I am trying to decrypt data from the VTS using JWE with C#, and I have issue, and can you someone guide me or post some code to tackle the issue.
Sample JWE using API Key/Shared Secret
"alg": "AGCM256KW", // Encryption algorithm to be used for encryption of CEK
"iv": "<SizeofIVistobe96bit.>",// IV to be used for encryption of CEK
"tag": "<128bitvalue>", // HMAC generated from applying AES-256-GCM-KW to the CEK
"kid": "50charAPIKey", // API key
//base64 encoded form. CEK encrypted using AGCM256KW (alg) algorithm and the CEK IV
“encrypted_key”: “UghIOgu ... MR4gp_A=” ,
// base64 encoded form. IV for the text encryption. Size of IV is to be 96 bit
//Base64 encoded form. Encrypted blob generated using the AES-GCM encryption (enc) of the text to encrypt
// base64 encoded form . HMAC generated using the AES-GCM encryption of the text to encrypt. The size of the tag is to be 128 bits.
Note: The JWE Protected Header is input as the AAD (Additional Authenticated Data) parameter of the authenticated encryption (AES-GCM) of the “text to encrypt”.
BASE64URL (UTF8 (JWE Header)) || ‘.’ ||
BASE64URL (JWE Encrypted Key) || ‘.’ ||
BASE64URL (JWE IV) || ‘.’ ||
BASE64URL (JWE Ciphertext) || ‘.’ ||
BASE64URL (JWE Authentication Tag)
JWE/JWS specification requires BASE64URL encoding with NO padding.
General approach for JSON Web Encryption using API key/Shared Secret
(Refer to complete specification for deeper overview of JWE – https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-40)
For more information on how to decrypt data, please visit this link - https://developer.visa.com/capabilities/vts/docs#security_and_authentication_requirements
Please let me know if you have any additional questions.
I am really thankful for your response and I will try with your sample but I see there is new field "channelSecurityContext" in the header where it does not specified in the visa documentation. Moreover, I was trying to access https://developer.visa.com/capabilities/vts/docs#security_and_authentication_requirements but does not succeed.
Thanky you once again.
Visa Token Service API is a restricted product. If you wish to request access to VTS API, please send me an email at Developer@visa.com. There is a set of questions you will have to answer and that information will be forwarded to the product team for review.
I need help regarding encryption, could you please share your code to encrypt using AGCM256KW?
As mentioned above, Visa Token Service API is a restricted product. If you wish to request access to VTS API, please send me an email at Developer@visa.com. There are some set of questions you will have to answer.
Note: Access to VTS is not guaranteed.