This tutorial shows how to use the Tanker encryption APIs to protect binary data of any size.

Encrypting binary data

Just like you have used encrypt() to encrypt strings, you need to call encryptData() to encrypt binary resources:

const clearFile = new File(/*...*/);
const encryptedFile = await tanker.encryptData(clearFile);

encryptedFile instanceof File; // true;

The encryptData() method accepts ArrayBuffer, Buffer, Blob, File and Uint8Array instances as input, and will return an encrypted resource in the same format by default.

You can also explicitly set the type option to ArrayBuffer, Buffer, Blob, File or Uint8Array to request a different output type:

const clearData = new Uint8Array(32);
const encryptedBlob = await tanker.encryptData(clearData, { type: Blob });

encryptedBlob instanceof Blob; // true; (instead of Uint8Array by default)

For File and Blob outputs, you can specify a mime option to set the MIME type on the output. By default, the MIME type of the input will be set to the output.

For File outputs, you can specify a name option to set on the output. By default, the name of a File input will be set to the output.

const encryptedFile = await tanker.encryptData(clearFile, {
    type: File,
    mime: 'application/octet-stream', // default: clearFile.mime
    name: `${clearFile.name}.enc`     // default: clearFile.name
}):

Note that the Java API takes binary input and returns binary output as byte[] objects.

byte[] clearData = {84, 97, 110, 107, 101, 114}; // e.g. binary for "Tanker"
byte[] encryptedData = tanker.encrypt(clearData, null).get();

Just like you have used encryptString to encrypt strings, you need to call encryptData to encrypt binary resources:

// E.g. get the binary content of a file:
NSData* clearFileData = [NSData dataWithContentsOfFile:@"a/file/path..."];

[self.tanker encryptData:clearFileData
       completionHandler:^(NSData* encryptedData, NSError* err) {
        if (err == nil) {
          // Do something with encryptedData
        }
       }];

Sharing binary data

Regarding sharing, encryptData() behaves exactly like encrypt():

  • by default, a user's encrypted data can only be decrypted on the devices of this user;
  • you can specify additional recipients by passing EncryptionOptions, so that they can decryptData() those data.

Sharing binary data works exactly like sharing textual data.

Regarding sharing, encryptData behaves exactly like encryptString:

  • by default, a user's encrypted data can only be decrypted on the devices of this user;
  • you can specify additional recipients by passing EncryptionOptions, so that they can decryptData those data.

Decrypting binary data

To decrypt some data encrypted with encryptData(), simply give it to decryptData(). It will work the same whether the content was encrypted by the current user, or shared with them.

const clearFile = await tanker.decryptData(encryptedFile);

decryptData() will throw an error if the user does not have access to this data (i.e. if the data was not shared with them).

Similarly to encryptData(), decryptData() accepts ArrayBuffer, Blob, File and Uint8Array instances as input, and returns a decrypted resource in the same format by default.

Most options available on encryptData() are available on decryptData() too: type, mime and name.

To decrypt some binary data encrypted with encrypt(), simply give it to decrypt(). It will work the same whether the content was encrypted by the current user, or shared with them.

byte[] clearData = tanker.decrypt(encryptedData, null).get();

To decrypt some binary data encrypted with encryptData, simply give it to decryptData. It will work the same whether the content was encrypted by the current user, or shared with them.

[self.tanker decryptData:encryptedData
       completionHandler:^(NSData* clearData, NSError* err) {
          if (err == nil) {
            // do something with clearData
          }
        }];