Data encryption

Option 1: With certificate and without HMAC

  1. Step - I have the required data in the JSON String

  2. Step - Convert the JSON String to UTF8 Byte array

  3. Step - Encrypt the UTF8 Byte array to the PKCS7 Envelope using the public key (Certificate download here)

  4. Step - Convert acquired Byte array to Base64

    //Steps 3 and 4
    public static string EncryptByteArray(byte[] plainTextPayload, Org.BouncyCastle.X509.X509Certificate cert)
        {

            var random = new Org.BouncyCastle.Security.SecureRandom();
            var generator = new Org.BouncyCastle.Cms.CmsEnvelopedDataGenerator(random);

            generator.AddKeyTransRecipient(cert);

            var envelopedData = generator.Generate(new Org.BouncyCastle.Cms.CmsProcessableByteArray(plainTextPayload), Org.BouncyCastle.Cms.CmsEnvelopedGenerator.Aes256Cbc);
            return Convert.ToBase64String(envelopedData.GetEncoded());
        }
  1. Step - I will place the resulting Base64 String widget by using the setProtectedData (Base64String) method

    owidget.setProtectedData(Base64String);

Option 2: With certificate and HMAC key

  1. Step - Contact mluvii and get HMAC Base64 key

  2. Step - You have the required data in the JSON String

  3. Step - Convert the JSON String to UTF8 Byte array

  4. Step - Encrypt the UTF8 Byte array to the PKCS7 Envelope using the public key (Certificate can be downloaded here)

  5. Step - Convert acquired Byte array to Base64

    // Steps 4 and 5
    public static string EncryptByteArray(byte[] plainTextPayload, Org.BouncyCastle.X509.X509Certificate cert)
        {

            var random = new Org.BouncyCastle.Security.SecureRandom();
            var generator = new Org.BouncyCastle.Cms.CmsEnvelopedDataGenerator(random);

            generator.AddKeyTransRecipient(cert);

            var envelopedData = generator.Generate(new Org.BouncyCastle.Cms.CmsProcessableByteArray(plainTextPayload), Org.BouncyCastle.Cms.CmsEnvelopedGenerator.Aes256Cbc);
            return Convert.ToBase64String(envelopedData.GetEncoded());
        }
Encrypt byte array from step 3 with HMAC Base64 key

4th step: Encrypt byte array from step 3 with HMAC Base64 key

    public static string ComputeAuthentication(byte[] plainTextPayload, string base64Hmac)
        {
            var key =  Convert.FromBase64String(base64Hmac);

            var hmac = new Org.BouncyCastle.Crypto.Macs.HMac(new Org.BouncyCastle.Crypto.Digests.Sha256Digest());
            var result = new byte[hmac.GetMacSize()];

            hmac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key));
            hmac.BlockUpdate(plainTextPayload, 0, plainTextPayload.Length);
            0);

            return Convert.ToBase64String(result);
        }

5th step - You will place the resulting Base64 String widget by using the setProtectedData (Base64String) method

owidget.setProtectedData(Base64String,ComputedBase64Hmac);

Last updated