Encryption and Decryption Tool

For development purposes, provide the Encryption and Decryption Tool.
You may download it via this link and verify the results are accurate.

cf> In macOS, it requires allowing launching this app in the “Privacy & Security” settings menu.

Encrypt Tool Pn

Encryption Options

Query String Encryption

Query String Encryption

Secure Data Transmission Options

Secure Data Transmission Options

Encryption/Decryption Methods

Encryption/Decryption Methods

1. Query String Encryption

Sensitive data sent via URL query strings is encrypted using the AES-256-ECB encryption method.

1

Prepare Data in JSON Format

Refer to the link below for each parameter description

Key Query String Parameters

{
    "email": "email@email.com",
    "userid": "userid",
    "cf1": "value 1",
    "cf2": "value 2",
    "cf3": "value 3",
    "blacklistCountries": false,
    "approvePeriod": false,
    "rejectPeriod": false,
    "ageLimit": false,
    "rejectDuplicateUser": true,
    "token": "token_id",
    "allowedCountries": "USA,KOR"
}
2

Perform AES-256 Encryption Using the Provided API Key

3

Add Encrypted Data to the URL as the 'encrypted' Query Parameter

https://form.argosidentity.com/?pid={project_Id}&encrypted={encrypted_json_text}

Caution: The following query parameters are not encrypted: pid, lang, sid, action.
The pid, lang query strings and the sid, action query strings used on the “Additional Process (Injection)” page do not support encryption.

2. Query String Encryption and Decryption Methods

2-1. Key Generation Process

1

Generate Hashed Key

var crypto = require('crypto');
var hashedKey = crypto.createHash('sha256').update(APIKEY).digest();

2

Encryption Example

Below are examples of encrypting data using AES-256

  var crypto = require('crypto');

  /**
  * @param {string} data - Stringified JSON data
  * @param {string} apiKey - Project API key
  * @returns {string} Encrypted data
  *
  * for exact encryption, use formatJSON.
  * example below,
  * const data = {
      userid: "10912301",
      email: "email@email.com"
  * };
  *
  * do not use string direct way, like
  * `{"userid":"10912301","email":"email@email.com"}`
  * which is not same as expected encryption.
  */

  function encrypt(data, apiKey) {
    var hashedKey = crypto.createHash('sha256').update(apiKey).digest();
    var cipher = crypto.createCipheriv('aes-256-ecb', hashedKey, null);
    return cipher.update(data, 'utf8', 'base64') + cipher.final('base64');
  }
3

Decryption Example

Below are examples of decrypting data encrypted with AES-256

    var crypto = require('crypto');

  /**
  * @param {string} encryptedData
  * @param {string} apiKey
  * @returns {string} Decrypted data
  */
  function decrypt(encryptedData, apiKey) {
    var hashedKey = crypto.createHash('sha256').update(apiKey).digest();
    var decipher = crypto.createDecipheriv('aes-256-ecb', hashedKey, null);
    return decipher.update(encryptedData, 'base64', 'utf8') + decipher.final('utf8');
  }

3. Secure Data Transfer Options

Encrypt data for secure transmission in API methods (GET, POST, PATCH) and WEBHOOKs. API methods use the AES-256-ECB encryption method, while WEBHOOKs use AES-256-CBC encryption. Ensure that secure data transfer is enabled before using it to protect sensitive information.

Secure Data Transfer

If this option is enabled, the request body must be encrypted. Inquire about a body parameter that is encrypted data. It is necessary to encrypt AES-256-ECB and refer to the Key Features and instructions on how to encrypt.

body : encrypt({
		email : 'string',
		fullName : 'string',
		issuingCountry : 'string',
		birthDate: 'string'
		...
	})

Responses include encrypted data and the “isEncrypted” flag.

body : {
    "data": "encrypted-string",
    "isEncrypted": true
}

3-1. Key Features

  • GET, POST, PATCH requests are encrypted using AES-256-ECB
  • WEBHOOK data is encrypted using AES-256-CBC
  • Ensures data integrity and authentication through PKI
  • Enhances data protection during transmission

3-2. API Request Data Encryption (AES-256-ECB)

import CryptoJS from 'crypto-js';
const CryptoJS = require('crypto-js');

function encryptECB(data, apiKey) {
    const hashedKey = CryptoJS.SHA256(apiKey);
    const key = CryptoJS.lib.WordArray.create(hashedKey.words.slice(0, 8), 32);
    const encrypted = CryptoJS.AES.encrypt(JSON.stringify(data), key, {
        mode: CryptoJS.mode.ECB
    });
    return encrypted.ciphertext.toString(CryptoJS.enc.Base64);
}

3-3. API Data Decryption (AES-256-ECB)

const CryptoJS = require('crypto-js');

function decryptECB(encryptedData, apiKey) {
    const hashedKey = CryptoJS.SHA256(apiKey);
    const key = CryptoJS.lib.WordArray.create(hashedKey.words.slice(0, 8), 32);
    const cipherParams = CryptoJS.lib.CipherParams.create({
        ciphertext: CryptoJS.enc.Base64.parse(encryptedData)
    });
    const decrypted = CryptoJS.AES.decrypt(cipherParams, key, {
        mode: CryptoJS.mode.ECB
    });
    return JSON.parse(decrypted.toString(CryptoJS.enc.Utf8));
}

3-4. WEBHOOK Data Encryption (AES-256-CBC)

import CryptoJS from 'crypto-js';

function generateKeyAndIV(apiKey) {
    const hashedKey = CryptoJS.SHA256(apiKey);
    const key = CryptoJS.lib.WordArray.create(hashedKey.words.slice(0, 8), 32);
    const iv = CryptoJS.lib.WordArray.create(hashedKey.words.slice(8, 12), 16);
    return { key, iv };
}

function encryptCBC(data, apiKey) {
    const { key, iv } = generateKeyAndIV(apiKey);
    const encrypted = CryptoJS.AES.encrypt(JSON.stringify(data), key, { iv: iv, mode: CryptoJS.mode.CBC });
    return encrypted.ciphertext.toString(CryptoJS.enc.Base64);
}

3-5. WEBHOOK Data Decryption (AES-256-CBC)

const CryptoJS = require('crypto-js');

function generateKeyAndIV(apiKey) {
    const hashedKey = CryptoJS.SHA256(apiKey);
    const key = CryptoJS.lib.WordArray.create(hashedKey.words.slice(0, 8), 32);
    const iv = CryptoJS.lib.WordArray.create(hashedKey.words.slice(8, 12), 16);
    return { key, iv };
}

function decryptCBC(encryptedData, apiKey) {
    const { key, iv } = generateKeyAndIV(apiKey);
    
    // Create cipher params for decryption
    const cipherParams = CryptoJS.lib.CipherParams.create({
        ciphertext: CryptoJS.enc.Base64.parse(encryptedData)
    });
    
    // Decrypt the data
    const decrypted = CryptoJS.AES.decrypt(cipherParams, key, {
        iv: iv,
        mode: CryptoJS.mode.CBC,
        padding: CryptoJS.pad.Pkcs7
    });
    
    return JSON.parse(decrypted.toString(CryptoJS.enc.Utf8));
}