# Data encryption ### Option 1: With certificate and without HMAC 1. Step - I have the required data in the JSON String 2. Step - Convert the JSON String to UTF8 Byte array 3. Step - Encrypt the UTF8 Byte array to the PKCS7 Envelope using the public key (Certificate download [here](https://app.mluvii.com/Admin/CallDataProtection/EncryptionCertificate)) 4. Step - Convert acquired Byte array to Base64 ``` //Steps 3 and 4 public static string EncryptByteArray(byte[] plainTextPayload, Org.BouncyCastle.X509.X509Certificate cert) { var random = new Org.BouncyCastle.Security.SecureRandom(); var generator = new Org.BouncyCastle.Cms.CmsEnvelopedDataGenerator(random); generator.AddKeyTransRecipient(cert); var envelopedData = generator.Generate(new Org.BouncyCastle.Cms.CmsProcessableByteArray(plainTextPayload), Org.BouncyCastle.Cms.CmsEnvelopedGenerator.Aes256Cbc); return Convert.ToBase64String(envelopedData.GetEncoded()); } ``` 1. Step - I will place the resulting Base64 String widget by using the setProtectedData (Base64String) method ```js owidget.setProtectedData(Base64String); ``` ### Option 2: With certificate and HMAC key 1. Step - Contact mluvii and get HMAC Base64 key 2. Step - You have the required data in the JSON String 3. Step - Convert the JSON String to UTF8 Byte array 4. Step - Encrypt the UTF8 Byte array to the PKCS7 Envelope using the public key (Certificate can be downloaded [here](https://app.mluvii.com/Admin/CallDataProtection/EncryptionCertificat)) 5. Step - Convert acquired Byte array to Base64 ``` // Steps 4 and 5 public static string EncryptByteArray(byte[] plainTextPayload, Org.BouncyCastle.X509.X509Certificate cert) { var random = new Org.BouncyCastle.Security.SecureRandom(); var generator = new Org.BouncyCastle.Cms.CmsEnvelopedDataGenerator(random); generator.AddKeyTransRecipient(cert); var envelopedData = generator.Generate(new Org.BouncyCastle.Cms.CmsProcessableByteArray(plainTextPayload), Org.BouncyCastle.Cms.CmsEnvelopedGenerator.Aes256Cbc); return Convert.ToBase64String(envelopedData.GetEncoded()); } ``` ``` Encrypt byte array from step 3 with HMAC Base64 key ``` 4th step: Encrypt byte array from step 3 with HMAC Base64 key ``` public static string ComputeAuthentication(byte[] plainTextPayload, string base64Hmac) { var key = Convert.FromBase64String(base64Hmac); var hmac = new Org.BouncyCastle.Crypto.Macs.HMac(new Org.BouncyCastle.Crypto.Digests.Sha256Digest()); var result = new byte[hmac.GetMacSize()]; hmac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key)); hmac.BlockUpdate(plainTextPayload, 0, plainTextPayload.Length); 0); return Convert.ToBase64String(result); } ``` 5th step - You will place the resulting Base64 String widget by using the setProtectedData (Base64String) method ```js owidget.setProtectedData(Base64String,ComputedBase64Hmac); ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.mluvii.com/en/for-it-specialists/software-architecture/data-encryption.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.