How-to

Inspect a wire envelope

Applies to: .NET SDK Last updated: 2026-06-11

Goal

Read the cleartext header of an envelope (sender's opaque identifier, time window, format variant) without performing a full decrypt. Useful as a fast deny-list check or for routing.

Code

var inspected = Client.InspectEnvelope(envelope);
Console.WriteLine($"SourceId:    {inspected.SourceId?.Substring(0, 32)}...");
Console.WriteLine($"Kgt:         {inspected.Kgt}");
Console.WriteLine($"SessionHash: {inspected.SessionHash}");
Console.WriteLine($"Kind:        {inspected.Kind}");

What you get back

FieldMeaning
SourceIdSender's opaque cryptographic identifier (for standard envelopes); null for sessioned envelopes
KgtTime-window number used for key derivation; null for sessioned
SessionHashSession hash (for sessioned envelopes only)
KindStandard or Sessioned

SourceId here is the wire-level identifier, suitable for routing decisions but not for authorisation — authorisation must use the verified Sender field that comes out of a full decrypt.

See also