Visa Developer Community

Helper

VTS JWE in C#

Hi,

I am trying to decrypt data from the VTS using JWE with C#, and I have  issue, and can you someone guide me or post some code to tackle the issue.

 

Thank you

4 REPLIES 4
Valued Supporter

Re: VTS JWE in C#

Hello @Raveen

 

Sample JWE using API Key/Shared Secret

JWE Header

"header":{

"alg": "AGCM256KW", // Encryption algorithm to be used for encryption of CEK

"iv": "<SizeofIVistobe96bit.>",// IV to be used for encryption of CEK

"tag": "<128bitvalue>", // HMAC generated from applying AES-256-GCM-KW to the CEK

"kid": "50charAPIKey", // API key

"channelSecurityContext": "SHARED_SECRET",

"enc": "AGCM256",

"iat": "1429837145"

JWE Body:

//base64 encoded form. CEK encrypted using AGCM256KW (alg) algorithm and the CEK IV

“encrypted_key”: “UghIOgu ... MR4gp_A=” ,

// base64 encoded form. IV for the text encryption. Size of IV is to be 96 bit

“iv”: “AxY8DctDa….GlsbGljb3RoZQ=”,

//Base64 encoded form. Encrypted blob generated using the AES-GCM encryption (enc) of the text to encrypt

“ciphertext”: “KDlTthhZTGufMY…….xPSUrfmqCHXaI9wOGY=”,

// base64 encoded form . HMAC generated using the AES-GCM encryption of the text to encrypt. The size of the tag is to be 128 bits.

“tag”: “Mz-VPPyU4…RlcuYv1IwIvzw=”

Note: The JWE Protected Header is input as the AAD (Additional Authenticated Data) parameter of the authenticated encryption (AES-GCM) of the “text to encrypt”.

JWE composition

BASE64URL (UTF8 (JWE Header)) || ‘.’ ||

BASE64URL (JWE Encrypted Key) || ‘.’ ||

BASE64URL (JWE IV) || ‘.’ ||

BASE64URL (JWE Ciphertext) || ‘.’ ||

BASE64URL (JWE Authentication Tag)

JWE/JWS specification requires BASE64URL encoding with NO padding.

General approach for JSON Web Encryption using API key/Shared Secret

(Refer to complete specification for deeper overview of JWE – https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-40)

 

For more information on how to decrypt data, please visit this link - https://developer.visa.com/capabilities/vts/docs#security_and_authentication_requirements

 

Please let me know if you have any additional questions. 

 

Thank you, 

Vaibhav 

Helper

Re: VTS JWE in C#

Hi Vaibhav,

 

I am really thankful for your response and I will try with your sample but I see there is new field "channelSecurityContext" in the header where it does not specified in the visa documentation. Moreover,  I was trying to access https://developer.visa.com/capabilities/vts/docs#security_and_authentication_requirements but does not succeed.

 

Thanky you once again.

Raveen.

Valued Supporter

Re: VTS JWE in C#

Hello @Raveen

 

Visa Token Service API is a restricted product. If you wish to request access to VTS API, please send me an email at Developer@visa.com. There is a set of questions you will have to answer and that information will be forwarded to the product team for review. 

 

Thank you, 

Vaibhav 

New Contributor

Re: VTS JWE in C#

Hi,

 

I need help regarding encryption, could you please share your code to encrypt using AGCM256KW?