Cryptography and Account Linking

Pared with the CIB the Connectis Android SDK can encrypt and decrypt user information.

How it works

The CIB will generate a public/private keypair unique to the user, and using the keypair can encrypt information for the user.

Important: The encrypted/decrypted result will be retuned and not stored anywhere. It is the task of the implementer to store the information.

The encryption and decryption parts are done on the mobile device, so no sensitive information will ever reach the CIB.

API and Usage

Two new methods have been added to the Conenctis SDK:

Encrypt

fun encrypt(delegate: EncryptDecryptDelegate, dataToEncrypt: String)

In dataToEncrypt you send the data that you want to encrypt as a string, and the delegate represents an interface that you must implement.

interface EncryptDecryptDelegate {
fun onError(errorMessage : String)
fun onSuccess(text: String)
}

The onSuccess method will be called when the text was encrypted successfully, the actual encrypted text will be found in the text variable.

The onError method will be called in case something went

‚Äč

Decrypt

fun decrypt(delegate: EncryptDecryptDelegate, dataToDecrypt: String)

In dataToDecrypt you send the data that you want to decrypt back as a string, and the delegate represents an interface that you must implement.

interface EncryptDecryptDelegate {
fun onError(errorMessage : String)
fun onSuccess(text: String)
}

The onSuccess method will be called when the text was decrypted successfully, the actual decrypted text will be found in the text variable.

The onError method will be called in case something went

The crypto keys are unique to an account, in case you want to use the keys for multiple accounts you can "link the accounts" to have a shared public private crypto key.

To do this a new API method was added:

fun linkWithAnotherSubject(
sdkConfiguration: ConnectisSDKConfiguration,
caller: Context,
delegate: LinkSubjectResponseDelegate
)

Calling this method will trigger a new login flow to the CIB, and the LinkSubjectResponseDelegate implementation will be called when the account linking is finished.

interface LinkSubjectResponseDelegate {
fun onSuccess(authenticationResponse: AuthenticationResponse)
fun onCancel()
fun onError(errorMessage: String)
}

If the linking was successful then a new authenticationResponse will be returned, we recommend to change the authenticated user to the new one provided inside the authenticationResponse field.