End-to-end encryption (option)

If you want to further secure all the steps of the data flow, you can directly push the encrypted data to us!

In this case, you must be able to encrypt the cz_user and additional cz_x information using the AES256-CBC encryption algorithm with the encryption key and Initialization Vector (IV) that we will provide.

Informations

The information below is provided as an example. The actual keys to be used in production will be communicated separately by your dedicated Goodays' contact.

Encryption Key: 0123456789abcdef0123456789abcdef
Initialization Vector (IV): 0123456789ABCDEF
Padding character: \34

Expected output

--------------Message to encrypt-------------- message > Tatsuo|Kusakabe|tatsuo.kusakabe@example.com|0612345789|123456789 encrypted > Sww0ZtK5thbCpUeYSDe63wOJiiv%2FgkadCJZNOlXJvSe1234j3Yk8NqZSFSiDreotknSqw66Yr3RImtcg%2B4eBzCuNhPPwtcsbs9huAupW0vqLxu%2B1b3q8XMP2hxXiA3 --------------Message to decrypt-------------- encrypted > Sww0ZtK5thbCpUeYSDe63wOJiiv%2FgkadCJZNOlXJvSe1234j3Yk8NqZSFSiDreotknSqw66Yr3RImtcg%2B4eBzCuNhPPwtcsbs9huAupW0vqLxu%2B1b3q8XMP2hxXiA3 message > Tatsuo|Kusakabe|tatsuo.kusakabe@example.com|0612345789|123456789 --------------SUCCESS--------------

â„šī¸ In addition to base64 encoding, we recommend url encoding the final string. The code examples take this into account.

Sample code

🚧

These examples are provided as a rough indication of how encryption should be set up on your side. We do not guarantee compatibility with your IT system.

In each code, please replace <KEY> and <IV> with your dedicated values.

<?php // Configuration define('CIPHER_METHOD', 'AES-256-CBC'); define('CIPHER_KEY', base64_decode("<KEY>")); // Replace with your actual key define('IV', base64_decode("<IV>")); // Replace with your actual IV define('BLOCK_SIZE', 16); // Block size for AES-256-CBC define('PADDING_CHAR', "\34"); // Padding character defined // Adds the necessary padding to the text function addPadding($text) { $paddingSize = BLOCK_SIZE - (strlen($text) % BLOCK_SIZE); return $text . str_repeat(PADDING_CHAR, $paddingSize); } // Removes the padding from the text function removePadding($text) { return rtrim($text, PADDING_CHAR); } // Encryption function function encrypt($text) { $padded = addPadding($text); $encrypted = openssl_encrypt($padded, CIPHER_METHOD, CIPHER_KEY, OPENSSL_RAW_DATA, IV); return urlencode(base64_encode($encrypted)); } // Decryption function function decrypt($data) { $data = base64_decode(urldecode($data)); $padded = openssl_decrypt($data, CIPHER_METHOD, CIPHER_KEY, OPENSSL_RAW_DATA, IV); if ($padded === false) { return false; // decrypt failed } return removePadding($padded); } // Tests: change these values to test with other messages $messageToEncrypt = "Tatsuo|Kusakabe|tatsuo.kusakabe@example.com|0612345789|123456789"; $messageToDecrypt = encrypt($messageToEncrypt); echo "--------------Message to encrypt--------------\n"; echo " message > " . $messageToEncrypt . "\n"; echo " encrypted > " . encrypt($messageToEncrypt) . "\n"; echo "--------------Message to decrypt--------------\n"; echo " encrypted > " . $messageToDecrypt . "\n"; echo " message > " . decrypt($messageToDecrypt) . "\n"; ?>
import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import java.net.URLEncoder; import java.net.URLDecoder; import java.nio.charset.StandardCharsets; import java.util.Base64; public class AESExample { // Configuration private static final String CIPHER_METHOD = "AES/CBC/PKCS5Padding"; private static final byte[] CIPHER_KEY = Base64.getDecoder().decode("<KEY>"); // Replace with your actual key private static final byte[] IV = Base64.getDecoder().decode("<IV>"); // Replace with your actual IV private static final char PADDING_CHAR = '\34'; // Defined padding character // Adds necessary padding to the text private static String addPadding(String text) { int paddingSize = 16 - (text.length() % 16); StringBuilder sb = new StringBuilder(text); for (int i = 0; i < paddingSize; i++) { sb.append(PADDING_CHAR); } return sb.toString(); } // Removes padding from the text private static String removePadding(String text) { return text.replaceAll("[" + PADDING_CHAR + "]+$", ""); } // Encryption function public static String encrypt(String text) throws Exception { String padded = addPadding(text); Cipher cipher = Cipher.getInstance(CIPHER_METHOD); SecretKeySpec keySpec = new SecretKeySpec(CIPHER_KEY, "AES"); IvParameterSpec ivSpec = new IvParameterSpec(IV); cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); byte[] encrypted = cipher.doFinal(padded.getBytes(StandardCharsets.UTF_8)); return URLEncoder.encode(Base64.getEncoder().encodeToString(encrypted), "UTF-8"); } // Decryption function public static String decrypt(String encryptedData) throws Exception { String urlDecodedData = URLDecoder.decode(encryptedData, StandardCharsets.UTF_8.toString()); byte[] decodedData = Base64.getDecoder().decode(urlDecodedData); Cipher cipher = Cipher.getInstance(CIPHER_METHOD); SecretKeySpec keySpec = new SecretKeySpec(CIPHER_KEY, "AES"); IvParameterSpec ivSpec = new IvParameterSpec(IV); cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec); byte[] original = cipher.doFinal(decodedData); return removePadding(new String(original, StandardCharsets.UTF_8)); } // Tests public static void main(String[] args) throws Exception { // Tests: change these values to test with other messages String messageToEncrypt = "Tatsuo|Kusakabe|tatsuo.kusakabe@example.com|0612345789|123456789"; String messageToDecrypt = encrypt(messageToEncrypt); System.out.println("--------------Message to encrypt--------------"); System.out.println(" message > " + messageToEncrypt); System.out.println(" encrypted > " + encrypt(messageToEncrypt)); System.out.println("--------------Message to decrypt--------------"); System.out.println(" encrypted > " + messageToDecrypt); System.out.println(" message > " + decrypt(messageToDecrypt)); } }
# Make sur to install the PyCryptodome library before with this command: # pip install pycryptodome from Crypto.Cipher import AES import base64 import urllib.parse # Configuration CIPHER_KEY = base64.b64decode("<KEY>") # Replace with your actual key IV = base64.b64decode("<IV>") # Replace with your actual IV BLOCK_SIZE = 16 # Block size for AES-256-CBC PADDING_CHAR = b'\x1C' # Equivalent to '\34' in octal # Adds the necessary padding to the text def add_padding(text): padding_size = BLOCK_SIZE - len(text) % BLOCK_SIZE return text + PADDING_CHAR * padding_size # Removes the padding from the text def remove_padding(text): return text.rstrip(PADDING_CHAR) # Encryption function def encrypt(text): padded_text = add_padding(text.encode('utf-8')) cipher = AES.new(CIPHER_KEY, AES.MODE_CBC, IV) encrypted = cipher.encrypt(padded_text) return urllib.parse.quote_plus(base64.b64encode(encrypted).decode('utf-8')) # Decryption function def decrypt(encrypted_data): encrypted_data = base64.b64decode(urllib.parse.unquote_plus(encrypted_data)) cipher = AES.new(CIPHER_KEY, AES.MODE_CBC, IV) padded_text = cipher.decrypt(encrypted_data) return remove_padding(padded_text).decode('utf-8') # Main method for testing if __name__ == "__main__": # Tests: change these values to test with other messages message_to_encrypt = "Tatsuo|Kusakabe|tatsuo.kusakabe@example.com|0612345789|123456789" message_to_decrypt = encrypt(message_to_encrypt) print("--------------Message to encrypt--------------") print(f" message > {message_to_encrypt}") print(f" encrypted > {encrypt(message_to_encrypt)}") print("--------------Message to decrypt--------------") print(f" encrypted > {message_to_decrypt}") print(f" message > {decrypt(message_to_decrypt)}")