Old_Encryption in Central APIs For Customers

Encryption Mechanism:

The payload of the supported APIs are encrypted with the following method. We use AES-512 & RSA for encryption of payload.

Summary of Steps:

  1. Download the Public Key (public_key.pem) file from “Edit Flow” section.

  2. Take the valid JSON payload of the API which needs to be passed. Let’s call it “payload”

  3. Encode the payload using Base64 encoding. Let’s call the result “payload-B64”.

  4. Generate a random string of upto 2048 characters to be used as the signature key

  5. Encode that with Base64 encoding. Let’s call it “signatureKey-B64

  6. Use AES-512/ECB/PKCS5Padding encryption method to encrypt “payload-B64” with “signatureKey-B64”. Let’s call the result “payload-B64-AES”.

  7. Encrypt the encoded signature key with RSA Encryption using the Public Key obtained on step 1. Let’s call it “signatureKey-B64-RSA”.

  8. Send both “payload-B64-AES” and “signatureKey-B64-RSA” as parameters to the encrypted API.

Sample Example:

1. Original Sample Request Data :

{ "api-version": "1.0", "security-id": "f534794a88b87200f1fd7c6af0c09ffcf9a4abf465c09a957c22c22b00ce2221", "flow-id": "BTFpAuqF", "calls": [ { "client-identifier": "{% now 'iso-8601', '' %}", "start-time": "{% now 'iso-8601', '' %}", "contact-numbers": [ "6262772728" ], "keys": [ { "name": "$flow.key.customername", "value": "Parin" }, { "name": "$flow.key.product", "value": "Health" } ] } ] }

2. Base64 Encoded String :

Online site to convert normal text to base64: https://www.base64encode.org/


IHsKICAidmlzaXRvciI6ICI5MTk4Nzk1ODU3MDAiLAogICJjdXN0VG9rZW4iOiAidTFkOXowM2IiLAogICJkdXJhdGlvbiI6ICI5MDAiLAogICJzY2hlZHVsZWRfY2FsbGJhY2tfdGltZSI6ICIyMDIxLTAzLTI3IDEyOjAwOjAwIiwKICAidWRmNSI6ICJST1NTRSIsCiAgInVkZjciOiAiU0NIRU1FTkFNRVNXSVRDSCBJTiIsCiAgInVkZjExIjogInBhZ2U7Uk9TU0lEO0lOVkVTVE9STkFNRTtTQ0hFTUVOQU1FO0FNT1VOVDtVTklUUztFWElUTE9BREFNVDtPdGhlcmRldGFpbHM7Rm9saW8gY291bnQ7RGV0YWlscztSZWRlbXB0aW9uZm9saW9jb3VudDtTd2l0Y2hmb2xpb2NvdW50IiwKICAidWRmMTIiOiAiUmVhc29uO0ZPTElPTk87Q1JFQVRFRE9OIiwKfQ==

3. Generate a random string for encryption as symmetric and encode it with Base64 Encoding


Random Key : test1234
Base64 Encoded:: dGVzdDEyMzQ=

4. Symmetric Key encryption of data from Point 2 & 3 – Algorithm : AES/ECB/PKCS5Padding


AES Encryption Data :

14nZnSU51sms3Lhu60/9cuUAMsEwWIqxhj68zWWc70adIHDrS6Ad4csvQ/1X/x8EkwhKKJITcbXEv1GEFpp0mJ7a1a77LfHHUDAqRrhM7J2V38D66emu6BzDouVLf+OjZLYgl81Fi+lXLDHV3/Oc3c/w01bpM3CCQWt+kOuE8C1W8UEa6F1E5QfVwzE7EFy8U8tMvjj0twphvOKOXC0pSVWkIoUUUZiRsLRnvwZlby7GRazBLmC6rYXaY834ge2+Nsb84beI9OxIz/PDF5qUA1opYD4eLTvc1o2qr8Igu5ZlmBuqs0VQTOyntlVFjhFFSZPVCgacrbO33lnz9XP0CEUjKiV/hhfMmJrkbCfHJ8+eLyMygJE/9Abi2PPyhCql2N8/TPNH3TiTPS9z6pBkaL98BB+6YoFL6hKnt+euYjjtO5H12Ys9fh+BhPCNW9qIW+qAn1K/N6pQZnXESLtVxieK41RWSEZxP+K6IQLO56+ieFBpQ80Fyif3S18bwcZxNca5GHllagWRXg+/AhC/5ZUnc5mLtctvMLTpl8Fv+YWfHg7/qKjhIRXF7wFDodYJZFbJrBsTaF1fZPprq4PNXq7KlgoEtWnbM9oByFVLJkuHHvKzmRVWMBoJGaTS84CffqnBLKCmqvPLwepAwBAPpthWXddFjJkd8QGpZc1xIto=

Sample Link For AES Encryption: Java AES Encryption and Decryption: AES-256 Example

Note: Please use MessageDigest.getInstance("SHA-256");

5. RSA Encryption For Base64 encoded random Key :

 

VZATnCid3xMId80c4NVx365ubTYEEOE7y/3/sEjgKpWHyVsZmtuTuLC8ohdgunFmT8SsAYZtGydhKH9LJG6PwmYBCb+DNxdXnZ3Vrg+V+m/uA0tFp1CarEr5J5fMqN5fO9Qyb82JKk5ZamVmv0NRlMXxBi7S1hT0b85ZrpKaIX2OP6rYnDVeXDwIObj1XzvUna+sidbkHNeFJ+/m7xJONOof8Mv2FtAh65JWW/mdUzRbFCv/lBNHO7P6j6E1wNAE8UUgR7WrPusYlaw0S76yGo5p2r+mlG5/hZZMVU3ZUJvm4rP++tiZFuz1mpGjm4g2eUv6ugJ7fPyKSiFySNgX7g==

Sample Link For RAS Encryption: javainterviewpoint.com

Note: Use public-key shared by phonon to encrypt key data.

 

6. Final Encrypted JSON Request -

In the end the whole JSON Request will look like this :

{
"RequestEncryptedValue":"14nZnSU51sms3Lhu60/9cuUAMsEwWIqxhj68zWWc70adIHDrS6Ad4csvQ/1X/x8EkwhKKJITcbXEv1GEFpp0mJ7a1a77LfHHUDAqRrhM7J2V38D66emu6BzDouVLf+OjZLYgl81Fi+lXLDHV3/Oc3c/w01bpM3CCQWt+kOuE8C1W8UEa6F1E5QfVwzE7EFy8U8tMvjj0twphvOKOXC0pSVWkIoUUUZiRsLRnvwZlby7GRazBLmC6rYXaY834ge2+Nsb84beI9OxIz/PDF5qUA1opYD4eLTvc1o2qr8Igu5ZlmBuqs0VQTOyntlVFjhFFSZPVCgacrbO33lnz9XP0CEUjKiV/hhfMmJrkbCfHJ8+eLyMygJE/9Abi2PPyhCql2N8/TPNH3TiTPS9z6pBkaL98BB+6YoFL6hKnt+euYjjtO5H12Ys9fh+BhPCNW9qIW+qAn1K/N6pQZnXESLtVxieK41RWSEZxP+K6IQLO56+ieFBpQ80Fyif3S18bwcZxNca5GHllagWRXg+/AhC/5ZUnc5mLtctvMLTpl8Fv+YWfHg7/qKjhIRXF7wFDodYJZFbJrBsTaF1fZPprq4PNXq7KlgoEtWnbM9oByFVLJkuHHvKzmRVWMBoJGaTS84CffqnBLKCmqvPLwepAwBAPpthWXddFjJkd8QGpZc1xIto=",
"RequestDigitalSignatureValue":"VZATnCid3xMId80c4NVx365ubTYEEOE7y/3/sEjgKpWHyVsZmtuTuLC8ohdgunFmT8SsAYZtGydhKH9LJG6PwmYBCb+DNxdXnZ3Vrg+V+m/uA0tFp1CarEr5J5fMqN5fO9Qyb82JKk5ZamVmv0NRlMXxBi7S1hT0b85ZrpKaIX2OP6rYnDVeXDwIObj1XzvUna+sidbkHNeFJ+/m7xJONOof8Mv2FtAh65JWW/mdUzRbFCv/lBNHO7P6j6E1wNAE8UUgR7WrPusYlaw0S76yGo5p2r+mlG5/hZZMVU3ZUJvm4rP++tiZFuz1mpGjm4g2eUv6ugJ7fPyKSiFySNgX7g==",

"flow-id": "ZH0RKJvh"
}

7. Response

You’ll be getting the general response that you get from either API.

{ "api-response-code": 200, "api-response-message": "Success", "request-id": "367a25ec-065b-4ca7-a73f-70d1da818a22", "call-details": [ { "client-identifier": "2021-05-17T05:47:30.536Z", "phonon-uuid": "6a79da04-cf07-4c42-973f-998ea3380708" } ] }

 

This document has been developed by Phonon.io for the sole and exclusive use of the customer / prospective customer with whom this document is being shared. Further, this document has been provided by Phonon.io to the recipient in good faith and based on request from the recipient for the same. This document is a confidential document and contains confidential product technology, workflow and commercial details that are for the sole usage of the intended recipients of this document. Recipients are advised not to share this document with any third party that is not the intended recipient of this document and neither to bring this document in full or parts into the public domain. Any unauthorized access may be brought to Phonon.io’s notice immediately. Phonon.io is free to take any legal action it deems necessary against any person or entity that violates this confidentiality agreement. Phonon.io is bound and governed by the rules of the state of Gujarat in India. In case you are not in agreement with the terms set in this clause or are not an intended recipient of this document, please destroy the document and intimate us of the same at info@phonon.io.