Encrypting a Document

Encrypting a document using a SENxContext.

In this following example, we create a context for encryption and have chosen the Aes256Cbc cipher along with Sha256 as our hash algorithm. Using the context, the file contents of sample.pdf are encrypted using the public key associated with route 8565551234. The resulting cryptogram may be delivered using the SendFax() method.

Any errors encountered using the SENxContext will result in a CryptoException being thrown.

Behind the scenes, the encryption process uses the public key of the destination peer to generate a shared secret. A KDF (Key Derivation Function) function is then used to derive keying material used for the AES encryption operation. Upon successful completion of the encrypt function, the returned cryptogram will contain a unique ephemeral public key including the ciphering and hashing algorithms chosen, a keyed hash-based message authentication code (HMAC), and the encrypted payload itself. Should any information be tampered with along the way, the decryption process will fail.

Details of this process are explained here.


Programming Example

For the sake of brevity, this programming example has omitted error checking (file load, etc.).

// initialize SENx

    // retrieve route information
    var route = client.GetRouteInfo("8565551234");
    if (route != null &&
        route.Encryption != null &&
        // let's do some encryption
        // ...
    // create context, aes256cbc + sha256
    using (var context = new SENxContext(CryptoAlgorithm.Aes256Cbc, HashAlgorithm.Sha256))
        // read all bytes from file
        var data = File.ReadAllBytes("sample.pdf");

        // load public key of destination
        var res = context.LoadKeyFromBuffer(route.Encryption.PublicKey);
        Console.WriteLine("LoadKeyFromBuffer: " + res);
        // encrypt payload into cryptogram
        var cryptogram = context.Encrypt(data);

        // create fax
        var fax = new FaxSend()
            DialNumber = "8565551234",
            FaxImage = cryptogram

        // begin sending the fax
        var result = client.SendFax(fax);
        // ...
catch (CryptoException e)
    Console.WriteLine("CryptoException: {0} {1}", e.Result, e.Message);

// release all resources

When querying a route, information returned in the Encryption section must be observed by the sending application.

EnabledIndicates whether encryption is enabled for this route/endpoint.
RequiredIndicates whether encryption is required/mandatory for this route/endpoint. If the peer has set this flag, the network will only accept cryptograms during fax submission.
PublicKeyContains the peer's public key in base64-encoded PEM format.

An example response from a route query:

  "Route": "+18565551234",
  "AcceptedFormats": [
  "Resolutions": [
  "PageWidths": [
  "Encryption": {
    "Enabled": true,
    "Required": false,
  "Name": "Pearson Medical"


Encryption Algorithm (Cipher)

Though the SENx library does support various forms of AES, some peers may not be able to decrypt more advanced variants such AES/GCM. For best success, it is recommended to use the AES/CBC ciphers for maximum compatibility with other peers.

What’s Next