Skip to main content

Verifying data integrity

In addition to field lookups by user id, Privy provides a content-based addressing scheme.

Privy provides developers with the means to cryptographically ensure that data has not been modified by the datastore. These are integrity hashes. Simply put, data is hashed before it is encrypted client-side, and the hash is returned by the Privy client. By comparing hashes, you can ensure the data is unchanged upon retrieval.

Getting the integrity hash

When writing data to Privy, a SHA256 hash of the plaintext data concatenated with a nonce is computed client-side and returned as the integrity hash. For example:

const email = await client.put('1', 'email', 'hi@privy.io');
console.log(email.integrity_hash);

Querying data by integrity hash

When retrieving data by the integrity hash, the client library recomputes the hash of the retrieved plaintext after decryption, throwing an error in the event of a mismatch in hashes. This can be used to confirm that data has not been illegitimately modified.

// This call automatically calculates the SHA256 hash and verifies that it matches.
const field = await client.getByIntegrityHash(integrityHash);
console.log(field.text());