Encryption will make credential issuance and retrieval slower due to the encryption and decryption process.
Create an encrypted credential template
When creating a template, you can specify anencryption
parameter to determine the encryption modality you will use. The possible values for this parameter are:
crossmint-recoverable
: This option is ideal when users prioritize the convenience and security of having a fallback recovery mechanism. Crossmint will take care of encrypting the credential. The user will be required to prove ownership of the subject wallet to decrypt the credential. As a fallback mechanism, the key is also shared with the credential issuer.decentralized-lit
: This option is better suited for users who prioritize full decentralization and privacy. The credential is encrypted and decrypted using the Lit protocol. The user will be required to prove ownership of the subject wallet to decrypt the credential.none
: The certificate is not encrypted.
encryption
field part of the template creation request below is set to crossmint-recoverable
.
- The Crossmint API encrypts the certificate’s private data and sets an access rule that only the credential subject and issuer can decrypt the credential.
- Crossmint triggers a webhook to the issuer after a successful credential creation.
- Issuer receives via webhook the credential content and the encryption key.
- As a fallback a copy of the encryption key is sent to the issuer.
Encrypted credential object
An encrypted credential consists of a ‘credentialId’ and a base64 encoded encrypted payload.Retrieve an encrypted credential
You can leverage the standard retrieval Crossmint API endpoint to retrieve an encrypted credential:GET https://staging.crossmint.com/api/v1-alpha1/credentials/{credentialId}
Hitting the
GET credentials/{credentialId}
endpoint as the issuer will automatically decrypt the credential for
you and return both the clear and ciphertext.