Decryption operations

Fayda’s responses are almost always encrypted, especially those that contain private or uniquely identifying data (like identity data).

The Identity block

In the response from Fayda, after performing a request, you will usually find a response JSON with different parameters. Some of the parameters are metadata and don’t need to be encrypted, for example, the transactionID or responseTime. Others need to be encrypted because they contain identity data. The part of the response that contains identity data we refer to as the identity block. The identity block is always encrypted and the integrating partner has to go through some decryption activities to retrieve KYC data.

Shown above is a typical response from Fayda after making an eKYC request. The identity block contains private information and is encrypted.

The identity block is encrypted using a symmetric encryption method, the key used for the encryption of the identity block is itself encrypted using the client’s (integration partner’s) public key and attached to the identity block and a separator byte sequence is included.

Conceptually the identity parameter looks like this:

"identity": "<symmetric key encrypted using partner's public key>
             <separator bytes>
             <identity data encrypted using symmetric key>"

The separator byte sequence is #KEY_SPLITTER#

The task of decrypting should look similar to this:

Retrieve the data in the response.identity parameter.
Separate the data in two using the byte sequence of #KEY_SPLITTER#
The first part of the separated data is the session key, decrypt it using the partner’s private key. (from the p12 file)
The second part of the separated data is the identity information, decrypt it using the session key from step 3

The implementation of this logic is the responsibility of our integration partner, support will be given through the technical portal.