> ## Documentation Index
> Fetch the complete documentation index at: https://docs.crossmint.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Decrypt Credentials

> Decrypt credentials you care about

As a credential issuer you can use the [retrieval endpoints](/minting/verifiable-credentials/integrate/retrieve-credentials) and Crossmint will autodecrypt the credential for you.

As a verifier, however, working with [encryption modalities](/minting/verifiable-credentials/integrate/encrypt-credentials) to decrypt credentials requires deep understanding of their APIs, managing cryptographic operations securely, and handling user signature interactions.

The Verifiable Credentials SDK encapsulates all this functionality for verifiers, ensuring secure and seamless decryption.

* Upon a verifier's request, the SDK prompts the credential subject to sign a message proving they are the credential subject, and approving the credential's decryption.
* Once the subject approves, Crossmint decrypts the credential for the verifier to verify.

If the credentials are encrypted using the Lit protocol, in order to decrypt them, the SDK provides a `Lit.decrypt(encryptedCredential)` function.

If the credentials are encrypted using Crossmint, the SDK provides a `CrossmintMetamaskDecrypt().decrypt(encryptedCredential)` function that decrypts the credential, assuming the user has a Metamask wallet. For the support of additional wallets during decryption, review our SDK reference.

A Crossmint API key (`credentials.decrypt`) is needed when:

* Crossmint has encrypted the data (`crossmint-recoverable` encryption modality)
* Data is encrypted via Lit but the verifier wants to delegate Lit network billing to Crossmint

<Warning>Decryption will not work server-side when using Lit.</Warning>

In both cases, the user will be prompted to sign a message with their wallet to authenticate the decryption, then the credential will be decrypted.

<CodeGroup>
  ```typescript decrypt.ts theme={null}
  import * as sdk from '@crossmint/client-sdk-verifiable-credentials';

  sdk.CrossmintAPI.init('YOUR_API_KEY');

  const encryptedCredential = <encryptedCredentialObject>;

  if (collection.metadata.credentialMetadata.encryption.type==VerifiableCredentialEncryptionType.DECENTRALIZED_LIT){
    const decryptedData = await new sdk.Lit("staging").decrypt(encryptedCredential);
  }else if (collection.metadata.credentialMetadata.encryption.type==VerifiableCredentialEncryptionType.CROSSMINT_RECOVERABLE){
    const decryptedData = await new sdk.CrossmintMetamaskDecrypt().decrypt(encryptedCredential);
  } else {
    throw new Error("Not supported")
  }

  console.log("Decrypted credential:", decryptedData);

  ```

  ```json Response theme={null}
  {
    "unencryptedCredential": {
      "id": "urn:uuid:4c9c41af-8410-4265-9fe4-3674d74e80d9",
      "credentialSubject": {
        "course": "Blockchain 101",
        "grade": "A",
        "id": "did:polygon-amoy:0xbFB0d0F9d49d80062103199c5aD309CE7a808039"
      },
      "validUntil": "2034-02-02",
      "nft": {
        "tokenId": "1",
        "chain": "polygon-amoy",
        "contractAddress": "0x288AAbb7D72A041Ea10719d2d676B65D2E9689F5"
      },
      "issuer": { "id": "did:polygon-amoy:0xB658f974Fe3744A6F9344810BC88e021E31B4d3e" },
      "type": [
        "VerifiableCredential",
        "crossmint:5fe6040e-07a1-48bb-97a3-b588a7e927d2:courseCompletionQuickstart"
      ],
      "validFrom": "2024-09-14T13:59:34.918Z",
      "@context": [
        "https://www.w3.org/2018/credentials/v1"
      ],
      "proof": {
        "verificationMethod": "did:polygon-amoy:0xB658f974Fe3744A6F9344810BC88e021E31B4d3e#evmAddress",
        "created": "2024-09-14T13:59:34.918Z",
        "proofPurpose": "assertionMethod",
        "type": "EthereumEip712Signature2021",
        "proofValue": "0x80587c5e9a801f4eed5bca95c48083277fc2ffe2fc1254f230f1b8c11cab59f63afaaa29bf29007129068243feb0069c46a8e583a64e64ff2517a2e3babd18101b",
        "eip712": {
          "domain": {
            "name": "Crossmint",
            "version": "0.1",
            "chainId": 4,
            "verifyingContract": "0xD8393a735e8b7B6E199db9A537cf27C61Aa74954"
          },
          "types": {
            "VerifiableCredential": [
              { "name": "@context", "type": "string[]" },
              { "name": "type", "type": "string[]" },
              { "name": "id", "type": "string" },
              { "name": "issuer", "type": "Issuer" },
              { "name": "credentialSubject", "type": "CredentialSubject" },
              { "name": "validFrom", "type": "string" },
              { "name": "validUntil", "type": "string" },
              { "name": "nft", "type": "Nft" }
            ],
            "CredentialSubject": [
              { "name": "id", "type": "string" },
              { "name": "course", "type": "string" },
              { "name": "grade", "type": "string" }
            ],
            "Issuer": [
              { "name": "id", "type": "string" }
            ],
            "Nft": [
              { "name": "tokenId", "type": "string" },
              { "name": "contractAddress", "type": "string" },
              { "name": "chain", "type": "string" }
            ]
          },
          "primaryType": "VerifiableCredential"
        }
      }
    }
  }
  ```
</CodeGroup>

The decrypted credential content can now be reviewed and verified by the verifier.