Encrypted Containers

Encrypted Containers are a secure way to encrypt data and share it with specific Keeta accounts. They provide end-to-end encryption with built-in access control.

What Are They For

Encrypted Containers solve a common problem in blockchain systems: how to share private data securely. Use cases include:

KYC documents: Share identity verification documents with compliant anchors
Private transaction details: Share sensitive payment information
Confidential certificates: Distribute verifiable credentials
Secure messaging: Send encrypted data between accounts

How Are They Constructed

An Encrypted Container:

Encrypts plaintext for each authorized recipient using their public key
Optionally signs the container to prove authenticity
Serializes to ASN.1 format for compact, standardized encoding

Advantages of the SDK

The Encrypted Container implementation in the Anchor SDK:

Handles cryptographic complexity: You don't need to understand ASN.1, key derivation, or cipher modes
Manages access control: Automatically encrypts keys for each recipient
Provides verification: Built-in signature support for authenticity
Optimizes size: Automatic compression for large payloads
Ensures compatibility: Standard encoding works across different implementations

https://github.com/KeetaNetwork/keetanet-examples/blob/main/src/anchor/encrypted-container.ts

#! /usr/bin/env ts-node

/*
 * Description: Example of using the Keeta Anchor Client to create an encrypted container
 * Encrypted containers can only be decrypted by the specified recipient(s)
 */
import * as KeetaAnchor from '@keetanetwork/anchor';
import * as KeetaNet from '@keetanetwork/keetanet-client';

async function main() {
	// Create accounts
	const seed1 = KeetaNet.lib.Account.generateRandomSeed({ asString: true });
	const sender = KeetaNet.lib.Account.fromSeed(seed1, 0);

	const seed2 = KeetaNet.lib.Account.generateRandomSeed({ asString: true });
	const recipient = KeetaNet.lib.Account.fromSeed(seed2, 0);

	// Create sensitive data
	const privateData = 'sensitive information that only the recipient should see';

	const plaintext = Buffer.from(JSON.stringify(privateData), 'utf-8');

	// Create an encrypted container that only the recipient can decrypt
	const container = KeetaAnchor.lib.EncryptedContainer.fromPlaintext(
		plaintext,
		[recipient],  // List of accounts that can decrypt
		{
			signer: sender,  // Optionally sign to prove authenticity
			locked: false    // Set to true to prevent adding more recipients later
		}
	);

	// Serialize the container for transmission
	const encodedContainer = await container.getEncodedBuffer();
	console.log('Encrypted container size:', encodedContainer.byteLength, 'bytes');

	// The recipient can decrypt the container
	const receivedContainer = KeetaAnchor.lib.EncryptedContainer.fromEncodedBuffer(
		encodedContainer,
		[recipient]  // Provide the recipient's account (with private key)
	);

	// Extract the plaintext
	const decryptedData = await receivedContainer.getPlaintext();
	const parsed = Buffer.from(decryptedData).toString('utf-8');

	console.log('Decrypted data:', parsed);

	// Verify the signature if it was signed
	if (receivedContainer.isSigned) {
		const signerPublicKey = receivedContainer.getSigningAccount()?.publicKeyString.get();
		console.log('Signed by:', signerPublicKey);
		console.log('Signature valid:', await receivedContainer.verifySignature());
	}
}

main().then(function() {
	process.exit(0);
}, function(err: unknown) {
	console.error(err);
	process.exit(1);
});

PreviousAnchor Resolver NextAnchor Types

Last updated 20 days ago

#! /usr/bin/env ts-node

/*
 * Description: Example of using the Keeta Anchor Client to create an encrypted container
 * Encrypted containers can only be decrypted by the specified recipient(s)
 */
import * as KeetaAnchor from '@keetanetwork/anchor';
import * as KeetaNet from '@keetanetwork/keetanet-client';

async function main() {
	// Create accounts
	const seed1 = KeetaNet.lib.Account.generateRandomSeed({ asString: true });
	const sender = KeetaNet.lib.Account.fromSeed(seed1, 0);

	const seed2 = KeetaNet.lib.Account.generateRandomSeed({ asString: true });
	const recipient = KeetaNet.lib.Account.fromSeed(seed2, 0);

	// Create sensitive data
	const privateData = 'sensitive information that only the recipient should see';

	const plaintext = Buffer.from(JSON.stringify(privateData), 'utf-8');

	// Create an encrypted container that only the recipient can decrypt
	const container = KeetaAnchor.lib.EncryptedContainer.fromPlaintext(
		plaintext,
		[recipient],  // List of accounts that can decrypt
		{
			signer: sender,  // Optionally sign to prove authenticity
			locked: false    // Set to true to prevent adding more recipients later
		}
	);

	// Serialize the container for transmission
	const encodedContainer = await container.getEncodedBuffer();
	console.log('Encrypted container size:', encodedContainer.byteLength, 'bytes');

	// The recipient can decrypt the container
	const receivedContainer = KeetaAnchor.lib.EncryptedContainer.fromEncodedBuffer(
		encodedContainer,
		[recipient]  // Provide the recipient's account (with private key)
	);

	// Extract the plaintext
	const decryptedData = await receivedContainer.getPlaintext();
	const parsed = Buffer.from(decryptedData).toString('utf-8');

	console.log('Decrypted data:', parsed);

	// Verify the signature if it was signed
	if (receivedContainer.isSigned) {
		const signerPublicKey = receivedContainer.getSigningAccount()?.publicKeyString.get();
		console.log('Signed by:', signerPublicKey);
		console.log('Signature valid:', await receivedContainer.verifySignature());
	}
}

main().then(function() {
	process.exit(0);
}, function(err: unknown) {
	console.error(err);
	process.exit(1);
});

What Are They For

How Are They Constructed

Advantages of the SDK

Example: Creating and Sharing an Encrypted Container