This example shows how to access the TrustedX
encryption and decryption service in a RESTful way in order to decipher an encrypted message that
is contained in an EnvelopedData structure, as this format is defined in CMS (RFC 3852).
The HTTP POST action is used to ask the trustedX-sgw/cms/decryption resource located in labs.safelayer.com to recover the plain text message that corresponds to the enciphered text whose base64 encoding is contained in
the <Base64Envelope> element of
the request being sent (in the message-body).
Please note that the servicePolicy parameter in the URI is used to specify the policy
under which the decryption operation is wanted to be performed (txDemoDecryptPolicy). Likewise the username and password
parameters specify the name (trustedX) and
password (trustedX) of
the legitimate recipient that the plain text message is intended for. Obviously, it is necessary
to authenticate this recipient, since the decryption operation involves
using the secret decryption key and thus gaining access to confidential
information (i.e. the plain text message). In a real production environment,
confidentiality of the password should be assured by using a TLS channel.
POST /trustedx-sgw/cms/decryption?username=trustedx HTTP/1.1
Host: labs.safelayer.com
Content-Length: 625
Content-Type: application/x-trustedx-envelopedData+xml
<Base64Envelope>MIIBuAYJKoZIhvcNAQcDoIIBqTCCAaUCAQAxggEPMIIBCwIBADB0MG4xQTA/BgNVBAoTOFNhZmVsYXllciBTZWN1cmUgQ29tbXVuaWNhdGlvbnMsIFMuQS4gW0MuSS5GLiBBNjE5MzAwNDZdMSkwJwYDVQQDEyBTYWZlbGF5ZXIgLSBDbGFzcyAxIFJvb3QgQ0EgRGVtbwICApwwDQYJKoZIhvcNAQEBBQAEgYAcACWdkVAhO9QCOCF1kllkpuMjmUVOFiMxNyBOdKeEulgdFePNRKTswT7o2pIxUD7qa3cqvarFeqaS4P3AldszosffKAbI4j9czF98I/jxvoLQfl2/DrGdZVlYZbPMv/qm9pN+MwkCAMmhGEGxKFyATSAikpB6RkNYhn2T6n8yoTCBjAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBAgQQlP+7GaSY+q7ZI9NzhC3WHoBgfuSSbbBVlwnGvSL7p9sTxCaP3d6MHkSde82JsvIH6a5mFmKm2iNwktd8urU626KwB3MUQFMuaIfeFn/B4dg5OUmR6mG4tcedBqGE0dfV8At1WDp0jZwlNcHaYZz4EwR5</Base64Envelope>
| | | | | | | |
|
The following explanation refers to the response
provided by TrustedX when it receives the previous request. Consequently, click
on Try for TrustedX to generate this
response.
As you can see, the response consists of a
base64 encoding
(<Base64Data> element)
of the plain text message that corresponds to the encrypted one that was sent in the request. You can see that the plain message is indeed (see Data Encryption):
"La libertad, querido
Sancho, es el don más preciado que dieron los cielos a los hombres".
Note:
To implement this example, the TrustedX SmartGateway
component should be configured. See REST HowTo for an explanation on how to perform this.
|
