.. _ChapterEncryptedEndpoints: ******************* Encrypted Endpoints ******************* Description =========== Face analyzer rest server includes an encrypted version of the /autocaptureVideo endpoint, which is called /autocaptureVideoEncrypted. Client software encrypts server packages using an asymmetric RSA public key. The rest server must then be started using a matching RSA private key. Decryption Key File Format ========================== Face analyzer rest server supports decryption of incoming server packages using asymmetric RSA public/private key format. A bit length of 2048 or higher is recommended for security. The private key used by the server for decryption is PEM encoded in PKCS#8 format. Example ======= If eg_rsa_private_key.txt has a 2048-bit asymmetric RSA private key as follows: .. code-block:: JAVA :caption: *Example RSA private key* :name: ExampleRSAPrivateKey -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAl+XiWKgeRRmpv9o/ZbSUVg8NmPHYQdrm5LNtRvM4wSyD6ELQ dh5sPrB6D3q+1O9QeMTUa60Ph6h6UsCZO40DforJmp33mT8EhJ0DfyqcEOVVgcot gr+aLlqfhOeRYYOJoNFuspUvLV+F4hZvFACpEPyy+wxbRKQScJ9ojcHMjI+E0kSY qNAaQZma/IBzNasTCAN25SzXwVR5etD6bsA1OHmunx9zMORWyC9XQhOXwSXD5xfQ ZMgB0CiZjjmv4TRQPAES388QfI7uiKH67l+3QI1PhWeYa7Niqc7DyfJwqrc//HeI hXejFVEbIq2d7Y9OVjsn92OSy7S4Z9FnFwcVcQIDAQABAoIBAH2kgDo3LXqYxKlV 3HTDDqO0pdmpyeiHKc9ofu5eBsb6jE1U3tulRIICNaSSMkEthpGutcovBxZ+DFhg yR7SAF7ua94B5ikTUChlO9w3IYp0N+s4kbaByAWpniMv7DgNtoyYT4lWDwTn63Vc exq/hRjw/RbdXK0FTd9sa+49rHVifo+yhj0BMsrDuqDu9Iy9QZ6gyQESaoa1QcIq 42dS8Xog4q2gp62AiFQ/e/I9cGIDGoWJBCTjRFQR/ya5KK19MQu06GHIivUkSi4f Sb6WgTZYlRmvRyO5DmUXzDFi9byIhu24DR7ul70cB19KCgiKvX1KBtZev8VDgXr5 CL2zx6UCgYEA96YQXfiHUXVc6XMpOfMP1TFf60CUh6BedONDj+Xi9JV+hZ0V3YmD +lkbWZF1XlWB9DV+T+eiRwfh1/4EwbFVDTmM2xAT/klcMnP+dRf/IGGU+04HKbDm WQ3Hp7PxgDuheTPv/EZFBsP4+fsIH8LCpuJLtLFGMUS2ylS7MTbkA+cCgYEAnQU1 0i7HNKZLWtpArSVpvmTUjpOGqFk3TI9yEzq9Kg7m3mGUq0vOjko7/A6nlzmwJz7F OCG5KL99tw/W3J3K8+AxVov0TcjolfV97YsUx9RXOr8u+Zpom+zDGG9DIO+erH4B H6nRbu57B+0MVk1YZq3vKCp8T65aMtwU8QOJ8OcCgYEAsyW1d1UfBqVg9hvxudME JBRYsAUCrW4shmAU8ta5LHeslBmDxMQC7iphp5SbFAfFP5Um78S/1qR0EtzWMgwH W87C/4GNBQmqoXDZpXkbfSA6NuVGNzmaGNfoE4APdtUsRVJ2C8gFjRRdWvDm+prY VwMjAu6uuVtc49cRp1Nu9QcCgYEAnHbpp7R3Sm5+3lxnYGHMmi1tZVl6MF0eboru GF1KzBMnWOeRtpOGk2FDnqqXs2iHsMOq0IFCOWl/gyAkcZhG+Xcokt5JJg2SPoPu 5PrXTTy5Y0/JJm4H2YA29C1CjhpYWfgBdKTKjijTrhU3WvQdp8ugabzUPK43MUD/ GR72oHcCgYAwn9mOT1SzD8Q09DUKy8+ddZLNeAk/E7Fs8SeBfara2TXLL3PEgkeR SpAR6HoM7D/iij2oTpHchC5CnTTZZ1TKfmWnmqc8QnjYvyIa3we0GJ1N10QPlBbb kxZg3tPCJa4z36xRuV1gx1GZscgk/XeTMntZ2jjtjlFSP45liAhNCg== -----END RSA PRIVATE KEY----- Then the server can use this by setting the "endpoint-decryption-key" parameter. A line which does this can be copied and pasted into the config file used to start the server. The config file might then look like as follows: .. code-block:: JSON :caption: *Sample config file for setting endpoint decryption key* :name: SampleConfigFileForSettingEndpointDecryptionKey preface-classifier-path=FaceModelStandard.dat host=0.0.0.0 port=8080 log-config=preface_log_config.ini endpoint-decryption-key=eg_rsa_private_key.txt After starting the rest server with this new config line, the endpoint /autocaptureVideoEncrypted can receive encrypted packages from the client.