RSA encryption lets you securely encrypt small amounts of data, such as email addresses. You can encrypt data before passing it to our system for decryption or send encrypted data to external systems either for eventual return or for decryption by the external system.
Before you start
Things you need to know:
Private keys can be imported into your account (with an optional password and encryption).
A public key can be imported into your account - this can then only be used for encryption purposes.
Keys for import must be 2048 bits and serialized in the PEM format.
Key specifications
Keys are 2048-bit RSA keys
Encryption uses OAEP (SHA256) padding with MGF1 using SHA256
Maximum data encryption capacity is 190 bytes due to key size and padding requirements
Encrypted data is Base64 encoded (URL safe) to allow inclusion in links
Key management options
Generate new key pairs within your account
Import private keys with optional password protection
Import public keys for encryption-only purposes
Keys for import must be 2048 bits and in PEM format
Generate a new keypair
Expand the User menu, and go to Settings > Security and Privacy > RSA Encryption.
Expand the Key Role drop-down menu and choose a role.
The role is used to determine which RSA key to use when decrypting / encrypting plaintext.
For Key Name, enter your key's name.
Select Generate new Keypair.
Select Generate / Import.
Import a private or public key
Expand the User menu, and go to Settings > Security and Privacy > RSA Encryption.
Expand the Key Role drop-down menu and choose a role.
The role is used to determine which RSA key to use when decrypting / encrypting plaintext.
For Key Name, enter your key's name.
Select either Import Private Key or Import Public Key Only.
If you selected Import Private Key, enter a Password.
For Key (PEM format), enter the key.
Select GENERATE / IMPORT.
Test your encryption
Use the RSA test tool to verify your encryption and decryption processes.
Expand the User menu, and go to Settings > Security and Privacy > RSA Encryption.
To open the RSA test tool, select Test RSA.
Expand the Key to Use drop-down menu and choose the RSA encryption key you want to use.
Encrypt plain text
To encrypt plain text:
For Plain text, enter the plain text you want to encrypt.
Select Encrypt.
The text encrypts and generates in the Encrypted, base64 encoded Text box.
Decrypt text
To decrypt the encoded text:
For Encrypted, base64 encoded Text, enter the encrypted text you want to decrypt.
Select Decrypt.
The text decrypts and generates in the Decrypted Text box.
Disable unencrypted identification
By default, users can be identified by either encrypted or unencrypted email addresses. For additional security and privacy, you can disable unencrypted identification:
Expand the User menu, and go to Settings > Security and Privacy > Content Serving Encryption.
Select the Disable Unencrypted Identification checkbox.
Select Save.