Steps to generate encrypted token


  • Prepare an Object with following sample details.
{
"client_id":
"d86149609e2972fe19403e22d014c7101a4c50f004ba0448e20362ebfbdb90cd42e4b5fd56d861189bd
f7efda25f4e40",
"client_secret":
"2207c85437305733a3e6a536f33a248547e34eb876431fa091e8ce35e8475347e5754f0fcec1b0bf235f
a8262676a20b0cd59f21a853eae68b34b0f32eeecbca",
"epoch":"1723005493" //Current Time stamp
}
  • Encrypt above object using the following public key.
a6T8tOCYiSzDTrcqPvCbJfy0wSQOVcfaevH0gtwCtoU=

Note: 

Client id, Client secret, pass_key, and public key have already been shared during onboarding.

 

  • Encryption can be done by the following programming languages as follows:

 

Encryption code in java:

package com.example.encryp_decryp;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.stereotype.Service;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.SecureRandom;
import java.util.Arrays;
import org.apache.commons.codec.binary.Base64;
import com.example.demo.service.EncryptionService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
@SpringBootApplication
public class EncrypDecrypApplication {
       public static void main(String[] args) {
             SpringApplication.run(EncrypDecrypApplication.class, args);
       }
}
@Service
public class EncryptionService {
       private static final int AES_KEY_SIZE = 256;
       private static final int AES_BLOCK_SIZE = 16;
       public String encryptResponse(byte[] responseBody, String key) throws Exception {
             byte[] iv = new byte[AES_BLOCK_SIZE];
             SecureRandom random = new SecureRandom();
             random.nextBytes(iv);
             byte[] decodedKey = Base64.decodeBase64(key);
             SecretKeySpec secretKeySpec = new SecretKeySpec(decodedKey, "AES");
             Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
             cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, new IvParameterSpec(iv));
             byte[] paddedData = pkcs7Padding(responseBody, AES_BLOCK_SIZE);
             byte[] encrypted = cipher.doFinal(paddedData);
             byte[] result = new byte[iv.length + encrypted.length];
             System.arraycopy(iv, 0, result, 0, iv.length);
             System.arraycopy(encrypted, 0, result, iv.length, encrypted.length);
             return Base64.encodeBase64String(result);
       }
       public String decryptRequest(String encryptedString, String key) throws Exception {
             byte[] byteCipherText = Base64.decodeBase64(encryptedString);
             byte[] iv = Arrays.copyOfRange(byteCipherText, 0, AES_BLOCK_SIZE);
             byte[] cipherText = Arrays.copyOfRange(byteCipherText, AES_BLOCK_SIZE, 
byteCipherText.length);
             byte[] decodedKey = Base64.decodeBase64(key);
             SecretKeySpec secretKeySpec = new SecretKeySpec(decodedKey, "AES");
 Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
             cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, new IvParameterSpec(iv));
             byte[] decrypted = cipher.doFinal(cipherText);
             String decryptedString = new String(decrypted).trim();
             return rmNoise(decryptedString);
       }
       private byte[] pkcs7Padding(byte[] data, int blockSize) {
             int padding = blockSize - (data.length % blockSize);
             byte[] padText = new byte[padding];
             Arrays.fill(padText, (byte) padding);
             byte[] paddedData = new byte[data.length + padding];
             System.arraycopy(data, 0, paddedData, 0, data.length);
             System.arraycopy(padText, 0, paddedData, data.length, padding);
             return paddedData;
       }
       private String rmNoise(String data) {
             for (int i = data.length() - 1; i >= 0; i--) {
                    if (data.charAt(i) == '}') {
                           return data.substring(0, i + 1);
                    }
             }
             return data;
       }
}
@RestController
@RequestMapping("/api")
public class EncryptionController {
       @Autowired
       private EncryptionService encryptionService;
       @GetMapping("/encrypt")
       public String encrypt(@RequestParam String responseBody, @RequestParam String key) throws 
Exception {
             return encryptionService.encryptResponse(responseBody.getBytes(), key);
       }
       @GetMapping("/decrypt")
       public String decrypt(@RequestParam String encryptedString, @RequestParam String key) throws 
Exception {
             return encryptionService.decryptRequest(encryptedString, key);
       }
}

Encryption code in PHP:

function Encr($data) { $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc')); 
$dataBytes = str_split($data); $length = count($dataBytes); echo "length of payload: " . $length . "\n"; // 
if ($length % 16 != 0) 
{ // $extendBlock = 16 - ($length % 16); // 
$payloadBytesBlock = array_merge($dataBytes, array_fill(0, $extendBlock, chr($extendBlock))); // } else 
{ // $payloadBytesBlock = $dataBytes; // }
$a = base64_decode("a6T8tOCYiSzDTrcqPvCbJfy0wSQOVcfaevH0gtwCtoU=");
echo "length of key: " . strlen($a) . "\n";
$block = openssl_cipher_iv_length('aes-256-cbc');
$paddedData = PKCS7Padding($dataBytes, $block);
$encrypted = openssl_encrypt($paddedData, 'aes-256-cbc', $a, OPENSSL_RAW_DATA, $iv);
$result = $iv . $encrypted;
$str = base64_encode($result);
echo "result encrypted string: " . $str . "\n";
return $str;
}
function PKCS7Padding($data, $blockSize) { 
$padding = $blockSize - (count($data) % $blockSize); 
return array_merge($data, array_fill(0, $padding, chr($padding))); 
} ?>```

Notes: 

Encrypted token containing Client id, Client secret and epoch timestamp.
[Client will get the encrypted data by encrypting client id, client secret ,epoch timestamp using a unique key]