Documentation 9.0

# Decode Cryptographs

Group of methods that allows to decode a cryptograph.

# Decoding unencrypted cryptographs

POST /v1/cryptograph/decode
1

This method decodes (decrypt/unpack) a cryptograph previously generated through the enrollment process and extracts any face and/or finger templates, along with any extra enrollment fields contained on it.

The caller must set the content-type header as application/json and send the proper cryptograph in the body of request.

Sample cryptograph encoded in base64 (actual size is reduced to keep readability):

Input sample:

{
  "cryptograph": "iVBORw0KGgoAAAANSUhEUgAAAk4AAAHuCAAAAABMxtxaAAAACXBIWXMAAFxGAABcRgEUlENBAAAAGmVYSWZJSSoACAAAAAEAKAEDAAEAAAABAAAAAAAAALgm5/8AACYESURBVHic7V3Lluu6jvOg/f8f7EH3up1TN5LwIF2HNQMGezsyRdEKixEMOfmf/72CYAr/cwXBGJJOwSCSTsEgkk7BIJJOwSD+Saf7CoJ/g+f//011Cgbx33T6T3bd8O8HtzjbscT2FWjjj9VZtPF9fa++vb9e71P5UZadsd567rxTvdg+SHUKBpF0CgaRdAoG8d90upd/Ebe18b2U/4f2vW07eqziuP87VifKi6wHlH29Wlst78PqbLtjop7uknMimedI66=="
}
1
2
3

Result sample:

{
    "face_template": "K3M3c3J3TUFBQUNrZk1zbU9FYUtRa3p6TFROa0FReXFBQUFBeUFCLzg1bXZzanhYQ0pHU1FzVFpmVW11OW9XQlRwdklrdmFQOEd6dzFMMGJwUkhPZG1DU0ZBUGYzNU9tamRzQzQ3eG5BeXR1TGFCZnd1YVZyZkNWQW1UYjc3SElueTFyL1Y5Z0VxYU1wTHhjL0tiQ3ExRVNueUI5SmxRU2oyb0Q1WnR2amdtZWtoUUM0TjlUV0EyYkFxTTlwbjFycm13Z2c9PQ==",
    "cryptograph_id": "BjvZkXYQFPjOO1Q=="
}
1
2
3
4

# Decoding encrypted cryptographs

As docummented in the Enroll API, you can encrypt a cryptograph by setting the proper JSON encryption section and parameters, along with the enrollment request.

In this case, in addition to the cryptograph, you must provide the same encryption data used in the enrollment request, e.g. provider and key, in the field parameters at the decode request.

Input sample:

{
  "cryptograph": "R6n50zNPSlFUSjZEUSnZEEWlZEMUlbZsaHbourcZVO8gtfDVNTo87fRWE9U0DKiCsotmnz+hYeR64HOzeF40YFxIZtZ4oFKBIjmsGzrqdWBffkitdyFCeNk+dHX2/zdQLY3u/fU+XTpuFEJ+qohC0CS/utYYsf7LU9KUVRKNkRRKdkQRaVkQxSVunff7rFlIqrzmfenVt9/4mHCIrxlUhvzv/L2B4ryF4b2In7y7O+Bt1eNPF+DVr8Op3ffQFS/pBb/bWrvf/JFa6wjUhIybvWRzI8ns3j7059LM/ru3Hmt2nz1JvHMI5n4nET1SZI8KUVRKdk==",
  "parameters": {
    "encryption": {
        "face_image": {
            "provider_id": "aes",
            "key_id": "00112233445566778899AABBCCDDEEFF0123456789ABCDEF0123456789ABCDEF"
        }
    }
  }
}
1
2
3
4
5
6
7
8
9
10
11

As the face_image we used in the enrollment is the same, the result of the above call will be the same as in the unencrypted decode call. The only perceptible difference is that the second cryptograph is different from the first, due to the encryption process and added payload.

# Errors returned from the Decode API

  • Sending a not signed cryptograph with the system default requiring digital signatures
  • Senging an invalid digital signature
  • Senging an digital signature with a non-existent key (e.g. never existed or depretated)
{
    "errors": [
        "Fail to decode cryptograph"
    ]
}
1
2
3
4
5