Re: VTS JWE in C#

Raveen
Helper

VTS JWE in C#

Hi,

I am trying to decrypt data from the VTS using JWE with C#, and I have  issue, and can you someone guide me or post some code to tackle the issue.

 

Thank you

5 REPLIES 5
vkamboj
Community Moderator

Re: VTS JWE in C#

Hello @Raveen

 

Sample JWE using API Key/Shared Secret

JWE Header

"header":{

"alg": "AGCM256KW", // Encryption algorithm to be used for encryption of CEK

"iv": "<SizeofIVistobe96bit.>",// IV to be used for encryption of CEK

"tag": "<128bitvalue>", // HMAC generated from applying AES-256-GCM-KW to the CEK

"kid": "50charAPIKey", // API key

"channelSecurityContext": "SHARED_SECRET",

"enc": "AGCM256",

"iat": "1429837145"

JWE Body:

//base64 encoded form. CEK encrypted using AGCM256KW (alg) algorithm and the CEK IV

“encrypted_key”: “UghIOgu ... MR4gp_A=” ,

// base64 encoded form. IV for the text encryption. Size of IV is to be 96 bit

“iv”: “AxY8DctDa….GlsbGljb3RoZQ=”,

//Base64 encoded form. Encrypted blob generated using the AES-GCM encryption (enc) of the text to encrypt

“ciphertext”: “KDlTthhZTGufMY…….xPSUrfmqCHXaI9wOGY=”,

// base64 encoded form . HMAC generated using the AES-GCM encryption of the text to encrypt. The size of the tag is to be 128 bits.

“tag”: “Mz-VPPyU4…RlcuYv1IwIvzw=”

Note: The JWE Protected Header is input as the AAD (Additional Authenticated Data) parameter of the authenticated encryption (AES-GCM) of the “text to encrypt”.

JWE composition

BASE64URL (UTF8 (JWE Header)) || ‘.’ ||

BASE64URL (JWE Encrypted Key) || ‘.’ ||

BASE64URL (JWE IV) || ‘.’ ||

BASE64URL (JWE Ciphertext) || ‘.’ ||

BASE64URL (JWE Authentication Tag)

JWE/JWS specification requires BASE64URL encoding with NO padding.

General approach for JSON Web Encryption using API key/Shared Secret

(Refer to complete specification for deeper overview of JWE – https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-40)

 

For more information on how to decrypt data, please visit this link - https://developer.visa.com/capabilities/vts/docs#security_and_authentication_requirements

 

Please let me know if you have any additional questions. 

 

Thank you, 

Vaibhav 

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.
Raveen
Helper

Re: VTS JWE in C#

Hi Vaibhav,

 

I am really thankful for your response and I will try with your sample but I see there is new field "channelSecurityContext" in the header where it does not specified in the visa documentation. Moreover,  I was trying to access https://developer.visa.com/capabilities/vts/docs#security_and_authentication_requirements but does not succeed.

 

Thanky you once again.

Raveen.

vkamboj
Community Moderator

Re: VTS JWE in C#

Hello @Raveen

 

Visa Token Service API is a restricted product. If you wish to request access to VTS API, please send me an email at Developer@visa.com. There is a set of questions you will have to answer and that information will be forwarded to the product team for review. 

 

Thank you, 

Vaibhav 

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.
nsavaliya
New Contributor

Re: VTS JWE in C#

Hi,

 

I need help regarding encryption, could you please share your code to encrypt using AGCM256KW?

vkamboj
Community Moderator

Re: VTS JWE in C#

Hello @nsavaliya

 

As mentioned above, Visa Token Service API is a restricted product. If you wish to request access to VTS API, please send me an email at Developer@visa.com. There are some set of questions you will have to answer. 

 

Note: Access to VTS is not guaranteed. 

 

Thank you, 

Vaibhav 

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.