Skip to main content
Gateway provides an SDK and gRPC API to interact with Transform Encryption.
Key generation (e.g. keypairs, transformation keys) and encryption should be performed on the client.

SDK

LanguageLibrary
Rusthttps://github.com/GatewayLabs/gtw-recrypt
Typescript / Javascripthttps://github.com/GatewayLabs/recrypt-wasm-binding
Some operations require a signing_keypair to provide computation provenance.For example; Who performed what operation

1. Generate Key Pair

Generate a new encryption (private & public) keypair. This will follow standard KPI practices where the public key encrypts data and the corresponding private key decrypts the ciphertext. 
use recrypt_compute::crypto::encryption::recrypt::new_encryption_keypair;
// or for larger key size:
// use recrypt_compute::crypto::encryption::recrypt480::new_encryption_keypair;

let (priv_key, pub_key) = new_encryption_keypair();

2. Encrypt Data

Encrypt data using a public key. 
use recrypt_compute::crypto::{encryption::recrypt::{new_encryption_keypair, encrypt}, signature::new_signing_keypair};

let data = "eu falo ingles";

let (\_, pubkey) = new_encryption_keypair();
let signing_keypair = new_signing_keypair();

let encryption = encrypt(data.as_bytes(), &pubkey, &signing_keypair).unwrap();

3. Generate Transform Key

Generate a transform key for re-encryption using the sender’s private key and the recipient’s public key. The transformation key is a unique primitive that does not expose either crypto artifact in plaintext. 
use recrypt_compute::crypto::{encryption::recrypt::{new_encryption_keypair, new_transform_key}, signature::ed25519::new_signing_keypair};

let (privkey, pubkey) = new_encryption_keypair();
let (privkey2, pubkey2) = new_encryption_keypair();
let signing_keypair = new_signing_keypair();

let transformkey = new_transform_key(&privkey, &pubkey2, &signing_keypair);

4. Transform Ciphertext

Transforms (re-encrypts) a ciphertext using a transform key. 
transformed_data = transform(encryption.clone(), transformkey.clone(), &
signing_keypair3); ``` ```typescript TypeScript (WASM) let signing_keypair =
new_signing_keypair(); ```
</CodeGroup>

### 5. Decrypt Data

Decrypts a ciphertext using a private key.

<CodeGroup>
```rust Rust
use recrypt_compute::crypto::encryption::decrypt;
let unencryption = decrypt(&transformed_data, &privkey2, data.len()).unwrap();

Public API (Quickstart)

Node Endpoints

pre.gateway.tech:443 // Primary production node
pre-2.gateway.tech:443 // Secondary production node

API Requests

1. Generate Key Pair

Generates a new public-private key pair for encryption.
Avoid using this gRPC endpoint in production environments to avoid private key exposure.
rpc GenerateKeyPair(Empty) returns (EncodedKeyPair);

message EncodedKeyPair {
    string pubkey_base64 = 1;
    string privkey_base64 = 10;
}

const response = await client.GenerateKeyPair();
// Returns: { pubkey_base64: "...", privkey_base64: "..." }

2. Encrypt Data

Encrypts data using a public key.
Avoid using this gRPC endpoint in production environments to avoid known-cipher vulnerabilities.
rpc Encrypt(EncryptRequest) returns (EncryptReply);

message EncryptRequest {
    string data = 1;
    string pubkey_base64 = 2;
    bool is_data_base64 = 10;
}

message EncryptReply {
    string cipher_base64 = 1;
    float length = 10;
}

const response = await client.Encrypt({
  data: "Hello, World!",
  pubkey_base64: publicKey,
  is_data_base64: false,
});
// Returns: { cipher_base64: "...", length: 13 }

3. Generate Transform Key

Generates a transform key for re-encryption.
Avoid using this gRPC endpoint in production environments to avoid private key exposure.
rpc GenerateTransformKey(GenerateTransformKeyRequest) returns (EncodedPayload);

message GenerateTransformKeyRequest {
    string to_pubkey_base64 = 1;
    string from_privkey_base64 = 10;
}

message EncodedPayload {
    string payload_base64 = 1;
}

const response = await client.GenerateTransformKey({
  to_pubkey_base64: recipientPublicKey,
  from_privkey_base64: senderPrivateKey,
});
// Returns: { payload_base64: "..." }

4. Transform Ciphertext

Transforms (re-encrypts) a ciphertext using a transform key. 
rpc Transform(TransformRequest) returns (EncodedPayload);

message TransformRequest {
    string cipher_base64 = 1;
    string transformkey_base64 = 2;
}

const response = await client.Transform({
  cipher_base64: encryptedData,
  transformkey_base64: transformKey,
});
// Returns: { payload_base64: "..." }

5. Decrypt Data

Decrypts a ciphertext using a private key.
Avoid using this gRPC endpoint in production environments to avoid private key exposure.
rpc Decrypt(DecryptRequest) returns (EncodedPayload);

message DecryptRequest {
    string cipher_base64 = 1;
    string privkey_base64 = 2;
    float length = 3;
}

const response = await client.Decrypt({
  cipher_base64: transformedData,
  privkey_base64: recipwwientPrivateKey,
  length: originalLength,
});
// Returns: { payload_base64: "..." }

Best Practices

  1. Security
    • Secure private key storage
    • Validate public keys
    • Implement proper key rotation
  2. Connection Management
    • Reuse client instances
    • Implement connection pooling
    • Handle reconnection gracefully
  3. Error Handling
    • Implement retries with backoff
    • Use backup nodes when primary is unavailable
    • Validate inputs before sending
  4. Performance
    • Batch operations when possible
    • Cache transform keys
    • Monitor response times

Rate Limits

EnvironmentRequests/SecondBurst Limit
Production100200
Testnet50100

Monitoring

Service status can be monitored at https://status.gateway.tech/pre