Scribd
Upload
43 views7 pages

REST - API - Payload - Encryption - Signing - Mechanism - 2.0 2

Uploaded by

Pravin Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
43 views7 pages

REST - API - Payload - Encryption - Signing - Mechanism - 2.0 2

Uploaded by

Pravin Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Procedure for API PayloadEncryption &

Digitally Signed Mechanism

Confidential document
Page 1 of 7
DOCUMENT HISTORY

Version Issue Date Revision Description Author

1.0 22.09.2020 Initial Version Govind Chaurasia

CONFIDENTIALITY STATEMENT

This document is intended for SBI CMP personnel use only. The document is not to be shared
with any individuals other than those in the Master Distribution List and those authorized by SBI
CMP Special Projects II department, any distribution or reproduction is prohibited.

Confidential document
Page 2 of 7
Purpose:
As per the SBI ISG guidelines for all transaction shared over API needs to be encrypted inorder to ensure
there is no data security breach. Incase of STP (Straight Through Processing), it is a mandate that the
request payload is digitally signed. This document covers the overall process involved in encrypting and
digitally signing the payload request shared API which follows STP processing.

Java Version:
Minimum Java 1.8 is required

Random generated Session key

public String getAlphaNumericString(int n) throws Exception {


String os = [Link]("[Link]").toLowerCase();
SecureRandom sr = null;
if ([Link]("win") >= 0) {
sr = [Link]("SHA1PRNG", "SUN");
} else {
sr = [Link]("SHA1PRNG", "IBMJCE");
}
byte[] randomBytes = new byte[128];
[Link](randomBytes);
String randomString = new String(randomBytes, [Link]("UTF-8"));
StringBuffer r = new StringBuffer();
for (int k = 0; k < [Link](); k++) {
char ch = [Link](k);
if (((ch >= 'a' && ch <= 'z') || (ch >= 'A' && ch <= 'Z') || (ch >= '0' && ch <= '9')) && (n > 0)) {
[Link](ch);
n--;
}
}
return [Link]();
}

AES Encryption using session key

public String encryptAES(String data, String sessionKey) throws Exception {


byte[] IV = new byte[12];
byte[] byteskey = [Link](StandardCharsets.UTF_8);
MessageDigest sha = [Link]("SHA-256");
byteskey = [Link](byteskey);
byteskey = [Link](byteskey, 16);

Confidential document
Page 3 of 7
SecretKeySpec keySpec = new SecretKeySpec(byteskey, "AES");
Cipher cipher = [Link]("AES/GCM/NoPadding");
GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(16 * 8, IV);
[Link](Cipher.ENCRYPT_MODE, keySpec, gcmParameterSpec);
byte[] doFinal = [Link]([Link](StandardCharsets.UTF_8));
String result = [Link]().encodeToString(doFinal);
return result;
}

RSA Encryption of session key using client public key

public String encryptRSA(String plaintext, String publicKey) throws Exception


{
[Link](new
[Link]());
Cipher cipher =
[Link]("RSA/None/OAEPWithSHA1AndMGF1Padding", "BC");
PublicKey publicKeyObj = getPublicKey(publicKey);
[Link](Cipher.ENCRYPT_MODE, publicKeyObj);
byte[] cipherText =
[Link]([Link](StandardCharsets.UTF_8));
String result = [Link]().encodeToString(cipherText);
return result;
}

Generate Digital Signature using private key

public String generateSign(String data, String privateKeyPath, String privateKeyPassword)


throws Exception {
Signature sign = [Link]("SHA256withRSA");
PrivateKey privateKey = getPrivateKey(privateKeyPath,
privateKeyPassword);
[Link](privateKey);
byte[] bytes = [Link]([Link]("UTF-8"));
[Link](bytes);
byte[] signature = [Link]();
String result = [Link]().encodeToString(signature);
return result;
}

Verification of Digital Signature using public key

public boolean verifySign(String data, String hashValue, String


publicKeyPath) throws Exception {
byte[] signature = [Link]().decode(hashValue);

Confidential document
Page 4 of 7
Signature sign = [Link]("SHA256withRSA");
PublicKey publicKey = getPublicKey(publicKeyPath);
[Link](publicKey);
[Link]([Link]([Link]("UTF-8")));
boolean bool = [Link](signature);
return bool;
}

RSA Decryption of session key using private key

public String decryptRSA(String encryptedKey, String privateKeyPath) throws


Exception {
[Link](new
[Link]());
byte[] bytes = [Link]().decode(encryptedKey);
Cipher cipher =
[Link]("RSA/None/OAEPWithSHA1AndMGF1Padding", "BC");
PrivateKey privateKey;

String extention = [Link](privateKeyPath).filter(f ->


[Link](".")).map(f -> [Link]([Link](".") +
1)).get();
if("pem".equalsIgnoreCase(extention)) {
privateKey = readPrivateKeyFromPem(privateKeyPath);
}else {
privateKey = getPrivateKey(privateKeyPath);
}

[Link](Cipher.DECRYPT_MODE, privateKey);
String result = new String([Link](bytes),
StandardCharsets.UTF_8);
return result;
}

public PrivateKey readPrivateKeyFromPem(String filename) throws Exception


{
File file = new File(filename);
String key = new String([Link]([Link]()),
[Link]());

String privateKeyPEM = key


.replace("-----BEGIN PRIVATE KEY-----", "")
.replaceAll([Link](), "")
.replace("-----END PRIVATE KEY-----", "");

byte[] encoded = [Link]().decode(privateKeyPEM);


Confidential document
Page 5 of 7
KeyFactory keyFactory = [Link]("RSA");
PKCS8EncodedKeySpec keySpec = new
PKCS8EncodedKeySpec(encoded);
return [Link](keySpec);
}

public PrivateKey getPrivateKey(String filename) throws Exception {


PKCS8EncodedKeySpec keySpec = new
PKCS8EncodedKeySpec(readFileBytes(filename));
KeyFactory keyFactory = [Link]("RSA");
return [Link](keySpec);
}

private byte[] readFileBytes(String filename) throws Exception {


Path path = [Link](filename, new String[0]);
return [Link](path);
}

AES Decryption using session key

public String decryptAES256(String encryptedTokenRequest, String


sessionKey) throws Exception {
String result = null;
byte[] IV = new byte[12];
byte[] byteskey = [Link](StandardCharsets.UTF_8);
MessageDigest sha = [Link]("SHA-256");
byteskey = [Link](byteskey);
byteskey = [Link](byteskey, 16);
SecretKeySpec keySpec = new SecretKeySpec(byteskey, "AES");
Cipher cipher = [Link]("AES/GCM/NoPadding");
GCMParameterSpec gcmParameterSpec = new
GCMParameterSpec(16* 8, IV);
[Link](Cipher.DECRYPT_MODE, keySpec, gcmParameterSpec);
result = new
String([Link]([Link]().decode(encryptedTokenRequest))
);
return result;
}

GET PUBLIC KEY

public PublicKey getPublicKey(String publicKeyPath) throws Exception {


FileInputStream fin = null;

Confidential document
Page 6 of 7
PublicKey publicKey = null;
try {
fin = new FileInputStream(publicKeyPath);
CertificateFactory f = [Link]("X.509");
X509Certificate certificate = (X509Certificate)[Link](fin);
publicKey = [Link]();
} catch (Exception exp) {
[Link]();
}
return publicKey;
}

Confidential document
Page 7 of 7

You might also like