BSNk Polymorphic Decryption Keys
How to find out which key you received using MySignicat BSNk key retrieval.
When you have received BSNk key material from Support Technical Support or via the automatic Signicat Identity Broker endpoint, it is not directly clear which keys are for which purpose. There are three possible keys that are obtained from BSNk that are used in polymorphic decryption of pseudo ids and identifiers. These are:
  • The closing key (EC)
  • Pseudo Id key (EP)
  • Identity key (EI)

Steps to Follow

Here are steps to identify which keys you receive from BSNk:
1. From BSNk you will receive a Base64 encoded stream of keys. For each Base64 encoded string first save it in a file. Then base64 decode the contents using:
1
base64 -d {file} > out.p7
Copied!
The base64 decoded output is the p7 file which contains an encrypted key in binary format.
2. Have your private key ready. The file should begin with:
1
with the base64 encoded private key contents and end wi
Copied!
Let's name this file dv-private-key.pem.
3. Decrypt the encrypted key using:
1
openssl cms -decrypt -in out.p7 -inkey dv-private-key.pem -inform DER -out key-file.pem
Copied!
4. Open the output key-file.pem. The contents will look like:
1
-----BEGIN EC PRIVATE KEY-----
2
SchemeVersion: 1
3
SchemeKeyVersion: 1
4
Type: EP Closing
5
Recipient: OIN of the customer
6
RecipientKeySetVersion: Version identifying the recipient and their active key set.
7
8
Base64 encoded private key
9
-----END EC PRIVATE KEY-----
Copied!
Here in the metadata section you can see what type of key it is. The types are:
  • EP Closing --> closing key
  • EP Decryption --> Pseudo ID key
  • EI Decryption --> Identity key
Last modified 1mo ago
Copy link