Encrypted Endpoints

Description

The Knomi Document Analyzer REST server includes an encrypted version of the /autocaptureDocument endpoint, which is called /autocaptureDocumentEncrypted. Client software encrypts server packages using an asymmetric RSA public key. The rest server must then be started using a matching RSA private key.

Decryption Key File Format

The Knomi Document Analyzer REST server supports decryption of incoming server packages using asymmetric RSA public/private key format. A bit length of 2048 or higher is recommended for security. The private key used by the server for decryption is PEM encoded in PKCS#8 format.

Example

If eg_rsa_private_key.txt has a 2048-bit asymmetric RSA private key as follows:

Example RSA private key
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAl+XiWKgeRRmpv9o/ZbSUVg8NmPHYQdrm5LNtRvM4wSyD6ELQ
dh5sPrB6D3q+1O9QeMTUa60Ph6h6UsCZO40DforJmp33mT8EhJ0DfyqcEOVVgcot
gr+aLlqfhOeRYYOJoNFuspUvLV+F4hZvFACpEPyy+wxbRKQScJ9ojcHMjI+E0kSY
qNAaQZma/IBzNasTCAN25SzXwVR5etD6bsA1OHmunx9zMORWyC9XQhOXwSXD5xfQ
ZMgB0CiZjjmv4TRQPAES388QfI7uiKH67l+3QI1PhWeYa7Niqc7DyfJwqrc//HeI
hXejFVEbIq2d7Y9OVjsn92OSy7S4Z9FnFwcVcQIDAQABAoIBAH2kgDo3LXqYxKlV
3HTDDqO0pdmpyeiHKc9ofu5eBsb6jE1U3tulRIICNaSSMkEthpGutcovBxZ+DFhg
yR7SAF7ua94B5ikTUChlO9w3IYp0N+s4kbaByAWpniMv7DgNtoyYT4lWDwTn63Vc
exq/hRjw/RbdXK0FTd9sa+49rHVifo+yhj0BMsrDuqDu9Iy9QZ6gyQESaoa1QcIq
42dS8Xog4q2gp62AiFQ/e/I9cGIDGoWJBCTjRFQR/ya5KK19MQu06GHIivUkSi4f
Sb6WgTZYlRmvRyO5DmUXzDFi9byIhu24DR7ul70cB19KCgiKvX1KBtZev8VDgXr5
CL2zx6UCgYEA96YQXfiHUXVc6XMpOfMP1TFf60CUh6BedONDj+Xi9JV+hZ0V3YmD
+lkbWZF1XlWB9DV+T+eiRwfh1/4EwbFVDTmM2xAT/klcMnP+dRf/IGGU+04HKbDm
WQ3Hp7PxgDuheTPv/EZFBsP4+fsIH8LCpuJLtLFGMUS2ylS7MTbkA+cCgYEAnQU1
0i7HNKZLWtpArSVpvmTUjpOGqFk3TI9yEzq9Kg7m3mGUq0vOjko7/A6nlzmwJz7F
OCG5KL99tw/W3J3K8+AxVov0TcjolfV97YsUx9RXOr8u+Zpom+zDGG9DIO+erH4B
H6nRbu57B+0MVk1YZq3vKCp8T65aMtwU8QOJ8OcCgYEAsyW1d1UfBqVg9hvxudME
JBRYsAUCrW4shmAU8ta5LHeslBmDxMQC7iphp5SbFAfFP5Um78S/1qR0EtzWMgwH
W87C/4GNBQmqoXDZpXkbfSA6NuVGNzmaGNfoE4APdtUsRVJ2C8gFjRRdWvDm+prY
VwMjAu6uuVtc49cRp1Nu9QcCgYEAnHbpp7R3Sm5+3lxnYGHMmi1tZVl6MF0eboru
GF1KzBMnWOeRtpOGk2FDnqqXs2iHsMOq0IFCOWl/gyAkcZhG+Xcokt5JJg2SPoPu
5PrXTTy5Y0/JJm4H2YA29C1CjhpYWfgBdKTKjijTrhU3WvQdp8ugabzUPK43MUD/
GR72oHcCgYAwn9mOT1SzD8Q09DUKy8+ddZLNeAk/E7Fs8SeBfara2TXLL3PEgkeR
SpAR6HoM7D/iij2oTpHchC5CnTTZZ1TKfmWnmqc8QnjYvyIa3we0GJ1N10QPlBbb
kxZg3tPCJa4z36xRuV1gx1GZscgk/XeTMntZ2jjtjlFSP45liAhNCg==
-----END RSA PRIVATE KEY-----

Then the server can use this by setting the “endpoint-decryption-key” parameter. A line which does this can be copied and pasted into the config file used to start the server. The config file might then look like as follows:

Sample config file for setting endpoint decryption key
host=0.0.0.0
port=8088
log-config=preface_log_config.ini
endpoint-decryption-key=eg_rsa_private_key.txt

After starting the rest server with this new config line, the endpoint /autocaptureDocumentEncrypted can receive encrypted packages from the client.