Blindnet offers a simple solution to enable data privacy and compliance with requirements in various data regulations, including GDPR and CCPA.
Beyond compliance, we provide software developers with a service to minimize the exposure to unnecessary user data and reduce the risk in case of data breaches via encryption.
The blindnet Encryption Engine gives all developers the ability to protect users’ data (e.g., files, images, documents) in an easy and intuitive way.
It is a collection of libraries and Restful APIs intended for developers to implement data captures, their lifecycle management, and data rights management, in their own software.
The blindnet Encryption Engine is compatible with all available user authentication systems. The user experience does not change when you integrate the blindnet encryption engine.
What it does
- Symmetric encryption of documents (e.g., files, images); document keys are randomly generated and transferred between users with asymmetric key encryption.
- A password-based secure backup of user private keys, which allows users to access their data from different browsers. Thanks to our password splitting function your users still use only one password to access your system and to secure their private keys.
- Data exchange between registered users of your application, and from unregistered to registered users.
- End-to-end encryption: no one except senders and intended recipients can read the data.
How to use it
For a quick and easy introduction, check out the Quick Start guide.
Then, read the more detailed documentation section for more advanced usage.
📄️ Quick Start
While reading this quickstart guide you can download and follow the source code for a simple React front-end app with integrated blindnet client SDK from here.
The following programming languages are currently supported:
📄️ Encrypting data
Depending on the language, multiple data formats can be encrypted - strings, files or simply just byte arrays.
📄️ Decrypting data
We provide two methods to decrypt the data: decrypt and decryptValues.
📄️ Managing users and access
You can manage your users' interaction with blindnet and their access to data through blindnet encryption engine methods that you invoke in your application. These methods allow you to
Errors can arise during the usage of the blindnet encryption engine and should be handled accordingly.
🗃️ Api reference
What is the difference between
Blindnet.init(token) is about initialising blindnet Encryption Engine itself, since blindnet API requires a JWT to authenticate the requests, and the
token passed as argument is actually the JWT that you generate on your backend. Instead of passing the token on each SDK function call, the SDK maintains the state and uses the token in each call to our API. This is why when the token expires you need to refresh it.
blindnet.connect(blindnetSecret) is about logging your users to the blindnet encryption service. When this method is called, the SDK uses
blindnetSecret (argument to the connect function) to initiate the user's private keys, and then stores them to be used later when decrypting documents.
The blindnet encryption engine consists of client-side and server-side libraries for different languages and platforms.
Server-side libraries are used mainly for user authentication in blindnet by providing the api to generate the authentication tokens. Additionally, you can use it to delete users and encryption keys of your application.
To integrate the blindnet encryption engine to your application, you need:
- Yto integrate both client-side and server-side SDKs.
- You need a way to authenticate the users in your application. Users in blindnet are identified by a unique identifier which is generated on your side. User's unique identifier is a part of the authentication token.
- You need to maintain the authenticated sessions with blindnet on the client-side for every user using the blindnet api. A session is identified by an authentication token generated by the server-side SDK and passed to the client-side. Tokens have an expiry time so make sure to generate new ones after they expire.