CPIX Document Encryption
The CPIX service supports encrypting the response document using an RSA key. When this option is used the token must be signed using the same RSA private key that will be used for decryption. During the key onboarding or key creation within the Verimatrix platform, select the RSA key type.
Enabling this option allows the maximum lifespan of the token to be extended to 1 year.
When used, set the audience for the token to "urn:verimatrix:cpix:2".
Document encryption uses the public key to over-encrypt the document key using the RSA-OEAP-PKCS algorithm. The document key is a 256-bit key and is used to decrypt the content keys.
Content keys are scrambled using AES-256-CBC. The first 128 bits of the content key value is the initialization vector used to initialize the cipher. The initialization vector is unencrypted. The remaining data is the content key encrypted with the document key.
Updated over 1 year ago