Public Key Publication

To participate in encrypted identity exchange using CRYMBO Oracle, each Bussiness/ institution must publish a public encryption key. This key enables secure data transfers and ensures only authorized recipients can decrypt sensitive PII.

Supported Key Type

CRYMBO currently supports X25519 encryption keys for elliptic curve Diffie-Hellman (ECDH) key exchange. This key is used to encrypt the AES key that protect the compliance information that you exchange with the other entity.

Steps to Publish a Key

1. Generate a Key Pair

Use a cryptographic library to generate an X25519 key pair:

const keyPair = nacl.box.keyPair();
console.log('Public Key:', Buffer.from(keyPair.publicKey).toString('base64'));

2. Submit Public Key to CRYMBO

You can publish your key via:

API:

POST /api/keys/publish
Authorization: Bearer <token>
Content-Type: application/json

{
  "type": "X25519",
  "publicKey": "<base64-encoded-public-key>"
}

OR Portal:

Log into CRYMBO Connect
Navigate to "Encryption Settings"
Upload your public key securely

Key Rotation & Management

Keys can be rotated via the same endpoint
Expired keys will be ignored
Each key is stored with a createdAt timestamp

Registry Lookup

The Oracle uses the registered public key of the receiver Bussiness/ institution to encrypt the identity payload.

Security Notes

CRYMBO never stores private keys
Keys must be regenerated and re-uploaded if compromised
Receiver must retain the private key for decryption

📌 Next Step: Continue to Integration Guide

Supported Key Type​

Steps to Publish a Key​

1. Generate a Key Pair​

2. Submit Public Key to CRYMBO​

API:​

OR Portal:​

Key Rotation & Management​

Registry Lookup​

Security Notes​