> ## Documentation Index
> Fetch the complete documentation index at: https://ekacare-quickstart-cleanup.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Encrypt Data

> Encrypt data using ECDH key exchange.

This API encrypts plaintext health data using ECDH shared secret derivation. A shared secret is derived from the sender's private key and the receiver's public key. The IV and salt are computed from the XOR of sender and receiver nonces, and the data is encrypted using AES-256-GCM.

**Algorithm details:**
- **Key Agreement:** ECDH on Curve25519 (Weierstrass form)
- **Key Derivation:** HKDF-SHA256
- **Symmetric Encryption:** AES-256-GCM
- **Nonce Handling:** IV and salt are derived from XOR of sender and receiver nonces

The response includes the base64-encoded encrypted data and the public key material to share with the receiver.

For more details, refer to the [ABDM Encryption and Decryption Guide](https://sandbox.abdm.gov.in/sandbox/v3/new-documentation?doc=EncryptionandDecryptions).




## OpenAPI

````yaml POST /abdm/v1/ecdh/encrypt
openapi: 3.1.0
info:
  description: ABHA Registration and login APIs
  title: Registration
  version: 1.0.0
servers:
  - description: Production
    url: https://api.eka.care
  - description: Stage/Sandbox
    url: https://api.dev.eka.care
security: []
paths:
  /abdm/v1/ecdh/encrypt:
    post:
      description: Encrypt data using ECDH key exchange.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ModelsEncryptPayload'
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ModelsEncryptResponse'
          description: OK
        4XX:
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
        5XX:
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
      security:
        - authApiKey: []
components:
  schemas:
    ModelsEncryptPayload:
      properties:
        plain_text_data:
          description: Plaintext data to encrypt
          type: string
        receiver_nonce:
          description: Nonce associated with the receiver's key pair
          type: string
        receiver_public_key:
          description: Base64-encoded public key of the receiver
          type: string
        sender_nonce:
          description: Nonce associated with the sender's key pair
          type: string
        sender_private_key:
          description: Base64-encoded private key of the sender
          type: string
        sender_public_key:
          description: Base64-encoded public key of the sender
          type: string
      type: object
    ModelsEncryptResponse:
      properties:
        encrypted_data:
          description: Base64-encoded encrypted data
          type: string
        key_to_share:
          description: Public key material to share with the receiver
          type: string
      type: object
    GenericError:
      properties:
        code:
          type: integer
        error:
          type: string
        source_error:
          $ref: '#/components/schemas/SourceErr'
      type: object
    SourceErr:
      properties:
        code:
          type: string
        message:
          type: string
      type: object
  securitySchemes:
    authApiKey:
      description: The API requires a Bearer token (JWT) for authentication.
      scheme: bearer
      type: http

````