zkPass Developer's Guide

Encrypt User Data and DVR

Prerequisites

Make sure you have :

  1. userDataToken

  2. dvrToken

Read Sign User Data and DVR section for detail info.

Overview

zkPass enhances the security of your data during transport by encrypting it before sending it over the network. The are only two entities that can access the data: the holder and zkPass host running in a Trusted Execution Environment (TEE).

Example Implementation

First, find the zkPass public key in the .well-known/jwks.json file at this endpoint: https://playground-zkpass.ssi.id/.well-known/jwks.json The key you're looking for has a kid (Key ID) of "ServiceEncryptionPubK".

import { importSPKI, EncryptJWT } from "jose";

async encryptData(userDataOrDvrToken: string): Promise<string> {
    const keyUrl = 'https://playground-zkpass.ssi.id/.well-known/jwks.json';
    const fetchKeys = await fetch(keyUrl);
    const keys = await fetchKeys.json();
    const encryptionPubKey = keys.find(
      (key: { kid: string }) => key.kid === 'ServiceEncryptionPubK'
    );
    const zkPassPublicKey =
      '-----BEGIN PUBLIC KEY-----\n' +
      encryptionPubKey.x +
      '\n' +
      encryptionPubKey.y +
      '\n-----END PUBLIC KEY-----';
    const importedPublicKey = await importSPKI(zkPassPublicKey, "ES256");
    return await new EncryptJWT({ data: userDataOrDvrToken })
      .setProtectedHeader({
        alg: "ECDH-ES",
        enc: "A256GCM",
      })
      .encrypt(importedPublicKey);
  }

Output Example

After this section you should have :

  1. Encrypted User Data Token (in JWE Format).

  2. Encrypted DVR Token (in JWE Format).

Here's the example

{
  "encryptedUserDatatoken": "eyJ0eXAiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiMzltNTN2ZmZJRXhaSVAxT0d6cHlqc3RMZDM1OUd0UHFwODJSSkZHOXU0WSIsInkiOiI5RHNTTHpGcWtMMklKRDl5TUVxQXYyb3hQcTZ6c05QUE9uNVh0aWZfX3FvIn0sImFsZyI6IkVDREgtRVMifQ..g_0l5lEYDWaPWFbF.IprX1dpBLdvMvmq_BHgzeutyYVPhnPGISi_3a3fMbKxp_p-NfZQtLV9awiGKvdNkYdneAQQM8ALWKEpp76a3wPo7ZMOJjh4QJ-0ifItFT6FyU0a0tt3OJ--SjTL8ECGhrcfN5fZgvlaVDNVyNKgXVLTIxRBOjIfIYjhc60_2XjWS-GgJGwAKgdCmOyXYGz_BD6LFqBzDd3aCLjD_W-RBZj6ayexK6TZsuaZMovfkAIwtb4d1PV9FUih2zSOBqKtL5S5_oEXeY2hSFhN_XNaw9QlP9Tzxd4p2bYFlx9S15I3EIkVuyERlSPS2iBtcidzUlRvNEAjcQKAXb_0J9rtKT8WFvBIEmRY7fduEvib_txErVImIMlccy1MQuGQTD7j5l36VxS844_0w8FonmkRU9kO0EzcOsK99KezakOpmF8oaGOyB9511WngcKvvJgAN9DKjCAnEJv6CsfFzpr2t4nkVdx6tY9SWIxkVNmXCGg8nyQM5hmodyzLAoE6IIGWq3a5CmWmTUD2q1u0_FeaSMgWrBXODW0krcr91VGD86j9ngQnuYlTbRSeOHKg6-91WXClvDNt-uxCkUR6Q3afKjsB9uKllTPKm2DpMyeOS-nLgm6c_HmiwFxjN9eYzZSDKfqHmUnqiG3XaU_pgFj8HvDZSOhELV193k56hxwM0VJcspX8cU_WHBmRw0sBF0r6NwHtCq864hhAq0RWmUWbDaC47626HapHbbjJwEUi7hPDaq5_hVbHNGeyAdJfoQYmsiapWsqB811kSTyGp5dn5BQ8uLmuQoqqTHj2XY1R7IdLup62-owo18Q9o94X93X4Ft-dCKF3T4e9mLNbEypRpjlgDwwDHJ6oI7KSKFiX89ysxQd8vgXlvj3lU19LQIHxMquTlhEMcgzvH6743w9lkKY_SldmGtWM8LnbBYqVd2TFupLHxjVVu-YbHMBlomUcsav1VoLr-peq2Lm8DgbfugfRnWIdTWFLHdWgMpXgmY5PWY2AtbVRpruqTNeYGJJAxuVzgnwJOipPNLkXIBQ7hIIzlbQ1QgWM5cDDd6yIRCSGHoqYLZfGX7zWM3eKduCI22KC9gRiigMOWGrDtUxkNwcLx7Z_mFahTDSKdX3flCSe5BLfsLI2OwWfJBck-6LGnpzAibTqVYHhAdWp7_MiI6zDpRfPW58l7ZoLtdQBVdrMXEYXQmjRcKbfJvQMgotVZTNO-Bjb0RNHK5AhwawF2LmgQxkEcNlpN3JpSrlIBJ7oPMUa1BT2d60VZEnlY28pc6OVOc9kSnJtvCRlqcuK1wMM8nd0_RZzKTEfKc5lZfALL7ZzJBMkcnGLQrHbUCIY4wGBdxmvZmPols4OU0hk98HPYWxR2hmkAOYT-aZTwD5pd_NhimNmZZlBz_e-bTFvVMKgvtjYyRTAkwW0MYxNtefFdc2wtGyJagBnv4MXZs80LWUM_W47jIQ8fwdnAgiHHMeGeT3ufiszvzdDFEH0Lk_RUCGLCycfhFdgqY252QaJ2IiasqaeV3UGLCgMORMFinrkyP9jPvyZB5JClWA6BJGOjeAX0nm-1JlFJtqv-Vi6t67eItcBrFmJzfIKoRpITrmqPK95opgSVRldwwqwgV4Vu5hA.byqS5zEtKbnc3wtCh4Pd1w",
  "encryptedDvrToken": "eyJ0eXAiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiLXc3WkpyT00xSXRDOUZ4X1lGY2hhVWVENktxR1BOcGRFYTZXeXMwQzdLNCIsInkiOiJQVld0M2pCSHVwcXhjLWh3Q1dqUEl6UTlXd2k4LVFhek5IalNuT01xbGFzIn0sImFsZyI6IkVDREgtRVMifQ..fkgCZFeN-MdO-3b-.khygR1YMcoKM_joS0QFkb91kJCnWDI5DD5hwstqn485lj9NRt9GwdAvdUU7jjKaH5TqImwVfDG_bGunPcYxT0UwzGDuxD-IFEHRyPyFZPFzq4gBBrxiIK-FT-35Pk9pqhmKMMtxCExSKC9mapu2s3SUI_geawZijbE4kZhdgZ8aZYdvkxBwJAOO1HkOv8dz4GSL8zP_A-VcRQQzD8cPhXpIccUmcxTTIl5VAaiRGYjuvtbo-1Xdl4MuzdshN7ZvYp1zIIrkQ3SLvE7qDPBi9c1SS_QJX6-k85NlTVv4F6gNNOx0dObg0UeoOO-H8FdZY1UaSWOXu3K6Ygu27LTAqUwPoa6petBerdkPmNWGLic3G-iN1xKzUPxDXl-C88IMJbKfoSCWNbjXorKKiThZOKurWX924tcAdc9T21gzOAWQeIy_xvpTSxMTbOxIOyqj5HQBwH9caCewaLMIXFw-jg7PGtaMiu1jJh_6nwdxf9lnuU8QMG55qIt_w34p0QMl6Am5EsGEOH8EfFRgKXQZFLvUISo-yEUbdP-jXbFas5qsJoj6T0kiZwqbErW4lWM_t8OMvVzmwmxJyociHkG9VO7vpKVurK5bKCXynQ8TsX5Fe_LCfcRvt8bT333dMH10LUSpHKOAa6m6M7-YX2BIrDPbNABzGM_IpjH9lGxzfF_Xyl0m7QZybh2kPkUThz6p5n3Th8S9fTJxxlh1wmOJpDxjd4OLQjqmcJHSEvENDw40LktTbgz3Y4gxumZSI1OGeKD8Frwb5CMSzuzOZz-i7bC7u5iGcApbXxseEzhlxM8xTcpnJHdbxSfm2vPKpEBuH14sjShRJ-JZwFOL36dnjjk_bRev26NGdGXCjSNGOzOBJCmPKmz1VHAZLDZupIow5Rmk5oHj4ot9oV1SSS1pDRudp2FheD35gBVn3wa-cOBg52wRkTJ_mL-z8T6ePTxbqZOyhLsz5UMgxl8BtXd_DLOhYNHwQy8hzvwgNHkKs8UGSNLa0rGVi2WIQN6HddDAqKV4nnwi40KDjVSmGTOdWisoA0oJRuIHGilIsxUoePYCDk6Z-zJ45xvAm52fd-w9m29sIaAuMJ9uEKzamPXWxUbFbKP3S3WuixDFhZGMphaDYV38CF6TMk5Gv7neV9m1A2BvV8_YG539I_4k4cq3h3iq-MnHOsr4f8l-KJtg9NMM-Ydui7OcKeOJKKkiUx7ZxNxp73a0nHrxDqddzvNvnYWhpA2MU9xy2OZe5Lqmp5m08XDac-nlJfkdzogUUVkAtMd4WMaroaupdbkazpBGqdTik4U7tmlEGpbDS3GY4tN4fkjsWrSPXCjR_-IEq-mam8zEtaAMbCCiR6VmJYnrIp_QxIOQOHI7Aj_3l63nBJsVXfUUK1-31OnpTXYRnI0TeS27QCRWVa4T2EbPuIw_ZRQfUfHPMtkSuSGGyjNUtgnZiY87x0Wzl0VQRCbsFHw91mVIDQqwW11AFIOoLPtebKEqyY7KZGYgkwYiEz0x9-11vqN0n1_m5t4ztXQIMK8nrHei8MXPmthxA9dGAfPgQ2358AMbKrNfuBAwbuFZuGSkKnQcx-zt_gKtEtE6GqvWzLiW96VahvXmYzoDkqwER4_9jXsQIdy3wo-r80afrSWU.2O-QJxZZ2t4p98LM4VkXAA"
}
PreviousSign User Data and DVRNextErrors

Last updated