Encrypting queries

Sometimes, you may not want to reveal the data source and/or the input for the data source. For example: you may not want to reveal the API key in the URL if there is any. Therefore, Oraclize provides a way to store queries encrypted in the smart contract and only Oraclize's server has the key to decrypt it.

Oraclize provides a Python tool (https://github.com/Oraclize/encrypted-queries), which can be used to encrypt the data source and/or the data input. It generates a non-deterministic encrypted string.

The CLI command to encrypt an arbitrary string of text is as follows:

    python encrypted_queries_tools.py -e -p 044992e9473b7d90ca54d2886c7addd14a61109af202f1c95e218b0c99eb060c7134c4ae46345d0383ac996185762f04997d6fd6c393c86e4325c469741e64eca9 "YOUR DATASOURCE or INPUT"

The long hexadecimal string you see is the public key of Oraclize's server. Now you can use the output of the preceding command in place of the data source and/or the input for the data source.

In order to prevent the misuse of encrypted queries (that is, replay attacks) the first contract querying Oraclize with a specific encrypted query becomes its rightful owner. Any other contract reusing the exact same string will not be allowed to use it and will receive an empty result. As a consequence, remember to always generate a newly encrypted string when redeploying contracts using encrypted queries.

Table of Contents for Encrypting queries

Create new playlist

Sign In

Sign Up

Table of Contents for
Encrypting queries