Envelope Metadata
Objekt encrypted envelopes are self-describing. Anyone who encounters a file on IPFS, Arweave, or ENS can inspect it without decrypting.
Inspect an Envelope
import { inspectEnvelope, isEncrypted } from "@objekt.sh/ecies";
if (isEncrypted(data)) {
const info = inspectEnvelope(data);
console.log(info.mime); // "image/png"
console.log(info.access); // "reveal.objekt.sh/1a35e1.eth/phone"
console.log(info.recipients); // [{ curve: 1, caip10: "eip155:1:0xabc..." }, ...]
}What's Public vs Private
| Field | Visibility | Purpose |
|---|---|---|
| CBOR tag ("objekt") | Public | Format detection — 9-byte prefix check |
mime | Public | Original content type |
access | Public | Where to buy a view key (x402 URL) |
r[].id (CAIP-10) | Public | Who can decrypt (chain + address) |
r[].pub | Public | Recipient public key (needed for decryption matching) |
r[].w | Public but useless | Wrapped AES key — encrypted per recipient, can't be unwrapped without private key |
ct | Public but useless | Encrypted content — can't be decrypted without the AES key |
The metadata is intentionally public. The security comes from the AES-256-GCM encryption of the content and the ECIES wrapping of the AES key per recipient.
Discovery Flow
When a client encounters an Objekt encrypted file:
Detect
Check the 9-byte prefix [0xDB, 0x00, 0x00, 0x6F, 0x62, 0x6A, 0x65, 0x6B, 0x74].
Inspect
Parse the CBOR envelope to read metadata: MIME type, recipients (CAIP-10 addresses), and access URL.
Try to decrypt
If the client has a matching keypair (wallet-derived or view key), decrypt directly.
Buy access
If no keypair matches but access is present, fetch the reveal URL to see the price and pay via x402.
Decrypt with view key
After purchasing, use the returned view key to decrypt.
Embedding in ENS
The access URL can be published as an ENS text record (e.g., sh.objekt.reveal) so wallets and dApps can discover paid content associated with an ENS name without fetching the encrypted file first.