As a credential issuer you can use the retrieval endpoints and Crossmint will autodecrypt the credential for you. As a verifier, however, working with encryption modalities to decrypt credentials requires deep understanding of their APIs, managing cryptographic operations securely, and handling user signature interactions. The Verifiable Credentials SDK encapsulates all this functionality for verifiers, ensuring secure and seamless decryption.
  • Upon a verifier’s request, the SDK prompts the credential subject to sign a message proving they are the credential subject, and approving the credential’s decryption.
  • Once the subject approves, Crossmint decrypts the credential for the verifier to verify.
If the credentials are encrypted using the Lit protocol, in order to decrypt them, the SDK provides a Lit.decrypt(encryptedCredential) function. If the credentials are encrypted using Crossmint, the SDK provides a CrossmintMetamaskDecrypt().decrypt(encryptedCredential) function that decrypts the credential, assuming the user has a Metamask wallet. For the support of additional wallets during decryption, review our SDK reference. A Crossmint API key (credentials.decrypt) is needed when:
  • Crossmint has encrypted the data (crossmint-recoverable encryption modality)
  • Data is encrypted via Lit but the verifier wants to delegate Lit network billing to Crossmint
Decryption will not work server-side when using Lit.
In both cases, the user will be prompted to sign a message with their wallet to authenticate the decryption, then the credential will be decrypted. 
import * as sdk from '@crossmint/client-sdk-verifiable-credentials';

sdk.CrossmintAPI.init('YOUR_API_KEY');

const encryptedCredential = <encryptedCredentialObject>;

if (collection.metadata.credentialMetadata.encryption.type==VerifiableCredentialEncryptionType.DECENTRALIZED_LIT){
  const decryptedData = await new sdk.Lit("staging").decrypt(encryptedCredential);
}else if (collection.metadata.credentialMetadata.encryption.type==VerifiableCredentialEncryptionType.CROSSMINT_RECOVERABLE){
  const decryptedData = await new sdk.CrossmintMetamaskDecrypt().decrypt(encryptedCredential);
} else {
  throw new Error("Not supported")
}

console.log("Decrypted credential:", decryptedData);
The decrypted credential content can now be reviewed and verified by the verifier.