syn.crypt.user
Namespaces
Functions
encrypt
string syn.crypt.user.encrypt(data: string, mode: UserEncryptionMode, key?: string)
Encrypts data in a way that only the caller's Synapse X account can decrypt it. You can also pass a key to add a secondary key to the encryption if you wish.
Note: If the user resets their Synapse X password, the output of this function will not be decryptable anymore. The user simply changing their password when they know their current one will not cause this to happen, however.
The mode parameter controls how the encryption works.
UserEncryptionMode
| Mode | Note |
|---|---|
SynAccount | Ties the encrypted data to the users Synapse X account. The data is decryptable on other machines if the pre-conditions stated above are met. |
WindowsAccount | Ties the encrypted data to both the users Synapse X account and Windows account. The data is only decryptable if both the pre-conditions stated above are met and the user does not reset their Windows password. |
WindowsMachine | Ties the encrypted data to both the users Synapse X account and Windows machine. The data is only decryptable if both the pre-conditions stated above are met and the user does not reset their Windows PC. |
decrypt
string syn.crypt.user.decrypt(ciphertext: string, key?: string)
Decrypts ciphertext from the Per-User Encrypt function above. You do not need to pass the UserEncryptionMode you used to encrypt this data, but you need to pass the key you used to encrypt the data if one was specified. The function will error if decryption fails.
sign
string syn.crypt.user.sign(data: string)
Signs data in a way that only the caller's Synapse X account can produce this signature. Equivalent to syn.crypt.sign.detached.create with a user-unique key.
You can verify data was signed with this method from a web request. See the HTTP APIs for more information.
verify
bool syn.crypt.user.verify(data: string, signature: string)
Verifies data was signed by the syn.crypt.user.sign function from the caller's Synapse X account. If you want to verify data signed by another user, get their public key from the HTTP APIs.