encPaymentInstrument JWE encryption example in PHP

Solved! Go to solution

encPaymentInstrument JWE encryption example in PHP

Hi,

 

Did anyone have experience generate this using PHP? Need advise on how to generate the CEK.

 

Best Regards

1 REPLY 1
API_Products
Visa Developer Support Specialist

Re: encPaymentInstrument JWE encryption example in PHP

Hey @firdaus_shukor,

 

Thanks for asking this question and I am happy to help. I've provided the sample JWE using API Key/Shared Secret below. Please let us know if you find this helpful or if there's anything else we can do to help.


Sample JWE using API Key/Shared Secret


JWE Header
"header":{
"alg": "AGCM256KW", // Encryption algorithm to be used for encryption of CEK
"iv": "<SizeofIVistobe96bit.>",// IV to be used for encryption of CEK
"tag": "<128bitvalue>", // HMAC generated from applying AES-256-GCM-KW to the CEK
"kid": "50charAPIKey", // API key
"channelSecurityContext": "SHARED_SECRET",
"enc": "AGCM256",
"iat": "1429837145"
JWE Body:
//base64 encoded form. CEK encrypted using AGCM256KW (alg) algorithm and the CEK IV
“encrypted_key”: “UghIOgu ... MR4gp_A=” ,
// base64 encoded form. IV for the text encryption. Size of IV is to be 96 bit
“iv”: “AxY8DctDa….GlsbGljb3RoZQ=”,
//Base64 encoded form. Encrypted blob generated using the AES-GCM encryption (enc) of the text to encrypt
“ciphertext”: “KDlTthhZTGufMY…….xPSUrfmqCHXaI9wOGY=”,
// base64 encoded form . HMAC generated using the AES-GCM encryption of the text to encrypt. The size of the tag is to be 128 bits.
“tag”: “Mz-VPPyU4…RlcuYv1IwIvzw=”
Note: The JWE Protected Header is input as the AAD (Additional Authenticated Data) parameter of the authenticated encryption (AES-GCM) of the “text to encrypt”.
JWE composition
BASE64URL (UTF8 (JWE Header)) || ‘.’ ||
BASE64URL (JWE Encrypted Key) || ‘.’ ||
BASE64URL (JWE IV) || ‘.’ ||
BASE64URL (JWE Ciphertext) || ‘.’ ||
BASE64URL (JWE Authentication Tag)
JWE/JWS specification requires BASE64URL encoding with NO padding.
General approach for JSON Web Encryption using API key/Shared Secret
(Refer to complete specification for deeper overview of JWE – https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-40 )
 
For more information on how to decrypt data, please visit this link - https://developer.visa.com/capabilities/vts/docs#security_and_authentication_requirements 
 
 




Thanks,

Diana



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.