This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Encryption and decryption

Posted on 08-03-2021 04:43 AM
mego1221
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

how can we encrypt and decrypt data using private key ?

0 4 129
Topic Labels
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

need more context please. Much much more. 

0 Likes

Posted on --/--/---- --:-- AM
mego1221
Bronze 1
Bronze 1
In response to dchiesa1
Reply posted on --/--/---- --:-- AM
@dchiesa1 

we will encrypt request body. and the encrypted string will be under the key 'request'
{
"request": "encrypted request string"
}

and response as follows,
{
"code": "",
"reason": "",
"message": ["message 1", "message 2" ],
"data": "encrypted response string we will parse on data model"
}
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to mego1221
Reply posted on --/--/---- --:-- AM

Still need more context.

What kind of crypto? You said "private key"; am I correct to infer RSA encryption? If so how are the keys to be managed? 

Will an RSA encryption suffice?  With a 2048-bit key, this will allow encryption of payloads up to a maximum of ~214 bytes or so.  Or will you need to encrypt larger payloads?, in which case you will need some kind of hybrid encryption? 

Have you looked at Encrypted JWT, or JWE?   Are those unsuitable, and if so, why? 

I want to clearly understand the problem you're trying to solve.

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to mego1221
Reply posted on --/--/---- --:-- AM

Here's one way to do what you want. I pass in a JSON with a message field containing "abc", and the  API proxy produces a JWE that encrypts it: 

curl -i $endpoint/jwe-encrypt-one-field/t1 -H content-type:application/json -d '{ "message" : "abc" }' 
HTTP/1.1 200 OK
Date: Tue, 10 Aug 2021 00:13:58 GMT
Content-Type: application/json
Content-Length: 502
Connection: keep-alive
APIProxy: jwe-encrypt-one-field r4

{
    "status" : "ok",
    "data" : "eyJraWQiOiI5N2RhOTBkMCIsImVuYyI6IkEyNTZHQ00iLCJhbGciOiJSU0EtT0FFUC0yNTYifQ.d0lVa5oklvEyW2tT20v9svl62Dv4WKAXO2vS7e_qPrEU01qqdTGK0ErV8m7-_HSU7CSjGbJd4jFGu2L2adM3PuSkgofqlmDzRMc6-rOmyb7BNofHTDbjrVwMG4194EqkIsj_g9BlhgfBcnPZiowEF_UafGc9boICG_moaRzcT2lLpTYmqwYxf9qkxwIOSYF7bwBG2K3Z3ayN6Aw9z8_SI7NqZ7BR8JvxYbaqf4MRux6qZPd5YUxMbhRVBhDdsrOuTsNwOjL8-omk-idss6PADNRaZigwvG4Qw7yt6cFpzJFp4evJWcfflp4Qv2Q-avpsZUoXaDQAvj_sRh0_Vk-pRg.uRB2wqNXa6cxzcBp.mcoc.Fhp6PDD6vqt6CkPvpss0pg"
}

The example proxy is attached here.  It uses the Java callout here to create the JWE, using RSA-OAEP. 

 

apiproxy-jwe-encrypt-one-field-20210809-171407.zip
0 Likes