Encryption in OnePipe

Owned by Victor Irechukwu
Last updated: Feb 03, 2021 by Samuel Alapakristi
7 min read

This document provides details on how to implement the various aspects of encryption used in OnePipe.

Triple DES Algorithm

In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block.

See details here.

Sample Code Snippets

JAVA (Encryption)

public String encrypt(String ToBeEncrypted, String SecretKey) { try{ MessageDigest md = MessageDigest.getInstance("md5"); byte[] digestOfPassword = md.digest(SecretKey.getBytes("UTF-16LE")); byte[] keyBytes = Arrays.copyOf(digestOfPassword, 24); for (int j = 0, k = 16; j < 8;) { keyBytes[k++] = keyBytes[j++]; } SecretKey secretKey = new SecretKeySpec(keyBytes,"DESede"); IvParameterSpec iv = new IvParameterSpec(new byte[8]); Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, secretKey, iv); byte[] plainTextBytes = ToBeEncrypted.getBytes("UTF-16LE"); byte[] cipherText = cipher.doFinal(plainTextBytes); byte [] base64Bytes = Base64.encodeBase64(cipherText); return new String(base64Bytes); } catch (Exception e){ e.printStackTrace(); } return ToBeEncrypted; }

 

JAVA (Decryption)

public String decrypt(String encryptedText, String secretKey) { try{ byte[] message = Base64.decodeBase64(encryptedText.getBytes("UTF-16LE")); MessageDigest md = MessageDigest.getInstance("md5"); byte[] digestOfPassword = md.digest(secretKey.getBytes("UTF-16LE")); byte[] keyBytes = Arrays.copyOf(digestOfPassword, 24); for (int j = 0, k = 16; j < 8;) { keyBytes[k++] = keyBytes[j++]; } SecretKey key = new SecretKeySpec(keyBytes, "DESede"); IvParameterSpec iv = new IvParameterSpec(new byte[8]); Cipher decipher = Cipher.getInstance("DESede/CBC/PKCS5Padding"); decipher.init(Cipher.DECRYPT_MODE, key, iv); byte[] plainText = decipher.doFinal(message); return new String(plainText, "UTF-16LE"); } catch (Exception e){ e.printStackTrace(); } return encryptedText; }

 

C# (Encryption)

string encryptedText = ""; MD5 md5 = new MD5CryptoServiceProvider(); TripleDES des = new TripleDESCryptoServiceProvider(); des.KeySize = 128; des.Mode = CipherMode.CBC; des.Padding = PaddingMode.PKCS7; byte[] md5Bytes = md5.ComputeHash(Encoding.Unicode.GetBytes(key)); byte[] ivBytes = new byte[8]; des.Key = md5Bytes; des.IV = ivBytes; byte[] clearBytes = Encoding.Unicode.GetBytes(TextToEncrypt); ICryptoTransform ct = des.CreateEncryptor(); using (MemoryStream ms = new MemoryStream()) { using (CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(), CryptoStreamMode.Write)) { cs.Write(clearBytes, 0, clearBytes.Length); cs.Close(); } encryptedText = Convert.ToBase64String(ms.ToArray()); } return encryptedText;

C# (Decryption)

 

 

PHP (Encryption and Decryption)

JavaScript (Encryption and Decryption)

 

Applications of Triple DES in OnePipe

OnePipe uses the Triple DES algorithm to encrypt/decrypt sensitive information in request payloads during http requests. Below gives the different aspects where this algorithm is used:

 

  • App → OnePipe: The auth.secure in the standard OnePipe app request payload is used for holding sensitive data that needs to be encrypted. If auth.secure has a value, then it needs to be encrypted with the Triple DES algorithm, using the app’s secret key.

Below shows a sample App → OnePipe request with an encrypted secure.

NOTE: When a card is to be encrypted, auth.secure should hold the encrypted value of:
TripleDES.encrypt("{card.Pan};{card.Cvv};{card.Expdate};{card.Pin}",secretKey)

Eg: TripleDES.encrypt("5061000453765410221;657;0922;1234",secretKey)

 

 

  • OnePipe → Provider Microservice: Here, the whole request payload is encrypted with the Triple DES algorithm. The secret key used for the encryption is configurable from the provider implementation, on the OnePipe console.

Below shows a sample OnePipe → Provider MS request payload.

 

 

 

  • Provider Microservice → OnePipe: Here, the whole response payload is encrypted with the Triple DES algorithm. The secret key used for the encryption is configurable from the provider implementation, on the OnePipe console.