Sealing a message

For known recipient

Pre-requisites

  • Valid authentication certificate, see Background
  • Message in clear text that must be sealed
  • ETK for all recipients, which can be obtained from the ETK-Depot

Code example

TODO, currently see IDataSealer.Seal(EncryptionToken, Stream) in the API-documentation.

Post-Actions

  • Send the message to the recipient(s)

For unkown recipient

Pre-requisites

  • Valid authentication certificate, see Background
  • Message in clear text that must be sealed
  • Secret key, which can be obtained from the KGSS. This requires
    • The ETK for eHealth-KGSS, can be obtained from the ETK-Depot
    • The ETK for your own identity, can be obtained from the ETK-Depot
    • List of allowed and excluded recipients (based on the SAML-attributes provided by the STS of eHealth)

Code example

TODO, currently see IDataSealer.Seal(Stream, SecretKey) in the API-documentation.

Post-Actions

  • Send the key identifier to the recipient(s), there is not need to protect it.
  • Send the message to the recipients(s)

For both know and unknown recipients

Seal a message for both one or more known recipient(s) and one or more unknown recipient(s). A common senario is that you seal the message for unknown recipient(s) and yourself as known recipient. This way you can always safely get the clear message without being dependant on eHealht (if you keep a copy of your ETK).

Pre-requisites

  • Valid authentication certificate, see Background
  • Message in clear text that must be sealed
  • ETK for all recipients, which can be obtained from the ETK-Depot
  • Secret key, which can be obtained from the KGSS. This requires
    • The ETK for eHealth-KGSS, can be obtained from the ETK-Depot
    • The ETK for your own identity, can be obtained from the ETK-Depot
    • List of allowed and excluded recipients (based on the SAML-attributes provided by the STS of eHealth)

The ETK for you own identity can also be used as recipient and vica versa. There is not need to retrieve it 2 times from the ETK-Depot.

Code Example

TODO, currently see IDataSealer.Seal(List<EncryptionToken>, Stream, SecretKey) in the API-documentation.

Post-Actions

  • Send the message to all recipients
  • Send the secret key idenfitier to the unknown recipients

Last edited Jan 5, 2011 at 11:11 AM by egelke, version 1

Comments

No comments yet.