Function: ztdfDecrypt(sdsdkDecryptParameters: ZtdfDecryptParameters)

The ztdfDecrypt function decrypts data that was previously encrypted using the Zero Trust Data Format (ZTDF).

Description

This function takes encrypted ZTDF data as input and performs decryption operations. It communicates with a Key Access Service (KAS) for key retrieval and uses a validator engine to ensure the integrity of the data manifest.

Parameters

sdsdkDecryptParameters: object containing decryption parameters.

sdsdkZtdf

Type: SdsdkZtdf
Description: ZTDF object containing encrypted data.

kas.authentication.mode

Type: string
Description: Authentication mode ("basic" or "bearer").

kas.authentication.value

Type: string
Description: Authentication value (API key or JWT value).

Return

Promise containing decryption result:

data

Type: Uint8Array
Description: Decrypted data.

How ABAC works

During decryption, the attributes specified during encryption are sent to the KMaaS, which sends them to the policy server (see KMaaS documentation). You can write your own rules to authorize or deny decryption.

Example

javascript

import { ztdfEncrypt, ztdfDecrypt } from 'sdsdk';

const jsonData = {
  metadata: {
    version: 1,
  },
  b64payload: 'aBase64EncodedString',
  manifest: {
    // Manifest properties
  },
};

const sdsdkZtdf = SdsdkZtdf.fromJson(jsonData);

const ztdfInstance = await ztdfDecrypt({
  sdsdkZtdf: sdsdkZtdf,
  kas: {
    authentication: {
      mode: 'basic',
      value: 'dGVzdEFwaUtleTpvY2dZ...L0x4Vw==',
    },
  },
});

console.log(new TextDecoder().decode(decrypted.data));

Function: ztdfDecrypt(sdsdkDecryptParameters: ZtdfDecryptParameters) ​

Description ​

Parameters ​

sdsdkZtdf ​

kas.authentication.mode ​

kas.authentication.value ​

Return ​

data ​

How ABAC works ​

Example ​