BSNk Polymorphic Decryption Keys
How to find out which key you received using MySignicat BSNk key retrieval.
When you have received BSNk key material from our Technical Support or via the automatic Signicat Identity Broker endpoint, it is not directly clear which keys are for which purpose. There are three possible keys that are obtained from BSNk that are used in polymorphic decryption of pseudo IDs and identifiers. These are:
  • The closing key (EC)
  • Pseudo ID key (EP)
  • Identity key (EI)

Here are steps to identify which keys you have received from BSNk:
1. You will receive a Base64 encoded stream of keys from BSNk. For each Base64 encoded string first save it in a file. Then base64 decodes the contents using:
base64 -d {file} > out.p7
The base64 decoded output is the p7 file which contains an encrypted key in binary format.
2. Have your private key ready. The file should begin with
with the base64 encoded private key contents and end with
Let's name this file dv-private-key.pem.
3. Decrypt the encrypted key using:
openssl cms -decrypt -in out.p7 -inkey dv-private-key.pem -inform DER -out key-file.pempenssl cms -decrypt -in out.p7 -inkey dv-private-key.pem -inform DER -out key-file.pem
4. Open the output key-file.pem. The contents will look like:
SchemeVersion: 1
SchemeKeyVersion: 1
Type: EP Closing
Recipient: OIN of the customer
RecipientKeySetVersion: Version identifying the recipient and their active key set.
Base64 encoded private key
Here in the metadata section, you can see what type of key it is. The types are:
  • EP Closing --> closing key
  • EP Decryption --> Pseudo ID key
  • EI Decryption --> Identity key
Copy link