MetaData Encryption

If you are tracking end users in your backend through an internal UUID, transaction number, stripe ID, etc., you can use the metaData object to securely pass encrypted end user information to identify completed verifications. 
The metaData object allows you to pass an encrypted JSON string via a private key encoded in base64 on the client-side, and then Passbase will use your public key to return the data on the Passbase API.
Generate Encryption Keys
Create your private key by running the following terminal command:
1
openssl genrsa -out ~/passbase-test-private-key.pem 4096
Copied!
Generate the public key associated to the private key by running the following terminal command. Copy the content of ~/passbase-test-public-key.pub into your clipboard.
1
openssl rsa -in ~/passbase-test-private-key.pem -out ~/passbase-test-public-key.pub -pubout
Copied!
​
Add Public Encryption Key to your Project
Enter the public encryption key copied from your clipboard within the developer dashboard for each individual project. 
​
Encrypt Data in Backend
The metaData object requires an encrypted JSON string via the private key encoded in base64.  Below are examples of how to create an encrypted JSON string in your backend. 
JavaScript
Python
Go
Ruby
PHP
Kotlin
1
const crypto = require("crypto");
2
const fs = require("fs");
3
const metadata = {foo: "bar"};
4
const pkey = crypto.createPrivateKey({format: 'pem', key: fs.readFileSync("~/passbase-test-private-key.pem")});
5
const encrypted_metadata = crypto.privateEncrypt(pkey, Buffer.from(JSON.stringify(metadata))).toString('base64');
Copied!
1
import base64
2
import subprocess
3
import tempfile
4
metadata = bytearray('{"foo": "bar"}', 'utf-8')
5
with open("~/passbase-test-private-key.pem", "rb") as f:
6
    p = subprocess.Popen(
7
        "openssl rsautl -sign -inkey " + f.name,
8
        shell=True,
9
        stdin=subprocess.PIPE,
10
        stdout=subprocess.PIPE,
11
        stderr=subprocess.PIPE)
12
    stdout, stderr = p.communicate(input=metadata)
13
    encrypted_metadata = base64.b64encode(stdout)
Copied!
1
rng := rand.Reader
2
metadata := []byte("{\"foo\": \"bar\"}")
3
priv, _ := ioutil.ReadFile("~/passbase-test-private-key.pem")
4
privPem, _ := pem.Decode(priv)
5
privateKey, _ := x509.ParsePKCS1PrivateKey(privPem.Bytes)
6
signature, _ := rsa.SignPKCS1v15(rng, privateKey, crypto.Hash(0), metadata[:])
7
encrypted_metadata := base64.StdEncoding.EncodeToString(signature)
Copied!
1
metadata = {"foo" => "bar"}
2
key = OpenSSL::PKey::RSA.new(File.read("~/passbase-test-private-key.pem"))
3
encrypted_metadata = Base64.encode64(key.private_encrypt(metadata.to_json))
Copied!
1
<?php
2
​
3
$metadata = array("foo" => "bar");
4
$private_key = openssl_pkey_get_private("file://~/passbase-test-private-key.pem");
5
​
6
$encrypted_metadata_bytes = "";
7
openssl_private_encrypt(json_encode($metadata), $encrypted_metadata, $private_key);
8
​
9
$encrypted_metadata = base64_encode($encrypted_metadata_bytes);
Copied!
An example how this can be achieved in Kotlin was generously open-sourved and provided by one of our clients in this gist here. Thank you for the effort & help Sam! 🚀
​
​
Pass metaData Object
After encrypting the data in your backend, you will need to pass the private key encoded in base64 to Passbase through the client-side frontend.
​
Value
metaData
Encrypted JSON string via the private key encoded in base64
HTML + JS
React
Angular
iOS
Kotlin
Java
React Native
Flutter
1
<script type="text/javascript">
2
  const element = document.getElementById("passbase-button")
3
  const apiKey = "YOUR_API_KEY"
4
​
5
  Passbase.renderButton(element, apiKey, {
6
    {
7
      prefillAttributes: {
8
        email: "[email protected]",
9
        country: "de"
10
      }
11
    },
12
    // Signed and Armored Metadata, which contain {"email": "[email protected]", "country": "de", ...}
13
    metaData: "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
14
    onFinish: (identityAccessKey) => {
15
      console.log(identityAccessKey)
16
      // Open new window for end user to prevent duplicate verifications
17
      window.location.href =("https://passbase.com/")
18
    }
19
  })        
20
</script>
Copied!
1
import React from 'react';
2
import VerifyButton from "@passbase/button/react";
3
​
4
function App() {
5
  const referenceUserWithKey = (key) => {
6
    console.log(key)
7
    // Make request to your backend/db and save the key to the user's profile
8
  }
9
​
10
  return (
11
    <div className="App">
12
      <VerifyButton
13
        apiKey={"YOUR_PUBLISHABLE_API_KEY"}
14
        onSubmitted={(identityAccessKey) => {
15
          referenceUserWithKey(identityAccessKey)
16
        }}
17
        onFinish={(identityAccessKey) => {
18
        // Open new window for end user to prevent duplicate verifications
19
          window.location.href =("https://passbase.com/")
20
        }}
21
        onError={(errorCode) => {}}
22
        onStart={() => {}}
23
        prefillAttributes={{
24
          email: "[email protected]"
25
        }}
26
        // Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
27
        metaData={{
28
          "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
29
        }}
30
      />
31
    </div>
32
  );
33
}
Copied!
1
const onSubmit = (identityAccessKey) => {
2
  console.log(identityAccessKey)
3
  // Make a request to your backend/db and save the key to your user's profile
4
}
5
​
6
Passbase.renderButton(
7
  this.passbaseButton.nativeElement, 
8
  "YOUR_API_KEY",
9
  {
10
    onSubmitted: (identityAccessKey) => {},
11
    onFinish: (identityAccessKey) => {
12
    // Open new window for end user to prevent duplicate verifications
13
      window.location.href =("https://passbase.com/")
14
    },
15
    prefillAttributes: {
16
          email: "[email protected]",
17
          country: "de"
18
    },
19
    // Signed and Armored Metadata, which contain {"email": "[email protected]", "country": "de", ...}
20
    metaData: {
21
          "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
22
    }
23
  }
24
)
Copied!
1
import Passbase
2
import UIKit
3
​
4
class ViewController: UIViewController {
5
​
6
    override func viewDidLoad() {
7
        super.viewDidLoad()
8
        
9
        // Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
10
        PassbaseSDK.metaData = "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
11
​
12
        let button = PassbaseButton(frame: CGRect(x: 40, y: 90, width: 300, height: 60))
13
        self.view.addSubview(button)
14
    }
15
}
Copied!
1
package com.passbase.androiddemoapp
2
​
3
import androidx.appcompat.app.AppCompatActivity
4
import android.os.Bundle
5
​
6
// 1. Add import of Passbase SDK and the Passbase Button to the top
7
import com.passbase.passbase_sdk.PassbaseSDK
8
import com.passbase.passbase_sdk.PassbaseButton
9
​
10
class MainActivity : AppCompatActivity() {
11
​
12
    override fun onCreate(savedInstanceState: Bundle?) {
13
        super.onCreate(savedInstanceState)
14
        setContentView(R.layout.activity_main)
15
​
16
        val passbaseRef = PassbaseSDK(this)
17
        passbaseRef.initialize("YOUR_PUBLISBALE_API_KEY")
18
        
19
        // Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
20
        passbaseRef.metaData = "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
21
    }
22
​
Copied!
1
package com.passbase.androiddemoapp;
2
​
3
import androidx.appcompat.app.AppCompatActivity;
4
import android.os.Bundle;
5
​
6
// 1. Add import of Passbase SDK and the Passbase Button to the top
7
import com.passbase.passbase_sdk.Passbase;
8
import com.passbase.passbase_sdk.PassbaseButton;
9
​
10
public class MainActivity extends AppCompatActivity {
11
​
12
    @Override
13
    protected void onCreate(Bundle savedInstanceState) {
14
        super.onCreate(savedInstanceState);
15
        setContentView(R.layout.activity_main);
16
​
17
        PassbaseSDK passbaseRef = new PassbaseSDK(this);
18
        passbaseRef.initialize("YOUR_PUBLISHABLE_API_KEY");
19
        
20
        // Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
21
        passbaseRef.setMetaData("AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD");
22
    }
23
}
Copied!
1
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
2
PassbaseSDK.setMetaData("AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD")
Copied!
1
import 'package:passbase_flutter/passbase_flutter.dart';
2
​
3
...
4
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
5
PassbaseSDK.metaData = "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
6
...
Copied!
Feature available from Web SDK version 3.3.1 and Mobile SDK version 2.4.0
​
Call Passbase API
After a user completes a verification and you receive the VERIFICATION_REVIEWED webhook event, it is time to call the Passbase Get Identity endpoint.  Using this API endpoint, you will see the new metaData object returned.
If the public encryption key is not added to the developer dashboard, you will not see the metaData information returned on the API.
1
{
2
   id: "1234-1234-1234-1234",
3
   resources: [...],
4
   metadata: { internal_customer_id: "XYZ" }
5
}
Copied!