Skip to main content

Encryption

Blindnet offers a simple solution to enable data privacy and compliance with requirements in various data regulations, including GDPR and CCPA.

Beyond compliance, we provide software developers with a service to minimize the exposure to unnecessary user data and reduce the risk in case of data breaches via encryption.

The blindnet Encryption Engine gives all developers the ability to protect users’ data (e.g., files, images, documents) in an easy and intuitive way.

It is a collection of libraries and Restful APIs intended for developers to implement data captures, their lifecycle management, and data rights management, in their own software.

The blindnet Encryption Engine is compatible with all available user authentication systems. The user experience does not change when you integrate the blindnet encryption engine.

What it does​

When using the blindnet EncryptionEngine in your application, the JavaScript client library encrypts and decrypts user data directly on user local machines (e.g, browsers or mobile phones), while managing the encryption keys in the background, along with:

  • Symmetric encryption of documents (e.g., files, images); document keys are randomly generated and transferred between users with asymmetric key encryption.
  • A password-based secure backup of user private keys, which allows users to access their data from different browsers. Thanks to our password splitting function your users still use only one password to access your system and to secure their private keys.
  • Data exchange between registered users of your application, and from unregistered to registered users.
  • End-to-end encryption: no one except senders and intended recipients can read the data.

Blindnet in web and mixed applications.

How to use it​

For a quick and easy introduction, check out the Quick Start guide.

Then, read the more detailed documentation section for more advanced usage.

What is the difference between Blindnet.init(token) and blindnet.connect(blindnetSecret)​

Blindnet.init(token) is about initialising blindnet Encryption Engine itself, since blindnet API requires a JWT to authenticate the requests, and the token passed as argument is actually the JWT that you generate on your backend. Instead of passing the token on each SDK function call, the SDK maintains the state and uses the token in each call to our API. This is why when the token expires you need to refresh it.

blindnet.connect(blindnetSecret) is about logging your users to the blindnet encryption service. When this method is called, the SDK uses blindnetSecret (argument to the connect function) to initiate the user's private keys, and then stores them to be used later when decrypting documents.

Overview​

The blindnet encryption engine consists of client-side and server-side libraries for different languages and platforms.

Server-side libraries are used mainly for user authentication in blindnet by providing the api to generate the authentication tokens. Additionally, you can use it to delete users and encryption keys of your application.

Client-side libraries are used for encryption and decryption of the data shared between users of your application. Other functionalities are e.g. sharing the encrypted data with other users.

To integrate the blindnet encryption engine to your application, you need:

  1. Yto integrate both client-side and server-side SDKs.
  2. You need a way to authenticate the users in your application. Users in blindnet are identified by a unique identifier which is generated on your side. User's unique identifier is a part of the authentication token.
  3. You need to maintain the authenticated sessions with blindnet on the client-side for every user using the blindnet api. A session is identified by an authentication token generated by the server-side SDK and passed to the client-side. Tokens have an expiry time so make sure to generate new ones after they expire.