Skip to main content

Glossary

Application ID​

A randomly generated UUID which identifies an application in blindnet.
Used as a parameter in the initialization method of the Server SDK.

Application key​

A secret value (private key) which proves the ownership of an application id. It is used to sign the tokens in the token generation methods. The corresponding public key is stored by blindnet and is used to verify token signatures.
Used as a parameter in the initialization method of the Server SDK.
For instructions on how to generate your application keys click here.

Asymmetric key encryption​

Type of encryption where different keys are used to encrypt and to decrypt the data.
A public key is used to encrypt the data while it's associated private key is used to decrypt the encrypted data.
In blindnet, it is used to encrypt a symmetric key for an other user, as a way to do a symmetric key exchange so two users can securely communicate.

Authentication token​

Every request made to the blindnet servers through blindnet devkit must be authenticated.
Authentication is done through authentication tokens which are generated using the Server SDK.
Authentication tokens are used as parameters in the initialization methods of the Client SDK. All tokens are signed by an application key and validated by blindnet with the corresponding public key.
We distinguish three types of tokens in blindnet: tokens for registered users, tokens for unregistered (temporary) users, and client tokens.

Registered user token​

A token which authenticates a user known to your system to blindnet. It contains information about user's id and application id.

Temp user token​

A token which authenticates an unregistered user (in your system) to blindnet. It is used for example when a user needs to upload a document using a form the user received by e-mail (no need to register an account in your system).

Client token​

A token used by the Server SDK for various user and data management functionalities to authenticate your server.

Blindnet endpoint​

URL of the blindnet api you should use in production. The URL is defined in the initialization methods of both Client and Server SDKs.
The default value is https://api.blindnet.io

Testing endpoint​

URL of the blindnet api you should use when testing. It must be manually set to https://test.blindnet.io

Client-side SDK​

A set of libraries for front-end applications. Client-side SDK is used for encryption and decryption of data shared between users of your application. Other functionalities are e.g. giving access to encrypted data to a user who doesn’t possess the encryption keys.

Server-side SDK​

A set of libraries for back-end applications. Server-side SDK is used mainly for user authentication in blindnet by providing the api to generate the authentication tokens. Additionally, you can use it to delete users and delete encryption keys of your application registered in blindnet.

Data​

Data is anything a user is encrypting. It is in a plain, unencrypted format. Data never leaves user's device until it is encrypted.
Depending on the Client SDK, multiple formats are supported - String, File, byte array. If the format of the provided data is not supporetd by the SDK, you should encode it to a byte array before encrypting, and decode it after decrypting.

Data key​

Every piece of data in blindnet is encrypted with a different symmetric key.
Only a user who encrypted the data and the users to whom it was encrypted have access to the data key.
The key is stored on the blindnet servers encrypted.

Digital signature​

An algorithm used to validate the authenticity and integrity of a message. In assymetric key encryption schemes, private key is used to sign a message while the associated public key is used to validate the signature. Signatures can't be forged and we can be sure the message was created by the owner of the private key.

Encrypted data​

When a data is encrypted from any method in the Client SDK, it can be safely transferred to your or blindnet server.
Only a user who encrypted the data and the users to whom it was encrypted can decrypt the data.
To obtain the orginal data, the encrypted data has to be decrypted.

Encrypted data key​

An encrypted key stored on the blindnet servers.
Only a user who created the key to encrypt the data and the users to whom it was encrypted have access can decrypt the data key.

Key pair​

A pair of private and public keys. Private keys are usually generated randomly while the public keys are calculated from the them.
Derivation of a public key from a private key is is fast (having linear complexity) while vice-versa, the derivation is should be impossible with current computing power. That's it's important to keep the private keys "private" while public keys can be safely distributed.

Metadata​

Additional data that can be encrypted alongside the data.
It is provided in a JSON serializable format.

Private key​

Every application and user in blindnet owns at least one private key (paired with a publicly available public key) which is stored locally on the app server or user's devices and encrypted on the blindnet servers.
In an asymmetric key encryption scheme, secret key is used to decrypt the data encrypted by it's associated public key.
The other usage is to sign the data which is later verified by private key's associated public key and thus prove the ownership of the key.

Public key​

Every application and user in blindnet owns at least one public key (paired with a private key) which is stored in the blindnet servers.
In an asymmetric key encryption scheme, public key is publicly available and used to encrypt the data for it's owner. Key owner is the only one who can decrypt the data using their private key.
The other usage of a public key is to verify a digital signature of a signed data made by the key owner using their private key.

Session​

A session is identified by a token. It is valid until the timestamp specified in the token.
For a registered user, token expires after 12 hours.
For an unregistered user, token expires after 30 minutes.
For a client (Server SDK), token expires after 24 hours.

Symmetric key encryption​

Type of encryption where a single secret key is used both to encrypt and to decrypt the data.
Two parties must share a key in order to securely communicate. Key sharing is usually done through asymmetric key encryption based protocols.

Secret value​

A value only known to a user of your application. It is used to encrypt user's keys before sending them to the blindnet server.
It can be any string value, e.g. the user's password or an answer to a question.
If the user's password is used as a secret value, make sure not to send the password to you server in plain text. Instead, you should hash it.

Secret derivation​

If a same secret value is used to log-in a user to your application as well as to connect the user to blindnet, the secret must be hashed and split into two values.
The first value is used as user's log-in password and sent to your server.
The second value is used to encrypt user's keys in blindnet.
This way, anyone having access to your server won't be able to decrypt user's keys.
To split the secret, use the provided Client SDK method.

User​

A user known to your application which can be authenticated to blindnet using a token.

Registered user​

A user identified by your application by e.g. a unique id or an email.
To authenticate a registered user in blindnet, generate a Registered user token which will be sent in every request from the SDK to blindnet.

Anonymous user​

A user which doesn't need to be identified in your application.
Currently, a (temp user) token for an anonymous user is used to encrypt the data.

User groups​

A logical grouping of users in your application.
When encrypting the data, a group can be specified. Any user belonging the specified group will be able to decrypt the data.
Currently, a user can belong only to a single group which is specified when registering the user to blindnet and it can't be changed afterwards.