3) Security Document Encryption
Encrypting regular documents into secure documents
API
| Method | URL |
|---|---|
| POST | /api/encryption |
Request Body
| Name | Required | Type | Description | |
|---|---|---|---|---|
| licenseKey | required | string | Enter the issued license in the integration app management menu of the SHIELDRM admin page. | |
| encType | required | string | Document Type D : DAC Document M : MAC Document G : GRADE Document | |
| docList | required | string | Enter the appropriate permission list according to encType. D : SECURITYDOMAIN^111001100|USER01^011001100 M : 0000001 G : 0000001|RND1^110001111|dev04^010001111 ※ If it is G and D, please refer to the "Permission String" table below for input. | |
| srcFilePath | required | string | Original general document path | |
| srcFileName | optional | string | Original document name to be stored in the security document header - If not used, the filename of srcFilePath is saved. | |
| dstFilePath | required | string | Encrypted secure document path | |
| algorithm | optional | string | AES / ARIA Default value: AES | |
| sciServerId | optional/required | string | SCI server ID to be encrypted <span style={{color: 'red'}}>- Required when using multi-SCI servers | |
| extraInfo | optional | json | Input additional information in JSON format (Refer to the extraInfo data description table and sample data below) | |
| decisionFactor | optional | json | Additional Information Input for Applying Registered Conditional Policies (Refer to the decisionFactor data description table and sample data below) | |
| serviceLinker | optional | json | Parameters used in the SDFApp API - Required when changing systemName ex) "{\"systemName\":\"SDF\"}" |
extraInfo Data Description Table
Key Required Type Description source required json name required string Call System Name from required string Call System URL user json id string User ID name string Username depart string All User Departments (Top Group/Middle Group/Lower Group) duty string User Job Title docUid string DOC_UID of the encrypted file parentUid string Parent document's UID branchUid string Current UID
- Sample Data
{
"source": {
"name": "EKMS",
"from": "https://devekms.softcamp.co.kr"
},
"user": {
"id": "ekmsTest@softcamp.co.kr",
"name": "ekmsTest",
"depart": "임직원/연구소/개발실/개발1팀",
"duty": "과장"
},
"docUid": "77*9Sw5WOOq1hO*_vQ7vv70D77*9Oei_",
"parentUid": "88*9Sw5WOOq1hO*_vQ7vv70D77*9Oei_",
"branchUid": "99*9Sw5WOOq1hO*_vQ7vv70D77*9Oei_"
}
decisionFactor Data Description Table
Key Required Type Description userId required string User ID of the requester for document conversion that corresponds to the members of the conditional policy ipAddress required string User IP requesting document conversion corresponding to the location (IP) of the conditional policy
- Sample Data
{
"userId": "user1@socam.info",
"ipAddress": "10.10.10.100"
}
Permission string: Description of the 9-character string included when the document type is D or G.
row 1 2nd row 3rd row 4 rows 5 rows 6 rows 7th row 8th row 9th row Key Classification Read Permission Edit Permissions Decryption Permission External Transfer Permission Print Permission Presence of marking Automatic Destruction Permission Change 1 : Group
0 : Personal1 : Has Permission
0 : No Permission1 : Has permission
0 : No Permission1 : Has permission
0 : No Permission1 : Has permission
0 : No Permission1 : Has permission
0 : No Permission1 : Marked
0 : No marking4 : Expiration Date
2 : Output Count
1 : Number of Reads
0 : No effect1 : Changeable
0 : Cannot change
- For example) If you are an individual with read permission, decryption permission, and external transfer permission, and no other permissions, the permission string would be => "010110000"
Response
| Name | Type | Description |
|---|---|---|
| code | int | 0 : Success Value other than 0: Error |
| message | string | "OK" : Success Other Value Error Message |
Examples
Request
- Body
[단일 서버]
{
"licenseKey": "FEFF-0C448-B1D8-A1A9A",
"encType": "D",
"docList": "SECURITYDOMAIN^110001111",
"srcFilePath" : "/opt/shieldrm/data/test.xlsx",
"dstFilePath" : "/opt/shieldrm/dataout_test.xlsx",
"extraInfo": "{\"source\":{\"name\":\"EKMS\",\"from\":\"https://devekms.softcamp.co.kr\"}}",
"decisionFactor": "{\"userId\":\"user1@socam.info\",\"ipAddress\":\"10.10.10.100\"}"
}
[멀티 서버]
{
"sciServerId": "SCAM-ED72-262C-433A-0004",
"licenseKey": "FEFF-0C448-B1D8-A1A9A",
"encType": "D",
"docList": "SECURITYDOMAIN^110001111",
"srcFilePath" : "/opt/shieldrm/data/test.xlsx",
"dstFilePath" : "/opt/shieldrm/dataout_test.xlsx",
"extraInfo": "{\"source\":{\"name\":\"EKMS\",\"from\":\"https://devekms.softcamp.co.kr\"}}",
"decisionFactor": "{\"userId\":\"user1@socam.info\",\"ipAddress\":\"10.10.10.100\"}"
}
[헤더의 원본 문서 이름 변경 시]
{
"sciServerId": "SCAM-ED72-262C-433A-0004",
"licenseKey": "FEFF-0C448-B1D8-A1A9A",
"encType": "D",
"docList": "SECURITYDOMAIN^110001111",
"srcFilePath" : "/opt/shieldrm/data/test.xlsx",
"srcFileName" : "original.xlsx",
"dstFilePath" : "/opt/shieldrm/dataout_test.xlsx",
"extraInfo": "{\"source\":{\"name\":\"EKMS\",\"from\":\"https://devekms.softcamp.co.kr\"}}",
"decisionFactor": "{\"userId\":\"user1@socam.info\",\"ipAddress\":\"10.10.10.100\"}"
}
[systemName 변경 시]
{
"sciServerId": "SCAM-ED72-262C-433A-0004",
"licenseKey": "FEFF-0C448-B1D8-A1A9A",
"encType": "D",
"docList": "SECURITYDOMAIN^110001111",
"srcFilePath" : "/opt/shieldrm/data/test.xlsx",
"dstFilePath" : "/opt/shieldrm/dataout_test.xlsx",
"extraInfo": "{\"source\":{\"name\":\"EKMS\",\"from\":\"https://devekms.softcamp.co.kr\"}}",
"decisionFactor": "{\"userId\":\"user1@socam.info\",\"ipAddress\":\"10.10.10.100\"}",
"serviceLinker": "{\"systemName\":\"SDF\"}"
}
Response
- success
{
"code": 0,
"message" : "OK"
}
- failure
- SDF Container Error
- Status code : 400 Bad Request
{
"code": 40010,
"message": "File is already encrypted."
}
- SDF Container Module (SCSL) Error
- Status code : 500 INTERNAL_SERVER_ERROR
{
"code": -61,
"message" : "EXCEPTION error"
}
- SKMS Error (https://idocs.softcamp.co.kr/sdf/SDF_Guide/log/api_skmsErrorCode)
- Status code : 500 INTERNAL_SERVER_ERROR
[토큰 검증 실패]
{
"code": 50001,
"message": "{\"code\":40101,\"message\":\"Invalid token\",\"detail\":\"invalid_token\"}"
}
[KMS 연결 실패]
{
"code": 50001,
"message": "An unexpected error has occurred in the internal system",
"detail": "I/O error on GET request for \"https://devkms.softcamp.co.kr:8080/drm/7FDKQsEK-QVGKyXA2-fx1LxIzy-SNIre0s9/key/0000003\": Connect to devkms.softcamp.co.kr:8080 [devkms.softcamp.co.kr/10.14.10.171] failed: Connection timed out: connect; nested exception is org.apache.http.conn.HttpHostConnectException: Connect to devkms.softcamp.co.kr:8080 [devkms.softcamp.co.kr/10.14.10.171] failed: Connection timed out: connect"
}
[KMS 키조회 실패]
{
"code": 40013,
"message": "Key not found in the keyVault",
"detail": "keyId : 0000011"
}
- SKMS Module (SCKE) Error
- Status code : 500 INTERNAL_SERVER_ERROR
{
"code": 40003,
"message": "Failed create header",
"detail": "4020"
}
Summary of SKMS API and SCSL functions called internally by the API
| Call Order | API and Function Names |
|---|---|
| 1 | SKMS JWT Issuance API Call: /api/oauth/token |
| 2 | SCSL encryption function call: CloudAPIEncrypt() |
| 3 | Header Key Retrieval API Call: /api/docu/headerKey |
| 4 | SCSL header information retrieval function call: dsGetFullHeaderEx() |
| 5 | Unified Log Transmission API Call: /log/container-linker |