Skip to content

Crypto actions (crypto‐lib)

Jump to bottom
Boriss Melikjan edited this page Sep 9, 2025 · 1 revision

High-level support for encryption/decryption.

Ability to query for recipients from ldap.sk.ee.

Decryption needs ID-card.

Searching for recipients

val recipientRepository: RecipientRepository = RecipientRepositoryImpl(configurationRepository, certificateService)
// search by personal code
val recipients: List<Addressee> =
    recipientRepository.find(context, "38102010020").first
// search by common name (CN), wildcards are automatically added
val recipients: List<Addressee> = recipientRepository.find(context, "ria").first

Parsing CDOC files

val containerPath = ContainerUtil.addCryptoContainer(context, files.first())
val container = CryptoContainer.openOrCreate(
    context,
    containerPath,
    files,
    cdoc2Settings,
    forceCreate,
)
val dataFiles = container.dataFiles
val recipients = container.recipients

Encrypting data files and creating a new CDOC container

try {
    val containerFile = File("path-to-container.cdoc")
    val dataFiles: List<File> = listOf(...)
    val recipients: List<Addressee> = listOf(...)
    val cryptoContainer =
        CryptoContainer.encrypt(
            context = context,
            file = containerFile,
            dataFiles = dataFiles,
            recipients = recipients,
            cdoc2Settings = cdoc2Settings,
            configurationRepository = configurationRepository,
        )
} catch (_: DataFilesEmptyException) {
    // no data files provided
} catch (_: RecipientsEmptyException) {
    // no recipients provided
} catch (_: Exception) {
    // something else failed
}

Decryption of an existing CDOC container

val containerFile = File("path-to-container.cdoc")
val recipients: List<Addressee> = listOf(...)
val pin1Code: ByteArray = ...
val authCert =
    card.certificate(CertificateType.AUTHENTICATION)
val smartToken: Token = ...
try {
    val decryptedContainer =
        CryptoContainer.decrypt(
            context,
            containerFile,
            recipients,
            authCert,
            pin1Code,
            smartToken,
            cdoc2Settings,
            configurationRepository,
        )
    if (pin1Code.isNotEmpty()) {
        Arrays.fill(pin1Code, 0.toByte())
    }
    val dataFiles = container.dataFiles
} catch (ex: SmartCardReaderException) {
    // provided TagLostException, PIN1 verification failed, 
    // ApduResponseException, PaceTunnelException
} catch (ex: Exception) {
    // something else failed
}

Example of implementing DecryptToken with Token of USB card reader

val token: Token =
    withContext(Main) {
        Token.create(smartCardReaderManager.connectedReader())
    }
};

Example of implementing DecryptToken with TokenWithPace of NFC reader

val card = TokenWithPace.create(nfcReader)
};

Clone this wiki locally