website logo
WebsiteTry DashboardContact Sales
โŒ˜K
๐Ÿ‘‹Welcome to mintBlue!
โ“Why Use mintBlue?
๐ŸงงmintBlue Products
โ›“๏ธEnterprise Bitcoin
๐Ÿš€Introduction
๐Ÿ‘‰mintBlue Quick Start Guide
๐Ÿ”—Setting up Zapier & mintBlue
๐ŸŽ‡mintBlue SDK
๐Ÿ‘‰SDK Quick Start Guide
๐Ÿ—๏ธSDK Encryption
๐Ÿ–ฅ๏ธSDK Server
๐Ÿ“ฉEnvelopes
๐Ÿ“SDK Scripts
๐Ÿ“–mintBlue API
โน๏ธBlockchain API
๐Ÿ–ฅ๏ธmintBlue Console
๐Ÿ‘‚Event Listeners
๐Ÿ†Examples of Building with mintBlue
๐Ÿ”‘password manager
๐Ÿ“ƒNotary Express App
Docs powered by
Archbee
mintBlue SDK

SDK Encryption

8min

Keep your data secure with mintBlue's encryption technology. Your data is encrypted using your own keys before it leaves your device or server, giving you complete control and access to your data.

Learn more in the topics below.

Key Encryption

When you sign up with mintBlue, your device generates a secure keypair known as your master key. To ensure maximum security, your master key never leaves your device unencrypted. For added protection, a key encryption key is generated using PBKDF2 when you set your password, and your password is always hashed before being sent to the server.

During registration, your master key is encrypted with your key encryption key, using AES-GCM. This encrypted master key is sent to the mintBlue server for storage, ensuring secure multi-device access and key recovery

Document image
๏ปฟ

๏ปฟ

๏ปฟ

Access Tokens

Access Tokens allow you to securely access your data through code. Upon creation of an Access Token, a new key encryption key is generated on the client side and used to re-encrypt your master key. The re-encrypted key is then stored on the mintBlue server for secure access

After this process, you will be shown two keys:

  • SDK token
    • This key contains the secret allowing the SDK to decrypt the encrypted master key for local usage
    • The secret part of the key will be hashed before being sent to the server
  • API token
    • This key contains the hashed secret and cannot be used to decrypt the encrypted master key
    • Is used only to authenticate API calls

Key Decryption

When you login or use the SDK to connect to the mintBlue service, our servers will give you back your encrypted master key. Your password or SDK key will then be used to generate your key encryption key. Your key encryption key is then used to decrypt your encrypted master key.

๏ปฟ

Document image
๏ปฟ

๏ปฟ

๏ปฟ

Privacy

  • Since only you know your password or SDK key, only you can generate your key encryption key
  • Since only you can generate your key encryption key, only you can access your master key
  • Since only you can access your master key, only you can decrypt your encrypted data
  • Since only you can access your master key, only you can validly sign your data

SDK

Encryption

The SDK can be used to Create an encrypted data transaction๏ปฟ, simply by setting the encrypt property to true. This will result in the SDK using your master key to encrypt your data or files using ECDH-ES+A128GCM. Only the encrypted data will be sent to the server. Your data is yours, mintBlue cannot access your encrypted data!

Digital Signatures

The SDK can be used to Create a signed data transaction๏ปฟ, simply by setting the sign property to true. This will sign your data using your master key with ES256K. The signature will be attached to the transaction.

๏ปฟ

Schematic overview
Schematic overview
๏ปฟ

๏ปฟ

Updated 26 Apr 2023
Did this page help you?
PREVIOUS
SDK Quick Start Guide
NEXT
SDK Server
Docs powered by
Archbee
TABLE OF CONTENTS
Key Encryption
Access Tokens
Key Decryption
Privacy
SDK
Encryption
Digital Signatures
Docs powered by
Archbee