RSA encryption scheme

The gcEVM utilizes the RSA encryption scheme to acquire the user AES key necessary for encrypting and decrypting data.

The SDK provides several RSA functionalities to support this.

Below are the function signatures for these functionalities, provided in Python, JavaScript, and Go languages:

  • Generate RSA key pair

def generate_rsa_keypair()
  • Encrypt

def encrypt_rsa(public_key_bytes, plaintext)
  • Decrypt

def decrypt_rsa(private_key_bytes, ciphertext)

Example usage - Onboard user

The gcEVM employs AES keys unique to each user for the encryption and decryption of their values.

To retrieve the AES key, a contract is provided that requests the system to return the key associated with the sending user. Further details regarding this process are outlined in the onboard user section:

Onboard Account

The getUserKey function in Solidity takes a signed RSA public key as a parameter. It then verifies the signature to ensure the authenticity of the RSA public key. Once the signature is verified, the function proceeds to encrypt the AES key using the verified RSA public key.

For a comprehensive understanding of the sign process, please refer to the detailed explanation provided at:

ECDSA Signature

We offer a script that accomplishes the following tasks:

  1. Generates an RSA key pair.

  2. Signs the public key.

  3. Invokes the getUserKey function in Solidity, passing the signed public key.

  4. Accepts the encrypted AES key.

  5. Decrypts the AES key using the private RSA key.

Below are examples of such scripts implemented in both Python and JavaScript languages:

# Generate new RSA key pair
private_key, public_key = generate_rsa_keypair()
# Sign the RSA public key using ECDSA private key
signedEK = sign(public_key, bytes.fromhex(signing_key[2:]))

# Call the getUserKey function to get the encrypted AES key
receipt = soda_helper.call_contract_transaction("onboard_user", "getUserKey", func_args=[public_key, signedEK])
if receipt is None:
    print("Failed to call the transaction function")
encryptedKey = contract.functions.getSavedUserKey().call()

# Decrypt the aes key using the RSA private key
decrypted_aes_key = decrypt_rsa(private_key, encryptedKey)

Last updated