Skip to content

Function: ztdfEncrypt(encryptParams: ZtdfEncryptParameters)

The ztdfEncrypt function performs symmetric encryption of data using the Zero Trust Data Format (ZTDF).

Description

This function takes a ZtdfEncryptParameters object as input, which contains the encryption parameters.

Encrypt schema

Parameters

sdsdkEncryptParameters: object containing encryption parameters.

data

  • Type: Uint8Array
  • Max Length: 10Mo
  • Description: Data to be encrypted.

mimeType

  • Type: string
  • Description: MIME type of the data.

dataAttributes

  • Type: array
  • Description: Array of attributes related to the data to be encrypted. Can be an empty array.

Data attributes are used during the decryption process to enforce Attribute-Based Access Control (ABAC). These attributes enable granular authorization decisions by verifying that the requesting user or system meets the defined security policies before granting access to encrypted data.

kas.baseKasUrl

  • Type: string
  • Description: Base URL of the KAS.

kas.tenantId

  • Type: string
  • Description: Tenant ID of the KAS.

kas.keyAccessProtocol

  • Type: string
  • Description: Key access protocol (currently only "symmetric_kas" is supported).

kas.authentication.mode

  • Type: string
  • Description: Authentication mode ("basic" or "bearer").

kas.authentication.value

  • Type: string
  • Description: Authentication value (API key or JWT value).

Return

Promise containing an SdsdkZtdf object representing the encrypted ZTDF container.

Example

javascript
const { ztdfEncrypt, ztdfDecrypt } = require('sdsdk');

const encryptParams = {
  data: new TextEncoder().encode('Data to be encrypted'),
  mimeType: 'application/octet-stream',
  dataAttributes: [{ attribute: 'value' }],
  kas: {
    baseKasUrl: 'https://kmaas.com',
    tenantId: '1234567890',
    keyAccessProtocol: 'symmetric_kas',
    authentication: {
      mode: 'basic',
      value: 'API key or JWT value',
    },
  },
};

ztdfEncrypt(encryptParams).then((result) => {
  console.log(result.manifest);
  console.log(result.payload);
});