> ## Documentation Index
> Fetch the complete documentation index at: https://ekacare-quickstart-cleanup.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Decrypt Data

> Decrypt data using ECDH key exchange.

This API decrypts health data received from external HIPs/HIUs via ABDM. A shared secret is derived from the receiver's private key and the sender's public key. The IV and salt are computed from the XOR of sender and receiver nonces, and the data is decrypted using AES-256-GCM.

**Algorithm details:**
- **Key Agreement:** ECDH on Curve25519 (Weierstrass form)
- **Key Derivation:** HKDF-SHA256
- **Symmetric Encryption:** AES-256-GCM
- **Nonce Handling:** IV and salt are derived from XOR of sender and receiver nonces

For more details, refer to the [ABDM Encryption and Decryption Guide](https://sandbox.abdm.gov.in/sandbox/v3/new-documentation?doc=EncryptionandDecryptions).




## OpenAPI

````yaml POST /abdm/v1/ecdh/decrypt
openapi: 3.1.0
info:
  description: ABHA Registration and login APIs
  title: Registration
  version: 1.0.0
servers:
  - description: Production
    url: https://api.eka.care
  - description: Stage/Sandbox
    url: https://api.dev.eka.care
security: []
paths:
  /abdm/v1/ecdh/decrypt:
    post:
      description: Decrypt data using ECDH key exchange.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ModelsDecryptPayload'
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ModelsDecryptResponse'
          description: OK
        4XX:
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
        5XX:
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
      security:
        - authApiKey: []
components:
  schemas:
    ModelsDecryptPayload:
      properties:
        encrypted_data:
          description: Base64-encoded encrypted data to decrypt
          type: string
        receiver_nonce:
          description: Nonce associated with the receiver's key pair
          type: string
        receiver_private_key:
          description: Base64-encoded private key of the receiver
          type: string
        sender_nonce:
          description: Nonce associated with the sender's key pair
          type: string
        sender_public_key:
          description: Base64-encoded public key of the sender
          type: string
      type: object
    ModelsDecryptResponse:
      properties:
        decrypted_data:
          description: Decrypted plaintext data
          type: string
      type: object
    GenericError:
      properties:
        code:
          type: integer
        error:
          type: string
        source_error:
          $ref: '#/components/schemas/SourceErr'
      type: object
    SourceErr:
      properties:
        code:
          type: string
        message:
          type: string
      type: object
  securitySchemes:
    authApiKey:
      description: The API requires a Bearer token (JWT) for authentication.
      scheme: bearer
      type: http

````