Skip to main content

Encryption and Decryption Tool

For development purposes, provide the Encryption and Decryption Tool.
You may download it via this link and verify the results are accurate.cf> In macOS, it requires allowing launching this app in the “Privacy & Security” settings menu.
Encrypt Tool Pn

Encryption Options

Types of Encryption Modules

Types of Encryption Modules

Query String Encryption

Query String Encryption

Secure Data Transmission Options

Secure Data Transmission Options

Encryption/Decryption Methods

Encryption/Decryption Methods

1. Types of Encryption Modules

There are two types of encryption modules available:
  • AES-256: Fast and simple block encryption method
  • GCM-256: Enhanced encryption method with authentication and integrity features

Types of Encryption Keys

  • API Key: API key assigned to the Project
  • Custom API Key (secretKey): New secretKey issued from Liveform for use
Encryption modules

2. Query String Encryption

Sensitive data sent via URL query strings is encrypted using the AES-256-ECB or GCM-256 encryption method.
1

Prepare Data in JSON Format

Refer to the link below for each parameter descriptionKey Query String Parameters
{
    "email": "email@email.com",
    "userid": "userid",
    "cf1": "value 1",
    "cf2": "value 2",
    "cf3": "value 3",
    "blacklistCountries": false,
    "approvePeriod": false,
    "rejectPeriod": false,
    "ageLimit": false,
    "rejectDuplicateUser": true,
    "token": "token_id",
    "allowedCountries": "USA,KOR"
}
2

Select Encryption Module AES-256/GCM-256 and API Key or secretKey

Once issued, secretKey will not be displayed again. If lost, please reissue and use it.
3

Perform AES-256/GCM-256 Encryption Using the Provided API Key

Before performing AES-256 encryption, please verify the query string encryption and decryption steps.
If you have received a secretKey, please use the secretKey.
4

Add Encrypted Data to the URL as the 'encrypted' Query Parameter

https://form.argosidentity.com?pid={project_Id}&encrypted={encrypted_json_text}
Caution: The following query parameters are not encrypted: pid, lang, sid, action.
The pid, lang query strings and the sid, action query strings used on the “Additional Process (Injection)” page do not support encryption.

3. Query String Encryption and Decryption Methods

3-1. Key Generation Process

AES-256 GCM-256
1

Generate Hashed Key

var crypto = require('crypto');
var hashedKey = crypto.createHash('sha256').update(APIKEY).digest();
2

Encryption Example

Below are examples of encrypting data using AES-256
  var crypto = require('crypto');

  /**
  * @param {string} data - Stringified JSON data
  * @param {string} apiKey - Project API key
  * @returns {string} Encrypted data
  *
  * for exact encryption, use formatJSON.
  * example below,
  * const data = {
      userid: "10912301",
      email: "email@email.com"
  * };
  *
  * do not use string direct way, like
  * `{"userid":"10912301","email":"email@email.com"}`
  * which is not same as expected encryption.
  */

  function encrypt(data, apiKey) {
    var hashedKey = crypto.createHash('sha256').update(apiKey).digest();
    var cipher = crypto.createCipheriv('aes-256-ecb', hashedKey, null);
    return cipher.update(data, 'utf8', 'base64') + cipher.final('base64');
  }
3

GCM Encryption Example

Below are examples of encrypting data using AES-256-GCM
var crypto = require('crypto');

/**
 * @param {string} data - Stringified JSON data
 * @param {string} apiKey - Project API key
 * @returns {string} Encrypted data in hex format (IV + ciphertext + tag)
 *
 * GCM mode provides authenticated encryption and includes IV and authentication tag.
 * Return value is hex string encoded form of 12-byte IV + ciphertext + 16-byte authentication tag.
 */
function encryptGCM(data, apiKey) {
    var hashedKey = crypto.createHash('sha256').update(apiKey).digest();
    var iv = crypto.randomBytes(12);
    var cipher = crypto.createCipheriv('aes-256-gcm', hashedKey, iv);
    
    var encrypted = cipher.update(data, 'utf8');
    encrypted = Buffer.concat([encrypted, cipher.final()]);
    
    var tag = cipher.getAuthTag();
    var result = Buffer.concat([iv, encrypted, tag]);
    
    return result.toString('hex');
}

/**
 * @param {string} encryptedHex - Hex encoded encrypted data
 * @param {string} apiKey - Project API key
 * @returns {string} Decrypted data
 */
function decryptGCM(encryptedHex, apiKey) {
    var hashedKey = crypto.createHash('sha256').update(apiKey).digest();
    var encryptedBuffer = Buffer.from(encryptedHex, 'hex');
    
    var iv = encryptedBuffer.slice(0, 12);
    var tag = encryptedBuffer.slice(-16);
    var encrypted = encryptedBuffer.slice(12, -16);
    
    var decipher = crypto.createDecipheriv('aes-256-gcm', hashedKey, iv);
    decipher.setAuthTag(tag);
    
    var decrypted = decipher.update(encrypted);
    decrypted = Buffer.concat([decrypted, decipher.final()]);
    
    return decrypted.toString('utf8');
}
4

Decryption Example

Below are examples of decrypting data encrypted with AES-256
    var crypto = require('crypto');

  /**
  * @param {string} encryptedData
  * @param {string} apiKey
  * @returns {string} Decrypted data
  */
  function decrypt(encryptedData, apiKey) {
    var hashedKey = crypto.createHash('sha256').update(apiKey).digest();
    var decipher = crypto.createDecipheriv('aes-256-ecb', hashedKey, null);
    return decipher.update(encryptedData, 'base64', 'utf8') + decipher.final('utf8');
  }
5

GCM Decryption Example

Below are examples of decrypting data encrypted with AES-256-GCM
var crypto = require('crypto');

/**
 * @param {string} encryptedHex - Hex encoded encrypted data (IV + ciphertext + tag)
 * @param {string} apiKey - Project API key
 * @returns {string} Decrypted data
 */
function decryptGCM(encryptedHex, apiKey) {
    var hashedKey = crypto.createHash('sha256').update(apiKey).digest();
    var encryptedBuffer = Buffer.from(encryptedHex, 'hex');
    
    // Separate IV, ciphertext, and tag
    var iv = encryptedBuffer.slice(0, 12);
    var tag = encryptedBuffer.slice(-16);
    var encrypted = encryptedBuffer.slice(12, -16);
    
    var decipher = crypto.createDecipheriv('aes-256-gcm', hashedKey, iv);
    decipher.setAuthTag(tag);
    
    var decrypted = decipher.update(encrypted);
    decrypted = Buffer.concat([decrypted, decipher.final()]);
    
    return decrypted.toString('utf8');
}

4. Secure Data Transfer Options

Encrypt data for secure transmission in API methods (GET, POST, PATCH) and WEBHOOKs. API methods use the AES-256-ECB encryption method, while WEBHOOKs use AES-256-CBC encryption. Ensure that secure data transfer is enabled before using it to protect sensitive information. If this option is enabled, the request body must be encrypted. Inquire about a body parameter that is encrypted data. It is necessary to encrypt AES-256-ECB and refer to the Key Features and instructions on how to encrypt. 
body : encrypt({
		email : 'string',
		fullName : 'string',
		issuingCountry : 'string',
		birthDate: 'string'
		...
	})
Responses include encrypted data and the “isEncrypted” flag. 
body : {
    "data": "encrypted-string",
    "isEncrypted": true
}

4-1. Key Features

  • GET, POST, PATCH requests are encrypted using AES-256-ECB
  • WEBHOOK data is encrypted using AES-256-CBC
  • Ensures data integrity and authentication through PKI
  • Enhances data protection during transmission

4-2. API Request Data Encryption (AES-256-ECB)

const CryptoJS = require('crypto-js');

function encryptECB(data, apiKey) {
    const hashedKey = CryptoJS.SHA256(apiKey);
    const key = CryptoJS.lib.WordArray.create(hashedKey.words.slice(0, 8), 32);
    const encrypted = CryptoJS.AES.encrypt(JSON.stringify(data), key, {
        mode: CryptoJS.mode.ECB
    });
    return encrypted.ciphertext.toString(CryptoJS.enc.Base64);
}

4-3. API Data Decryption (AES-256-ECB)

const CryptoJS = require('crypto-js');

function decryptECB(encryptedData, apiKey) {
    const hashedKey = CryptoJS.SHA256(apiKey);
    const key = CryptoJS.lib.WordArray.create(hashedKey.words.slice(0, 8), 32);
    const cipherParams = CryptoJS.lib.CipherParams.create({
        ciphertext: CryptoJS.enc.Base64.parse(encryptedData)
    });
    const decrypted = CryptoJS.AES.decrypt(cipherParams, key, {
        mode: CryptoJS.mode.ECB
    });
    return JSON.parse(decrypted.toString(CryptoJS.enc.Utf8));
}

4-4. WEBHOOK Data Encryption (AES-256-CBC)

const CryptoJS = require('crypto-js');

function generateKeyAndIV(apiKey) {
    const hashedKey = CryptoJS.SHA256(apiKey);
    const key = CryptoJS.lib.WordArray.create(hashedKey.words.slice(0, 8), 32);
    const iv = CryptoJS.lib.WordArray.create(hashedKey.words.slice(8, 12), 16);
    return { key, iv };
}

function encryptCBC(data, apiKey) {
    const { key, iv } = generateKeyAndIV(apiKey);
    const encrypted = CryptoJS.AES.encrypt(JSON.stringify(data), key, { iv: iv, mode: CryptoJS.mode.CBC });
    return encrypted.ciphertext.toString(CryptoJS.enc.Base64);
}

4-5. WEBHOOK Data Decryption (AES-256-CBC)

const CryptoJS = require('crypto-js');

function generateKeyAndIV(apiKey) {
    const hashedKey = CryptoJS.SHA256(apiKey);
    const key = CryptoJS.lib.WordArray.create(hashedKey.words.slice(0, 8), 32);
    const iv = CryptoJS.lib.WordArray.create(hashedKey.words.slice(8, 12), 16);
    return { key, iv };
}

function decryptCBC(encryptedData, apiKey) {
    const { key, iv } = generateKeyAndIV(apiKey);
    
    // Create cipher params for decryption
    const cipherParams = CryptoJS.lib.CipherParams.create({
        ciphertext: CryptoJS.enc.Base64.parse(encryptedData)
    });
    
    // Decrypt the data
    const decrypted = CryptoJS.AES.decrypt(cipherParams, key, {
        iv: iv,
        mode: CryptoJS.mode.CBC,
        padding: CryptoJS.pad.Pkcs7
    });
    
    return JSON.parse(decrypted.toString(CryptoJS.enc.Utf8));
}
I