LogoLogo
  • Platform Overview
  • 🗺️Guides
    • Getting Started
    • Users
      • Integrate the User SDK
      • Registration
      • Authentication
      • SDK Releases
      • API Reference
    • Entitlements
      • Administrative API
        • Integrating the Administrative API
        • Entitlement Definitions
        • Managing Entitlements Sets
        • Managing Entitlements Sequences
        • Managing User Entitlements
        • API Schema
      • End-user API
        • Integrate the Entitlements SDK
        • Redeeming Entitlements
        • Retrieving Entitlements
        • SDK Releases
        • API Reference
    • Sudos
      • Integrate the Sudo Profiles SDK
      • Sudo Entitlements
      • Manage Sudos
      • SDK Releases
      • API Reference
    • Telephony
      • Integrate the Telephony SDK
      • Manage Phone Numbers
      • Text Messaging
      • Voice Calling
      • Telephony Simulator
      • SDK Releases
      • API Reference
    • Email
      • Integrate the Email SDK
      • Email Entitlements
      • Manage Email Addresses
      • Sending & Receiving Email
      • Manage Email Folders
      • Draft Email Messages
      • Manage Email Address Blocklists
      • Email Address Public Information
      • Pagination
      • Caching
      • Configuration Data
      • Email Notifications
      • SDK Releases
      • API Reference
    • Decentralized Identity
      • Edge Agent
        • Relay SDK
          • Integrate the Relay SDK
          • Relay Entitlements
          • Manage Relay Postboxes
          • Manage Relay Messages
          • Receiving Messages
          • SDK Releases
        • Edge Agent SDK
          • Integrate the Edge Agent SDK
          • Agent Management
          • Manage Wallets
          • Establishing Connections
          • Manage Connections
          • Messaging
          • Manage DIDs
          • Accepting New Credentials
          • Manage Credentials
          • Present Credentials for Verification
          • Utilize Alternative Cryptography Providers
          • SDK Releases
          • Standards and Protocols
      • Cloud Agent
        • Cloud Agent Admin API
          • Integrate the Cloud Agent Admin API
          • Aries Interop Profile (AIP)
            • Connection Exchanges
            • Credential Exchanges
            • Proof Exchanges
          • Connections
          • Basic Messages
          • Credentials
            • Anoncreds Credentials
              • Schemas
              • Credential Definitions
            • W3C Credentials
          • Audit Logs
          • API Schema
          • Error Codes
          • Standards and Protocols
    • Virtual Cards
      • Integrate the Virtual Cards SDK
      • Virtual Cards Entitlements
      • Virtual Cards Transaction Velocity Constraints
      • Key Management
      • Manage Funding Sources
      • Manage Virtual Cards
      • Manage Transactions
      • Configuration Data
      • Pagination
      • Caching
      • SDK Releases
      • API Reference
    • Virtual Cards Simulator
      • Integrate the Virtual Cards Simulator SDK
      • Simulate Authorizations
      • Simulate Debits
      • Simulate Refunds
      • Simulate Reversals
      • Merchants and Currencies
      • SDK Releases
      • API Reference
    • Virtual Private Network
      • Integrate the VPN SDK
      • VPN Entitlements
      • Manage Servers
      • Manage Connection
      • Observe VPN Related Events
      • SDK Releases
      • API Reference
      • Frequently Asked Questions
    • Secure ID Verification
      • Integrate the Secure ID Verification SDK
      • List Supported Countries
      • Verify an Identity
      • Check Secure ID Verification Status
      • Use the Secure ID Verification Simulator
      • SDK Releases
      • API Reference
    • Password Manager
      • Integrate the Password Manager SDK
      • Accessing the Password Manager
      • Managing Password Vaults
      • Managing Password Vault Items
      • Vault Import and Export
      • Password Utilities
      • Password Manager Entitlements
      • Password Vault Security
      • SDK Releases
      • API Reference
    • Ad/Tracker Blocker
      • Integrate the Ad/Tracker Blocker SDK
      • Manage Rulesets
      • Blocking Ads and Trackers
      • Manage Exceptions
      • SDK Releases
      • API Reference
    • Site Reputation
      • Integrate the Site Reputation SDK
      • Use the Site Reputation SDK
      • SDK Releases
      • API Reference
  • 💡Concepts
    • Sudo Digital Identities
  • 🧱Development
    • Versioning
  • 🏢Administration
    • Admin Console Roles
  • ❓Get Help
    • Request a Demo
    • Report an Issue
Powered by GitBook
On this page
  1. Guides
  2. Virtual Cards

Key Management

Manage the encryption keys associated with virtual card and transaction data.

PreviousVirtual Cards Transaction Velocity ConstraintsNextManage Funding Sources

Last updated 28 days ago

A fundamental aspect of using Sudo Platform SDKs is that user data is encrypted using keys that ensure that only the user who the data belongs to can decrypt it.

The Virtual Cards SDK uses two keys to achieve this. A symmetric key used by the SDK to seal user specific data associated with virtual cards and a public/private key pair with the public key used by the service to encrypt virtual card details, such as card number and expiry date, as well as transaction information.

Loss of these keys results in an inability of the user to decrypt the virtual card details and transactions. As such, keys should be backed up to external secure storage. To backup the keys, create a key archive from the key manager being used by the Virtual Cards SDK.

For applications where the same user may use multiple devices, all devices must have access to the same keys. These keys must be shared between the devices by securely transferring the key archive from one device to the other.

The is a good solution for storage of such archives and synchronization of archives between devices.

Creating Keys

The createKeysIfAbsent method is used to provide control of key creation time and detection of whether new keys have been created by the SDK. Keys must be created before a virtual card is created. Deferring key creation until the user creates their first virtual card can help minimize the risk that keys get created and not backed up.

try {
  const result = await virtualCardsClient.createKeysIfAbsent()
  if (result.symmetricKey.created || result.keyPair.created) {
    // Prompt user or automatically handle backing up of new key or keys
  }
} catch (error) {
  // Handle/notify user of errors
}
do {
  let result = try await virtualCardsClient.createKeysIfAbsent()
  if (result.symmetricKey.created || result.keyPair.created) {
    // Prompt user or automatically handle backing up of new key or keys
  }
catch {
  // Handle/notify user of errors
}
launch {
    try {
        val result = withContext(Dispatchers.IO) {
            virtualCardsClient.createKeysIfAbsent()
        }
        if (result.symmetricKey.created || result.keyPair.created) {
            // Prompt user or automatically handle backing up of new key or keys
        }
    } catch (e: VirtualCardException) {
        // Handle/notify user of exception
    }
 }
🗺️
Sudo Platform Password Manager