Ecrypting and Decrypting Payload

For all payouts APIs, it's essential to encrypt the request payload before sending it for processing. Similarly, the response is encrypted and needs to be decrypted before consumption. This security measure ensures that transaction requests and responses are securely transmitted. You can refer to below examples to encrypt/decrypt payloads.

For all payout apis request and response format is:

Request Format:

{
    "request":"{ecrypted_request_string}"
}

Response Format:

{
    "request":"{ecrypted_response_string}"
}

To encrypt a request payload, you can utilize the provided example with the following logic:

Encryption Logic:

```java public String encrypt(String strToEncrypt, String secretKey) { try { byte[] key = secretKey.getBytes(StandardCharsets.UTF_8); MessageDigest sha = MessageDigest.getInstance("SHA-256"); key = sha.digest(key); key = Arrays.copyOf(key, 16); SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec); return Base64.getEncoder().encodeToString(cipher.doFinal(strToEncrypt.getBytes(StandardCharsets.UTF_8))); } catch (Exception e) { e.printStackTrace(); } return null; } ``` ### Parameters: `strToEncrypt`: The payload string that you want to encrypt. `secretKey`: The client's secret key used for encryption. This should be provided by the client.

Usage:

Construct an object with the required fields.
Convert the request object to a JSON string.
Call the encrypt method with the JSON payload and the client's secret key.
It will return the encrypted payload as a Base64 encoded string.

BeneficiaryCreateRequest request = //BeneficiaryCreateRequest initiliazation;

// Convert object to JSON
ObjectMapper objectMapper = new ObjectMapper();
String jsonPayload = objectMapper.writeValueAsString(request);

String encryptedPayload = encrypt(jsonPayload, "{secretKey}");
System.out.println("Encrypted Payload: " + encryptedPayload);

```js const crypto = require('crypto');

function encrypt(jsonPayload, secretKey) {

const jsonString = JSON.stringify(jsonPayload);
// Generate key from secretKey
let key = crypto.createHash('sha256').update(secretKey, 'utf-8').digest();
key = key.slice(0, 16); // Use only the first 16 bytes (128 bits)

// Create the cipher
const cipher = crypto.createCipheriv('aes-128-ecb', key, null);

// Encrypt the text
let encrypted = cipher.update(jsonString, 'utf-8', 'base64');
encrypted += cipher.final('base64');

return encrypted;

}

### Parameters:
`jsonPayload`: The payload object that you want to encrypt.
`secretKey`: The client's secret key used for encryption. This should be provided by the client.
      
### Usage:
- Construct an object with the required fields.
- Call the encrypt method with the JSON payload and the client's secret key.
- It will return the encrypted payload as a Base64 encoded string.

```js
const request = {
    field1: "value1",
    field2: "value2"
};
const encryptedPayload = encrypt(request, "{secretKey}");
console.log("Encrypted Payload: " + encryptedPayload);

function encrypt($jsonPayload, $secretKey) {
    try {
        $jsonString = json_encode($jsonPayload);
        // Generate key from secretKey
        $key = hash('sha256', $secretKey, true);
        $key = substr($key, 0, 16); // Use only the first 16 bytes (128 bits)

        // Create the cipher
        $cipher = "AES-128-ECB";
        $options = OPENSSL_RAW_DATA;

        // Encrypt the text
        $encrypted = openssl_encrypt($jsonString, $cipher, $key, $options);
        return base64_encode($encrypted);
    } catch (Exception $e) {
        echo 'Exception: ',  $e->getMessage(), "\n";
    }
    return null;
}

Parameters:

$jsonPayload: The payload array or object that you want to encrypt.
$secretKey: The client's secret key used for encryption. This should be provided by the client.

Usage:

Construct an object with the required fields.
Call the encrypt method with the JSON payload and the client's secret key.
It will return the encrypted payload as a Base64 encoded string.

$request = [
    "field1" => "value1",
    "field2" => "value2"
];

$encryptedPayload = encrypt($request, "{secretKey}");
echo "Encrypted Payload: " . $encryptedPayload;

using System;
using System.Security.Cryptography;
using System.Text;

public class EncryptionHelper
{
    public static string Encrypt(object jsonPayload, string secretKey)
    {
        try
        {
            string jsonString = Newtonsoft.Json.JsonConvert.SerializeObject(jsonPayload);

            // Generate key from secretKey
            using (SHA256 sha256 = SHA256.Create())
            {
                byte[] key = sha256.ComputeHash(Encoding.UTF8.GetBytes(secretKey));
                Array.Resize(ref key, 16); // Use only the first 16 bytes (128 bits)

                // Create the cipher
                using (Aes aes = Aes.Create())
                {
                    aes.Key = key;
                    aes.Mode = CipherMode.ECB;
                    aes.Padding = PaddingMode.PKCS7;

                    using (ICryptoTransform encryptor = aes.CreateEncryptor())
                    {
                        byte[] inputBytes = Encoding.UTF8.GetBytes(jsonString);
                        byte[] encryptedBytes = encryptor.TransformFinalBlock(inputBytes, 0, inputBytes.Length);
                        return Convert.ToBase64String(encryptedBytes);
                    }
                }
            }
        }
        catch (Exception e)
        {
            Console.WriteLine("Exception: " + e.Message);
        }
        return null;
    }
}

Parameters:

jsonPayload: The payload object that you want to encrypt.
secretKey: The client's secret key used for encryption. This should be provided by the client.

Usage:

Construct an object with the required fields.
Call the Encrypt method with the JSON payload and the client's secret key.
It will return the encrypted payload as a Base64 encoded string.

var request = new {
    field1 = "value1",
    field2 = "value2"
};

string encryptedPayload = EncryptionHelper.Encrypt(request, "{secretKey}");
Console.WriteLine("Encrypted Payload: " + encryptedPayload);

</Tab>

```python from Crypto.Cipher import AES from Crypto.Hash import SHA256 import base64 import json def encrypt(jsonPayload, secretKey): jsonString = json.dumps(jsonPayload) key = SHA256.new(secretKey.encode('utf-8')).digest()[:16] cipher = AES.new(key, AES.MODE_ECB) paddedData = jsonString + (16 - len(jsonString) % 16) * chr(16 - len(jsonString) % 16) encryptedBytes = cipher.encrypt(paddedData.encode('utf-8')) return base64.b64encode(encryptedBytes).decode('utf-8') ``` ### Parameters: `jsonPayload`: The JSON payload that you want to encrypt. `secretKey`: The client's secret key used for encryption. This should be provided by the client.

Usage:

Convert the request object to a JSON string.
Call the encrypt function with the JSON payload and the client's secret key.
It will return the encrypted payload as a Base64 encoded string.
```python
jsonPayload = {"example": "data"}
secretKey = "your_secret_key"

encryptedPayload = encrypt(jsonPayload, secretKey)
print("Encrypted Payload: ", encryptedPayload)

</Tab>
</Tabs>


:::note
- Ensure to securely handle and store the secret key.
- This encryption logic uses AES encryption with ECB mode and PKCS5 padding
:::

## Decryption Logic
To decrypt a payload, you can utilize the provided methods:

<Tabs>
  <Tab title="Java">
```java
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import com.fasterxml.jackson.databind.ObjectMapper;

public class DecryptionUtil {

    public static String decrypt(String strToDecrypt, String secretKey) {
        try {
            byte[] key = secretKey.getBytes(StandardCharsets.UTF_8);
            MessageDigest sha = MessageDigest.getInstance("SHA-256");
            key = sha.digest(key);
            key = Arrays.copyOf(key, 16);
            SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
            cipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
            return new String(cipher.doFinal(Base64.getDecoder().decode(strToDecrypt.getBytes(StandardCharsets.UTF_8))));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

    public static void main(String[] args) throws Exception {
        // Encrypted payload received from client
        String encryptedPayload = "YourEncryptedPayload";

        // Decrypt the payload
        String decryptedPayload = decrypt(encryptedPayload, "XXXXXXXXXXXXX");
        System.out.println("Decrypted Payload: " + decryptedPayload);

        // Convert JSON to object
        ObjectMapper objectMapper = new ObjectMapper();
        ExampleObject example = objectMapper.readValue(decryptedPayload, ExampleObject.class);
        System.out.println("Field1: " + example.getField1());
        System.out.println("Field2: " + example.getField2());
    }
}

Parameters:

strToDecrypt: The encrypted payload string that you want to decrypt.
secretKey: The client's secret key used for decryption. This should match the secret key used for encryption.

Usage:

Call the decrypt method with the encrypted payload string and the client's secret key
It will return the decrypted payload as a string
If the payload represents a JSON object, you can convert it back to an object

const crypto = require('crypto');

function decrypt(strToDecrypt, secretKey) {
    let key = crypto.createHash('sha256').update(secretKey, 'utf-8').digest();
    key = key.slice(0, 16);
    const decipher = crypto.createDecipheriv('aes-128-ecb', key, null);
    let decrypted = decipher.update(strToDecrypt, 'base64', 'utf-8');
    decrypted += decipher.final('utf-8');
    return decrypted;
}

Parameters:

strToDecrypt: The Base64 encoded encrypted string that you want to decrypt.
secretKey: The client's secret key used for decryption. This should be the same key that was used for encryption.

Usage:

Call the decrypt method with the encrypted payload and the client's secret key.
It will return the decrypted payload as a string.

```php function decrypt($strToDecrypt, $secretKey) { try { $key = hash('sha256', $secretKey, true); $key = substr($key, 0, 16); $cipher = "AES-128-ECB"; $options = OPENSSL_RAW_DATA; $decodedData = base64_decode($strToDecrypt); $decrypted = openssl_decrypt($decodedData, $cipher, $key, $options); return $decrypted; } catch (Exception $e) { echo 'Exception: ', $e->getMessage(), "\n"; } return null; } ``` ### Parameters: `strToDecrypt`: The Base64 encoded encrypted string that you want to decrypt. `secretKey`: The client's secret key used for decryption. This should be the same key that was used for encryption.

Usage:

Call the decrypt method with the encrypted payload and the client's secret key.
It will return the decrypted payload as a string.

using System;
using System.Security.Cryptography;
using System.Text;

public class EncryptionHelper
{
    public static string Decrypt(string strToDecrypt, string secretKey)
    {
        try
        {
            using (SHA256 sha256 = SHA256.Create())
            {
                byte[] key = sha256.ComputeHash(Encoding.UTF8.GetBytes(secretKey));
                Array.Resize(ref key, 16);

                using (Aes aes = Aes.Create())
                {
                    aes.Key = key;
                    aes.Mode = CipherMode.ECB;
                    aes.Padding = PaddingMode.PKCS7;

                    using (ICryptoTransform decryptor = aes.CreateDecryptor())
                    {
                        byte[] inputBytes = Convert.FromBase64String(strToDecrypt);
                        byte[] decryptedBytes = decryptor.TransformFinalBlock(inputBytes, 0, inputBytes.Length);
                        return Encoding.UTF8.GetString(decryptedBytes);
                    }
                }
            }
        }
        catch (Exception e)
        {
            Console.WriteLine("Exception: " + e.Message);
        }
        return null;
    }
}

Parameters:

strToDecrypt: The Base64 encoded encrypted string that you want to decrypt.
secretKey: The client's secret key used for decryption. This should be the same key that was used for encryption.

Usage:

Construct an object with the required fields.
Call the Encrypt method with the JSON payload and the client's secret key.
It will return the encrypted payload as a Base64 encoded string.
Payload;

```python from Crypto.Cipher import AES from Crypto.Hash import SHA256 import base64 import json

def decrypt(strToDecrypt, secretKey):
# Generate key from secretKey
key = SHA256.new(secretKey.encode('utf-8')).digest()[:16]

# Create the cipher
cipher = AES.new(key, AES.MODE_ECB)

# Decode the Base64 encoded string
encryptedBytes = base64.b64decode(strToDecrypt)

# Decrypt the text
decryptedBytes = cipher.decrypt(encryptedBytes).decode('utf-8')

# Remove padding
pad = ord(decryptedBytes[-1])
decryptedData = decryptedBytes[:-pad]

# Convert JSON string back to object
return json.loads(decryptedData)

### Parameters:
`strToDecrypt`: The Base64 encoded encrypted string that you want to decrypt.
`secretKey`: The client's secret key used for decryption. This should be the same key that was used for encryption.

### Usage:
- Call the `decrypt` function with the encrypted payload and the client's secret key.
- It will return the decrypted payload as a JSON object.

```python
encryptedPayload = "EncryptedPayload"
secretKey = "your_secret_key"

decryptedPayload = decrypt(encryptedPayload, secretKey)
print("Decrypted Payload: ", decryptedPayload)

:::note

Ensure to securely handle and store the secret key.
This decryption logic uses AES decryption with ECB mode and PKCS5 padding
:::

Last modified: 3 months ago