End-to-end encryption (option)
If you want to further secure all the steps of the data flow, you can directly push the encrypted data to us!
In this case, you must be able to encrypt the cz_user and additional cz_x information using the AES256-CBC encryption algorithm with the encryption key and Initialization Vector (IV) that we will provide.
Informations
The information below is provided as an example. The actual keys to be used in production will be communicated separately by your dedicated Goodays' contact.
Encryption Key: 0123456789abcdef0123456789abcdef
Initialization Vector (IV): 0123456789ABCDEF
Padding character: \34
Expected output
--------------Message to encrypt--------------
message > Tatsuo|Kusakabe|tatsuo.kusakabe@example.com|0612345789|123456789
encrypted > Sww0ZtK5thbCpUeYSDe63wOJiiv%2FgkadCJZNOlXJvSe1234j3Yk8NqZSFSiDreotknSqw66Yr3RImtcg%2B4eBzCuNhPPwtcsbs9huAupW0vqLxu%2B1b3q8XMP2hxXiA3
--------------Message to decrypt--------------
encrypted > Sww0ZtK5thbCpUeYSDe63wOJiiv%2FgkadCJZNOlXJvSe1234j3Yk8NqZSFSiDreotknSqw66Yr3RImtcg%2B4eBzCuNhPPwtcsbs9huAupW0vqLxu%2B1b3q8XMP2hxXiA3
message > Tatsuo|Kusakabe|tatsuo.kusakabe@example.com|0612345789|123456789
--------------SUCCESS--------------
ℹ️ In addition to base64 encoding, we recommend url encoding the final string. The code examples take this into account.
Sample code
These examples are provided as a rough indication of how encryption should be set up on your side. We do not guarantee compatibility with your IT system.
In each code, please replace <KEY> and <IV> with your dedicated values.
<?php
// Configuration
define('CIPHER_METHOD', 'AES-256-CBC');
define('CIPHER_KEY', base64_decode("<KEY>")); // Replace with your actual key
define('IV', base64_decode("<IV>")); // Replace with your actual IV
define('BLOCK_SIZE', 16); // Block size for AES-256-CBC
define('PADDING_CHAR', "\34"); // Padding character defined
// Adds the necessary padding to the text
function addPadding($text) {
$paddingSize = BLOCK_SIZE - (strlen($text) % BLOCK_SIZE);
return $text . str_repeat(PADDING_CHAR, $paddingSize);
}
// Removes the padding from the text
function removePadding($text) {
return rtrim($text, PADDING_CHAR);
}
// Encryption function
function encrypt($text) {
$padded = addPadding($text);
$encrypted = openssl_encrypt($padded, CIPHER_METHOD, CIPHER_KEY, OPENSSL_RAW_DATA, IV);
return urlencode(base64_encode($encrypted));
}
// Decryption function
function decrypt($data) {
$data = base64_decode(urldecode($data));
$padded = openssl_decrypt($data, CIPHER_METHOD, CIPHER_KEY, OPENSSL_RAW_DATA, IV);
if ($padded === false) {
return false; // decrypt failed
}
return removePadding($padded);
}
// Tests: change these values to test with other messages
$messageToEncrypt = "Tatsuo|Kusakabe|tatsuo.kusakabe@example.com|0612345789|123456789";
$messageToDecrypt = encrypt($messageToEncrypt);
echo "--------------Message to encrypt--------------\n";
echo " message > " . $messageToEncrypt . "\n";
echo " encrypted > " . encrypt($messageToEncrypt) . "\n";
echo "--------------Message to decrypt--------------\n";
echo " encrypted > " . $messageToDecrypt . "\n";
echo " message > " . decrypt($messageToDecrypt) . "\n";
?>
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.net.URLEncoder;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
public class AESExample {
// Configuration
private static final String CIPHER_METHOD = "AES/CBC/PKCS5Padding";
private static final byte[] CIPHER_KEY = Base64.getDecoder().decode("<KEY>"); // Replace with your actual key
private static final byte[] IV = Base64.getDecoder().decode("<IV>"); // Replace with your actual IV
private static final char PADDING_CHAR = '\34'; // Defined padding character
// Adds necessary padding to the text
private static String addPadding(String text) {
int paddingSize = 16 - (text.length() % 16);
StringBuilder sb = new StringBuilder(text);
for (int i = 0; i < paddingSize; i++) {
sb.append(PADDING_CHAR);
}
return sb.toString();
}
// Removes padding from the text
private static String removePadding(String text) {
return text.replaceAll("[" + PADDING_CHAR + "]+$", "");
}
// Encryption function
public static String encrypt(String text) throws Exception {
String padded = addPadding(text);
Cipher cipher = Cipher.getInstance(CIPHER_METHOD);
SecretKeySpec keySpec = new SecretKeySpec(CIPHER_KEY, "AES");
IvParameterSpec ivSpec = new IvParameterSpec(IV);
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
byte[] encrypted = cipher.doFinal(padded.getBytes(StandardCharsets.UTF_8));
return URLEncoder.encode(Base64.getEncoder().encodeToString(encrypted), "UTF-8");
}
// Decryption function
public static String decrypt(String encryptedData) throws Exception {
String urlDecodedData = URLDecoder.decode(encryptedData, StandardCharsets.UTF_8.toString());
byte[] decodedData = Base64.getDecoder().decode(urlDecodedData);
Cipher cipher = Cipher.getInstance(CIPHER_METHOD);
SecretKeySpec keySpec = new SecretKeySpec(CIPHER_KEY, "AES");
IvParameterSpec ivSpec = new IvParameterSpec(IV);
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
byte[] original = cipher.doFinal(decodedData);
return removePadding(new String(original, StandardCharsets.UTF_8));
}
// Tests
public static void main(String[] args) throws Exception {
// Tests: change these values to test with other messages
String messageToEncrypt = "Tatsuo|Kusakabe|tatsuo.kusakabe@example.com|0612345789|123456789";
String messageToDecrypt = encrypt(messageToEncrypt);
System.out.println("--------------Message to encrypt--------------");
System.out.println(" message > " + messageToEncrypt);
System.out.println(" encrypted > " + encrypt(messageToEncrypt));
System.out.println("--------------Message to decrypt--------------");
System.out.println(" encrypted > " + messageToDecrypt);
System.out.println(" message > " + decrypt(messageToDecrypt));
}
}
# Make sur to install the PyCryptodome library before with this command:
# pip install pycryptodome
from Crypto.Cipher import AES
import base64
import urllib.parse
# Configuration
CIPHER_KEY = base64.b64decode("<KEY>") # Replace with your actual key
IV = base64.b64decode("<IV>") # Replace with your actual IV
BLOCK_SIZE = 16 # Block size for AES-256-CBC
PADDING_CHAR = b'\x1C' # Equivalent to '\34' in octal
# Adds the necessary padding to the text
def add_padding(text):
padding_size = BLOCK_SIZE - len(text) % BLOCK_SIZE
return text + PADDING_CHAR * padding_size
# Removes the padding from the text
def remove_padding(text):
return text.rstrip(PADDING_CHAR)
# Encryption function
def encrypt(text):
padded_text = add_padding(text.encode('utf-8'))
cipher = AES.new(CIPHER_KEY, AES.MODE_CBC, IV)
encrypted = cipher.encrypt(padded_text)
return urllib.parse.quote_plus(base64.b64encode(encrypted).decode('utf-8'))
# Decryption function
def decrypt(encrypted_data):
encrypted_data = base64.b64decode(urllib.parse.unquote_plus(encrypted_data))
cipher = AES.new(CIPHER_KEY, AES.MODE_CBC, IV)
padded_text = cipher.decrypt(encrypted_data)
return remove_padding(padded_text).decode('utf-8')
# Main method for testing
if __name__ == "__main__":
# Tests: change these values to test with other messages
message_to_encrypt = "Tatsuo|Kusakabe|tatsuo.kusakabe@example.com|0612345789|123456789"
message_to_decrypt = encrypt(message_to_encrypt)
print("--------------Message to encrypt--------------")
print(f" message > {message_to_encrypt}")
print(f" encrypted > {encrypt(message_to_encrypt)}")
print("--------------Message to decrypt--------------")
print(f" encrypted > {message_to_decrypt}")
print(f" message > {decrypt(message_to_decrypt)}")
Updated about 1 year ago