios where sensitive data such as user credentials or tokens need to be stored or transmitted securely.
🧩 SDK Context from REL-ID Integration Guide
🔒 Privacy Scope
Defines the key generation context for encryption/decryption. The supported values are:
| Value | Scope | Description |
|---|---|---|
1 | SESSION | Keys valid for the active session only (short-lived) |
2 | DEVICE | Keys tied to the device hardware identity |
3 | USER | Keys associated with the currently logged-in user |
4 | AGENT | Keys linked to the application agent context |
Note: The session scope key is regenerated upon re-authentication and is different for USER and APP sessions.
🔁 Workflow Overview
- Retrieve
cipherSpecandcipherSaltusing "getDefaultCipherSpec()andgetDefaultCipherSalt() - Call
encryptDataPacket()to convert plain text into encrypted format - Store/transmit the encrypted data securely
- Use
decryptDataPacket()with the same parameters to retrieve the original plain text
🔐 EncryptDataPacket API
📥 Parameters
| Field | Type | Description |
|---|---|---|
privacyScope | int | Encryption scope (see Privacy Scope) |
cipherSpec | string | Cipher format string |
cipherSalt | string | Extra entropy value (recommended: app package name), in bytes |
plainText | string | Data to encrypt, in bytes |
🔒 Privacy Scope
Defines the key generation context for encryption/decryption. The supported values are:
| Value | Scope | Description |
|---|---|---|
1 | SESSION | Keys valid for the active session only (short-lived) |
2 | DEVICE | Keys tied to the device hardware identity |
3 | USER | Keys associated with the currently logged-in user |
4 | AGENT | Keys linked to the application agent context |
Note: The session scope key is regenerated upon re-authentication and is different for USER and APP sessions.
🧪 CipherSpec & CipherSalt
- cipherSpec defines the encryption algorithm, key size, cipher mode, padding, and hash function.
Format:ALGO/KEYSIZE/MODE/PADDING:HASHExample:AES/256/CFB/NoPadding:SHA-256- Supported encryption algorithms: AES
- Supported modes: ECB, CBC, CFB, OFB
- Padding: NoPadding, PKCS7Padding, ISO10126Padding
- Hash: SHA-256, MD4, etc.
- Recommended:
AES/256/CFB/NoPadding:SHA-256 - Stream ciphers are not supported for data-at-rest scenarios.
🧪 CipherSalt
cipherSalt: An additional entropy string added to the encryption. It ensures uniqueness of the cipher. Recommended value is the app’s package name (e.g., com.uniken.mybank).
💻 Code Snippets
React Native
RdnaClient.encryptDataPacket(privacyScope, cipherSpec, cipherSalt, plainText, (response) => {
const encryptedData = response.response;
});Flutter
final encrypted = await rdnaClient.encryptDataPacket(privacyScope, cipherSpec, cipherSalt, plainText);Cordova
com.uniken.rdnaplugin.RdnaClient.encryptDataPacket(successCallback, errorCallback, [privacyScope, cipherSpec, cipherSalt, plainText]);Native iOS
(RDNAError *)encryptDataPacket:(int)privacyScope
CipherSpec:(NSString *)cipherSpec
CipherSalt:(NSString *)cipherSalt
From:(NSData *)plainText
Into:(NSMutableData **)cipherText;Native Android
RDNAStatus<byte[]> status = rdnaClient.encryptDataPacket(privacyScope, cipherSpec, cipherSalt.getBytes(), plainText.getBytes());
byte[] encrypted = status.getResponse();🔓 DecryptDataPacket API
📥 Parameters
| Field | Type | Description |
|---|---|---|
privacyScope | int | Decryption scope used during encryption |
cipherSpec | string | Same cipher used in encryption |
cipherSalt | string | Same salt used in encryption, in bytes |
cipherText | string | Encrypted data |
💻 Code Snippets
React Native
RdnaClient.decryptDataPacket(privacyScope, cipherSpec, cipherSalt, cipherText, (response) => {
const plainText = response.response;
});Flutter
final plainText = await rdnaClient.decryptDataPacket(privacyScope, cipherSpec, cipherSalt, cipherText);Cordova
com.uniken.rdnaplugin.RdnaClient.decryptDataPacket(successCallback, errorCallback, [privacyScope, cipherSpec, cipherSalt, cipherText]);Native iOS
(RDNAError *)decryptDataPacket:(int)privacyScope
CipherSpec:(NSString *)cipherSpec
CipherSalt:(NSString *)cipherSalt
From:(NSData *)cipherText
Into:(NSMutableData **)plainText;Native Android
RDNAStatus<byte[]> status = rdnaClient.decryptDataPacket(privacyScope, cipherSpec, cipherSalt.getBytes(), cipherText.getBytes());
byte[] plainText = status.getResponse();⚠️ Error Codes - TBD
🧠 Developer Tips
- Always match
privacyScope,cipherSpec, andcipherSaltbetween encryption and decryption. - Use
getDefaultCipherSpec()andgetDefaultCipherSalt()to avoid hardcoding cipher formats. - Session-scope keys are ephemeral. Do not reuse across sessions.
- Avoid using stream ciphers for persistent data encryption.
Updated 2 months ago