Decrypting data using a certificate

The web service allows you to decrypt data (e.g. from email) using a selected certificate from the HSM Remote Signing / Sealing service. This method is used by eToken, which is distributed within the Signer application and also separately.

Method name: Decrypt

Service description including WSDL schema, and an example request and response for SOAP 1.1 and SOAP 1.2 are located at https://localhost/secusign/default.asmx?op=Decrypt.

Localhost is the name used for the local computer; write the SDK server name/IP address instead (according to the settings in IIS).

Request in SOAP 1.1 interface

POST /secusign/default.asmx HTTP/1.1
Host: localhost
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://software602.com/secusign/Decrypt"

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <Decrypt xmlns="http://software602.com/secusign/">
      <CertificateID>string</CertificateID>
      <CertificatePIN>string</CertificatePIN>
      <EncryptedData>base64Binary</EncryptedData>
      <Params>string</Params>
    </Decrypt>
  </soap:Body>
</soap:Envelope>

Input parameters of the method

<CertificateID>

[mandatory element]

Input	Description
String	Certificate identification for data decryption. In the case of the SecuSign SDK in-house interface, it is possible to use the format: HStore:[alias] certificate alias from the HSM module of the Remote Signing / Sealing service.

Input

Description

String

Certificate identification for data decryption.

In the case of the SecuSign SDK in-house interface, it is possible to use the format:

HStore:[alias]
- certificate alias from the HSM module of the Remote Signing / Sealing service.

<CertificatePIN>

[mandatory element]

Input	Description
String	The PIN that was chosen by the applicant as the access password to the private part of the certificate. If an HStore alias is used, it must always be specified.

Input

Description

String

The PIN that was chosen by the applicant as the access password to the private part of the certificate.

If an HStore alias is used, it must always be specified.

<EncryptedData>

[mandatory element]

Input	Description
String	Base64 encoded data that has been encrypted using the selected certificate.

Input

Description

String

Base64 encoded data that has been encrypted using the selected certificate.

Response structure

HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <DecryptResponse xmlns="http://software602.com/secusign/">
      <DecryptResult>int</DecryptResult>
      <DecryptedData>base64Binary</DecryptedData>
      <StatusMessage>string</StatusMessage>
    </DecryptResponse>
  </soap:Body>
</soap:Envelope>

Output parameters of the method

<DecryptResult>

Return value	Description
int	Result of the Decrypt method (Decrypting data using a certificate). 0 = OK, otherwise see Return codes of all methods and error described in StatusMessage.

<DecryptedData>

Return value	Description
Base64Binary	Base64 encoded data that has been decrypted using the selected certificate.

Return value

Description

Base64Binary

Base64 encoded data that has been decrypted using the selected certificate.

<StatusMessage>

Return value	Description
String	Text statement corresponding to the overall result of decrypting data using a certificate. The value is only filled if the result is complicated.

Return value

Description

String

Text statement corresponding to the overall result of decrypting data using a certificate. The value is only filled if the result is complicated.