This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Any sample proxy that demonstrates Encryption / Decryption using RSA ?

Posted on 06-05-2017 07:18 PM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

The backend services expect to get data in XML format that is encrypted using RSA. Do we have any sample code that demonstrates this functionality in Apigee Edge ?

Solved Solved
0 5 1,320
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Updated answer:

I don't like using JS for encryption because it's rather inefficient. It will work, functionally, but it won't perform very well, not with the JavaScript we use in Apigee JS steps. So I'd prefer to perform crypto in Java.

There are a couple options.

#1. I have a JWE callout which can encrypt arbitrary data using an X509 certificate which embeds an RSA key. The result is a JWE, which looks a lot like a JWT, but it's different. The ciphertext of this JWE can then only be descrypted with the holder of the corresponding private key. Find it here: https://github.com/DinoChiesa/ApigeeEdge-CustomPolicy-EncryptedJWT

This repo says "encrypted JWT" in the name, but it handles both encrypted JWT and JWE (generally). Check the readme for details.

While JWE is part of the JSON Object Signing and Encryption (JOSE) standards, don't be misled: you can encrypt any bytestream with a JWE. The part that requires JSON is the header, which provides the metadata about the encryption. The key id, the encryption algorithms, and so on.

#2. Use the RSACrypto callout. https://github.com/DinoChiesa/ApigeeEdge-CustomPolicy-RsaCrypto

This is a much more limited use case; it can encrypt only a small payload with an RSA public key (perhaps specified via a certificate). Check the readme for details.

You could combine this with the AES Crypto callout to encipher data streams larger than 245 bytes. https://github.com/DinoChiesa/ApigeeEdge-CustomPolicy-AesCrypto

View solution in original post

Jump to Solution
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
rdeandrade
Staff
Reply posted on --/--/---- --:-- AM

While our own crypto js library does not support RSA, you can use theoretically any other library out there.

I haven't tried RSA (or this library), but you can use a js policy with something like http://www-cs-students.stanford.edu/~tjw/jsbn/ to do the encoding/decoding within your proxy

Jump to Solution

Posted on --/--/---- --:-- AM
profilevijayk
New Member
In response to rdeandrade
Reply posted on --/--/---- --:-- AM
@Anil Sagar @ Google

I am working on similar use case RSA encryption. When I am loading rsa.js, jbns.js, rng.js, prng.js files. and when making a call I am getting below. It would be help full if you can suggest how and where can I define navigator. Thanks !!

Execution of script failed with error: Javascript runtime error: "ReferenceError: "navigator" is not defined. (jsbn.js:70)"

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Updated answer:

I don't like using JS for encryption because it's rather inefficient. It will work, functionally, but it won't perform very well, not with the JavaScript we use in Apigee JS steps. So I'd prefer to perform crypto in Java.

There are a couple options.

#1. I have a JWE callout which can encrypt arbitrary data using an X509 certificate which embeds an RSA key. The result is a JWE, which looks a lot like a JWT, but it's different. The ciphertext of this JWE can then only be descrypted with the holder of the corresponding private key. Find it here: https://github.com/DinoChiesa/ApigeeEdge-CustomPolicy-EncryptedJWT

This repo says "encrypted JWT" in the name, but it handles both encrypted JWT and JWE (generally). Check the readme for details.

While JWE is part of the JSON Object Signing and Encryption (JOSE) standards, don't be misled: you can encrypt any bytestream with a JWE. The part that requires JSON is the header, which provides the metadata about the encryption. The key id, the encryption algorithms, and so on.

#2. Use the RSACrypto callout. https://github.com/DinoChiesa/ApigeeEdge-CustomPolicy-RsaCrypto

This is a much more limited use case; it can encrypt only a small payload with an RSA public key (perhaps specified via a certificate). Check the readme for details.

You could combine this with the AES Crypto callout to encipher data streams larger than 245 bytes. https://github.com/DinoChiesa/ApigeeEdge-CustomPolicy-AesCrypto

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
poomuruganpoop1
New Member
Reply posted on --/--/---- --:-- AM

@Dino-at-Google, I am trying to enhance the UseCase

RSACrypto callout. https://github.com/DinoChiesa/ApigeeEdge-CustomPolicy-RsaCrypto, I am looking out for the Jar utils for Base64 - "

java.util.Base64"

which includes encodeurl for encrypt and Decrypt and also the jar for "

java.nio.charset.StandardCharsets"

Thanking you,

Poomurugan

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to poomuruganpoop1
Reply posted on --/--/---- --:-- AM

This is a new question, please ask a new question, rather than asking a question in an answer on an existing question. Thank you.

Jump to Solution
0 Likes