BSNk Polymorhic Decryption Keys
How to find out which key you received using MyConnectis BSNk Key retrieval
When you have received BSNk key material from Connectis Technical Support or via the automatic Connectis Identity Broker endpoint, it is not directly clear which keys are for which purpose. There are three possible keys that are obtained from BSNk that are used in polymorphic decryption of pseudo ids and identifiers. These are:
    The closing key (EC)
    Pseudo Id key (EP)
    Identity key (EI)
Here are steps to identify which keys you receive from BSNk:
1.From BSNk you will receive a Base64 encoded stream of keys. For each Base64 encoded string first save it in a file. Then base64 decode the contents using:
1
base64 -d {file} > out.p7
Copied!
The base64 decoded output is the p7 file which contains an encrypted key in binary format.
2. Have your private key ready. The file should begin with
1
-----BEGIN RSA PRIVATE KEY-----
Copied!
with the base64 encoded private key contents and end with
1
-----END RSA PRIVATE KEY-----
Copied!
Let's name this file dv-private-key.pem.
3. Decrypt the encrypted key using
1
openssl cms -decrypt -in out.p7 -inkey dv-private-key.pem -inform DER -out key-file.pem
Copied!
4. Open the output key-file.pem. The contents will look like
1
-----BEGIN EC PRIVATE KEY-----
2
SchemeVersion: 1
3
SchemeKeyVersion: 1
4
Type: EP Closing
5
Recipient: OIN of the customer
6
RecipientKeySetVersion: Version identifying the recipient and their active key set.
7
8
Base64 encoded private key
9
-----END EC PRIVATE KEY-----
Copied!
Here in the metadata section you can see what type of key it is. The types are
    EP Closing --> closing key
    EP Decryption --> Pseudo Id key
    EI Decryption --> Identity key
Last modified 2yr ago
Copy link