# Data encryption

### Option 1: With certificate and without HMAC

1. Step - I have the required data in the JSON String
2. Step - Convert the JSON String to UTF8 Byte array
3. Step - Encrypt the UTF8 Byte array to the PKCS7 Envelope using the public key (Certificate download [here](https://app.mluvii.com/Admin/CallDataProtection/EncryptionCertificate))
4. Step - Convert acquired Byte array to Base64

```
    //Steps 3 and 4
    public static string EncryptByteArray(byte[] plainTextPayload, Org.BouncyCastle.X509.X509Certificate cert)
        {

            var random = new Org.BouncyCastle.Security.SecureRandom();
            var generator = new Org.BouncyCastle.Cms.CmsEnvelopedDataGenerator(random);

            generator.AddKeyTransRecipient(cert);

            var envelopedData = generator.Generate(new Org.BouncyCastle.Cms.CmsProcessableByteArray(plainTextPayload), Org.BouncyCastle.Cms.CmsEnvelopedGenerator.Aes256Cbc);
            return Convert.ToBase64String(envelopedData.GetEncoded());
        }
```

1. Step - I will place the resulting Base64 String widget by using the setProtectedData (Base64String) method

   ```js
   owidget.setProtectedData(Base64String);
   ```

### Option 2: With certificate and HMAC key

1. Step - Contact mluvii and get HMAC Base64 key
2. Step - You have the required data in the JSON String
3. Step - Convert the JSON String to UTF8 Byte array
4. Step - Encrypt the UTF8 Byte array to the PKCS7 Envelope using the public key (Certificate can be downloaded [here](https://app.mluvii.com/Admin/CallDataProtection/EncryptionCertificat))&#x20;
5. Step - Convert acquired Byte array to Base64

```
    // Steps 4 and 5
    public static string EncryptByteArray(byte[] plainTextPayload, Org.BouncyCastle.X509.X509Certificate cert)
        {

            var random = new Org.BouncyCastle.Security.SecureRandom();
            var generator = new Org.BouncyCastle.Cms.CmsEnvelopedDataGenerator(random);

            generator.AddKeyTransRecipient(cert);

            var envelopedData = generator.Generate(new Org.BouncyCastle.Cms.CmsProcessableByteArray(plainTextPayload), Org.BouncyCastle.Cms.CmsEnvelopedGenerator.Aes256Cbc);
            return Convert.ToBase64String(envelopedData.GetEncoded());
        }
```

```
Encrypt byte array from step 3 with HMAC Base64 key
```

4th step: Encrypt byte array from step 3 with HMAC Base64 key

```
    public static string ComputeAuthentication(byte[] plainTextPayload, string base64Hmac)
        {
            var key =  Convert.FromBase64String(base64Hmac);

            var hmac = new Org.BouncyCastle.Crypto.Macs.HMac(new Org.BouncyCastle.Crypto.Digests.Sha256Digest());
            var result = new byte[hmac.GetMacSize()];

            hmac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key));
            hmac.BlockUpdate(plainTextPayload, 0, plainTextPayload.Length);
            0);

            return Convert.ToBase64String(result);
        }
```

5th step - You will place the resulting Base64 String widget by using the setProtectedData (Base64String) method

```js
owidget.setProtectedData(Base64String,ComputedBase64Hmac);
```