How-to
Encrypt a message
Goal
Turn a plaintext body into an encrypted wire envelope addressed to a specific recipient identity.
Prerequisites
- The SDK installed and an identity activated
- The recipient's identity name (an email address or hostname)
Code
.NET
using HexaEight.Bridge;
var client = new Client();
string envelope = await client.EncryptEnvelopeAsync(
recipient: "[email protected]",
body: "hello alice");
Console.WriteLine($"Envelope length: {envelope.Length} bytes");
// Send `envelope` over any transport. Node.js
import { HexaEight } from '@hexaeight/sdk';
const he = await HexaEight.connect();
const envelope = await he.envelope.encrypt({
recipient: '[email protected]',
body: 'hello alice',
});
console.log(`Envelope length: ${envelope.length} bytes`); Optional parameters
| Parameter | Type | Purpose |
|---|---|---|
sessionId | string | Identifies an ongoing conversation. See sessioned envelopes. |
finalRecipient | string | For relay scenarios — the intended end recipient. |
kgt | long | Force a specific time window. Usually omitted (the SDK picks the current window). |
What gets enforced automatically
If automatic enforcement is on (the default), the SDK runs an outbound
authorisation check before encrypting. If a rule denies the operation, the
SDK throws UnauthorizedAccessException in .NET (or
UnauthorizedError in Node.js) and never produces an envelope.
try
{
string envelope = await client.EncryptEnvelopeAsync("[email protected]", "hi");
}
catch (UnauthorizedAccessException ex)
{
Console.WriteLine($"Outbound denied: {ex.Message}");
} Common issues
| Symptom | Cause | Fix |
|---|---|---|
| Returns empty string | Recipient identity is invalid or the platform rejected the key request | Check the recipient name spelling; verify your activation is still valid |
UnauthorizedAccessException | An outbound deny rule matched | Inspect policy.csv; either remove the deny rule or add an allow rule |
| Decoy ASK marker | The platform refused to issue a key (typically activation/integrity check failure) | Re-activate the identity |
See also
- Decrypt a message How-to
- Use sessioned envelopes How-to
- Send with a final recipient How-to
- Messages and envelopes Concept