Node.js Decryption

Well Alice, the good news is, your first encrypted file is so safe, only you can decrypt it. Let’s confirm that with your protected file. Then, we’ll grant access to someone you trust.

Meet Secure Reader, the easiest way to decrypt

Opening a protected HTML file will take you to Virtru’s Secure Reader.

Authenticating with Virtru Secure ReaderAuthenticating with Virtru Secure Reader

Authenticating with Virtru Secure Reader

Secure Reader will also ask you to authenticate. Again, no one trusts that you’re Alice. But trust us, it’s good for security. If Mallory tries to authenticate, he won’t see your sensitive data.

But if you authenticate, Secure Reader will render your file.

Decrypting with Virtru Secure ReaderDecrypting with Virtru Secure Reader

Decrypting with Virtru Secure Reader

If Secure Reader can’t render the file, you will still be able to download it.

Decrypting via SDK

Outside of Secure Reader, you can also decrypt a file via the SDK:

// Decryption example
const Virtru = require("virtru-sdk");

function loadVirtruClient() {
  const email = process.env.VIRTRU_SDK_EMAIL;
  const appId = process.env.VIRTRU_SDK_APP_ID;
  if (!email || !appId) {
    throw "An environment variable is not set:\n- VIRTRU_SDK_EMAIL\n- VIRTRU_SDK_APP_ID";
  return new Virtru.Client({ email, appId });

async function decrypt(protectedFile, unprotectedFile) {
  const client = loadVirtruClient();

  // prepare
  const decryptParams = new Virtru.DecryptParamsBuilder()

  // access & output
  const plaintextStream = await client.decrypt(decryptParams);
  await plaintextStream
    .then(() => console.log(`Decrypted file ${unprotectedFile}`));
  return plaintextStream;

// optionally execute from command line
if (require.main === module) {
  const protectedFile = "sensitive.txt.tdf.html";
  const unprotectedFile = "sensitive_decrypted.txt";
  decrypt(protectedFile, unprotectedFile);
node decrypt.js

Allowing others to decrypt

But let’s say you wanted to share your sensitive data with your trusted colleague Bob, whose email is [email protected].

For existing files, you would grant access to [email protected] and save the changes to the Virtru Platform.

const decryptParams = new Virtru.DecryptParamsBuilder()
const policyId = await client.getPolicyId(decryptParams);
const policy = await client.fetchPolicy(policyId);
const newPolicy = policy
  .addUsersWithAccess(["[email protected]"])
await client.updatePolicy(newPolicy);

Now, [email protected] should be able to view your sensitive data in Secure Reader (anywhere) or via the SDK decrypt call (in your apps).

When protecting new files, you can grant access to Bob or any number of users as part of encryption params:

const policy = new Virtru.PolicyBuilder()
  .addUsersWithAccess(["[email protected]"])

const encryptParams = new Virtru.EncryptParamsBuilder()

const protectedStream = await client.encrypt(encryptParams);
await protectedStream.toFile("sensitive.txt.tdf.html");

Did this page help you?