RSA encryption scheme

The gcEVM utilizes the RSA encryption scheme to acquire the user AES key necessary for encrypting and decrypting data.

The SDK provides several RSA functionalities to support this.

Below are the function signatures for these functionalities, provided in Python, JavaScript, and Go languages:

Generate RSA key pair

def generate_rsa_keypair()

function generateRSAKeyPair()

Encrypt

def encrypt_rsa(public_key_bytes, plaintext)

function encryptRSA(publicKey, plaintext)

Decrypt

def decrypt_rsa(private_key_bytes, ciphertext)

function decryptRSA(privateKey, ciphertext)

Example usage - Onboard user

The gcEVM employs AES keys unique to each user for the encryption and decryption of their values.

To retrieve the AES key, a contract is provided that requests the system to return the key associated with the sending user. Further details regarding this process are outlined in the onboard user section:

The getUserKey function in Solidity takes a signed RSA public key as a parameter. It then verifies the signature to ensure the authenticity of the RSA public key. Once the signature is verified, the function proceeds to encrypt the AES key using the verified RSA public key.

For a comprehensive understanding of the sign process, please refer to the detailed explanation provided at:

We offer a script that accomplishes the following tasks:

Generates an RSA key pair.
Signs the public key.
Invokes the getUserKey function in Solidity, passing the signed public key.
Accepts the encrypted AES key.
Decrypts the AES key using the private RSA key.

Below are examples of such scripts implemented in both Python and JavaScript languages:

# Generate new RSA key pair
private_key, public_key = generate_rsa_keypair()
# Sign the RSA public key using ECDSA private key
signedEK = sign(public_key, bytes.fromhex(signing_key[2:]))

# Call the getUserKey function to get the encrypted AES key
receipt = soda_helper.call_contract_transaction("onboard_user", "getUserKey", func_args=[public_key, signedEK])
if receipt is None:
    print("Failed to call the transaction function")
    return
encryptedKey = contract.functions.getSavedUserKey().call()

# Decrypt the aes key using the RSA private key
decrypted_aes_key = decrypt_rsa(private_key, encryptedKey)

// Generate RSA keys and sign the public key using ECDSA private key
const { publicKey, privateKey } = generateRSAKeyPair();
const signedEK = sign(publicKey, Buffer.from(SIGNING_KEY.slice(2), 'hex'));

// Call the getUserKey function to get the encrypted AES key
await sodaHelper.callContractTransaction("onboard_user", "getUserKey", [publicKey, signedEK]);
const encryptedKey = await sodaHelper.callContractView("onboard_user", "getSavedUserKey")

// Decrypt the AES key using the RSA private key
const buf = Buffer.from(encryptedKey.substring(2), 'hex');
const decryptedAESKey = decryptRSA(privateKey, buf);

PreviousSDK Functions NextECDSA Signature

Last updated 6 months ago

# Generate new RSA key pair private_key, public_key = generate_rsa_keypair() # Sign the RSA public key using ECDSA private key signedEK = sign(public_key, bytes.fromhex(signing_key[2:])) # Call the getUserKey function to get the encrypted AES key receipt = soda_helper.call_contract_transaction("onboard_user", "getUserKey", func_args=[public_key, signedEK]) if receipt is None: print("Failed to call the transaction function") return encryptedKey = contract.functions.getSavedUserKey().call() # Decrypt the aes key using the RSA private key decrypted_aes_key = decrypt_rsa(private_key, encryptedKey)

// Generate RSA keys and sign the public key using ECDSA private key const { publicKey, privateKey } = generateRSAKeyPair(); const signedEK = sign(publicKey, Buffer.from(SIGNING_KEY.slice(2), 'hex')); // Call the getUserKey function to get the encrypted AES key await sodaHelper.callContractTransaction("onboard_user", "getUserKey", [publicKey, signedEK]); const encryptedKey = await sodaHelper.callContractView("onboard_user", "getSavedUserKey") // Decrypt the AES key using the RSA private key const buf = Buffer.from(encryptedKey.substring(2), 'hex'); const decryptedAESKey = decryptRSA(privateKey, buf);