Decrypt & Verify API

This endpoint authenticates a user via AWS Cognito and requests Crittora to decrypt data and verify its digital signature in one call. It's ideal for verifying authenticity and integrity of encrypted payloads.

Purpose

The Decrypt & Verify API provides a secure way to both decrypt encrypted data and verify its digital signature in a single operation. This endpoint authenticates users through AWS Cognito and leverages Crittora's combined decryption and signature verification capabilities. It's perfect for scenarios where you need to ensure both data confidentiality and authenticity.

Request Body

{
  "encrypted_data": "base64_encoded_signed_encrypted_string"
}

Response

On success (HTTP 200), the response contains both the decrypted content and signature verification result.

Example Response:

{
  "statusCode": 200,
  "body": {
    "decrypted_data": "sensitive information to encrypt",
    "is_valid_signature": true,
    "signed_by": "Rockville Insurance Group",
    "signed_timestamp": "2025-10-19T17:28:27.659100+00:00"
  }
}

Additional metadata may include the original signature, public key, or timestamps depending on Crittora's payload.

Status Codes

HTTP status codes returned by the decrypt-verify endpoint.

Code Examples

cURL Example:

curl -X POST https://managed.crittoraapis.com/v1/decrypt-verify \
  -H "Content-Type: application/json" \
  -H "username: your_cognito_username" \
  -H "password: your_cognito_password" \
  -H "api_key: your_crittora_api_key" \
  -H "access_key: your_crittora_access_key" \
  -H "secret_key: your_crittora_secret_key" \
  -d '{
    "encrypted_data": "eyJkYXRhIjoiZW5jcnlwdGVkX2Jhc2U2NF9zdHJpbmciLCJhbGdvcml0aG0iOiJBQ0VTLTI1Ni1HQ00ifQ=="
  }'

JavaScript Example:

// Using fetch API
const decryptAndVerify = async (encryptedData) => {
  const response = await fetch('https://managed.crittoraapis.com/v1/decrypt-verify', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'username': 'your_cognito_username',
      'password': 'your_cognito_password',
      'api_key': 'your_crittora_api_key',
      'access_key': 'your_crittora_access_key',
      'secret_key': 'your_crittora_secret_key'
    },
    body: JSON.stringify({ encrypted_data: encryptedData })
  });
  
  return await response.json();
};

Python Example:

import requests

def decrypt_and_verify(encrypted_data):
    url = "https://managed.crittoraapis.com/v1/decrypt-verify"
    headers = {
        "Content-Type": "application/json",
        "username": "your_cognito_username",
        "password": "your_cognito_password",
        "api_key": "your_crittora_api_key",
        "access_key": "your_crittora_access_key",
        "secret_key": "your_crittora_secret_key"
    }
    
    payload = {"encrypted_data": encrypted_data}
    response = requests.post(url, headers=headers, json=payload)
    return response.json()

Flow Summary

1. Client sends credentials and encrypted data payload.
2. Lambda authenticates with AWS Cognito.
3. Lambda invokes Crittora's /decrypt-verify endpoint with requested_actions: ['d', 'v'].
4. Crittora:
   • Decrypts the content
   • Verifies the digital signature against stored public key
5. The decrypted data and the signature validation result are returned to the client.