Encryption and Decryption Tool

For development purposes, provide the Encryption and Decryption Tool.
You may download it via this link and verify the results are accurate.

cf> In macOS, it requires allowing launching this app in the “Privacy & Security” settings menu.

Encryption Options

Query String Encryption

Query String Encryption

Secure Data Transmission Options

Secure Data Transmission Options

Encryption/Decryption Methods

Encryption/Decryption Methods

1. Query String Encryption

Sensitive data sent via URL query strings is encrypted using the AES-256-ECB encryption method.

1

Prepare Data in JSON Format

Refer to the link below for each parameter description

Key Query String Parameters

{
    "email": "email@email.com",
    "userid": "userid",
    "cf1": "value 1",
    "cf2": "value 2",
    "cf3": "value 3",
    "blacklistCountries": false,
    "approvePeriod": false,
    "rejectPeriod": false,
    "ageLimit": false,
    "rejectDuplicateUser": true,
    "token": "token_id",
    "allowedCountries": "USA,KOR"
}
2

Perform AES-256 Encryption Using the Provided API Key

3

Add Encrypted Data to the URL as the 'encrypted' Query Parameter

https://form.argosidentity.com/?pid={project_Id}&encrypted={encrypted_json_text}

Caution: The following query parameters are not encrypted: pid, lang, sid, action.
The pid, lang query strings and the sid, action query strings used on the “Additional Process (Injection)” page do not support encryption.

2. Query String Encryption and Decryption Methods

2-1. Key Generation Process

1

Generate Hashed Key

var crypto = require('crypto');
var hashedKey = crypto.createHash('sha256').update(APIKEY).digest();
2

Encryption Example

Below are examples of encrypting data using AES-256

  var crypto = require('crypto');

  /**
  * @param {string} data - Stringified JSON data
  * @param {string} apiKey - Project API key
  * @returns {string} Encrypted data
  *
  * for exact encryption, use formatJSON.
  * example below,
  * const data = {
      userid: "10912301",
      email: "email@email.com"
  * };
  *
  * do not use string direct way, like
  * `{"userid":"10912301","email":"email@email.com"}`
  * which is not same as expected encryption.
  */

  function encrypt(data, apiKey) {
    var hashedKey = crypto.createHash('sha256').update(apiKey).digest();
    var cipher = crypto.createCipheriv('aes-256-ecb', hashedKey, null);
    return cipher.update(data, 'utf8', 'base64') + cipher.final('base64');
  }
3

Decryption Example

Below are examples of decrypting data encrypted with AES-256

    var crypto = require('crypto');

  /**
  * @param {string} encryptedData
  * @param {string} apiKey
  * @returns {string} Decrypted data
  */
  function decrypt(encryptedData, apiKey) {
    var hashedKey = crypto.createHash('sha256').update(apiKey).digest();
    var decipher = crypto.createDecipheriv('aes-256-ecb', hashedKey, null);
    return decipher.update(encryptedData, 'base64', 'utf8') + decipher.final('utf8');
  }

3. Secure Data Transfer Options

Encrypt data for secure transmission in API methods (GET, POST, PATCH) and WEBHOOKs. API methods use the AES-256-ECB encryption method, while WEBHOOKs use AES-256-CBC encryption. Ensure that secure data transfer is enabled before using it to protect sensitive information.

If this option is enabled, the request body must be encrypted. Inquire about a body parameter that is encrypted data. It is necessary to encrypt AES-256-ECB and refer to the Key Features and instructions on how to encrypt.

body : encrypt({
		email : 'string',
		fullName : 'string',
		issuingCountry : 'string',
		birthDate: 'string'
		...
	})

Responses include encrypted data and the “isEncrypted” flag.

body : {
    "data": "encrypted-string",
    "isEncrypted": true
}

3-1. Key Features

  • GET, POST, PATCH requests are encrypted using AES-256-ECB
  • WEBHOOK data is encrypted using AES-256-CBC
  • Ensures data integrity and authentication through PKI
  • Enhances data protection during transmission

3-2. API Request Data Encryption (AES-256-ECB)

import CryptoJS from 'crypto-js';
const CryptoJS = require('crypto-js');

function encryptECB(data, apiKey) {
    const hashedKey = CryptoJS.SHA256(apiKey);
    const key = CryptoJS.lib.WordArray.create(hashedKey.words.slice(0, 8), 32);
    const encrypted = CryptoJS.AES.encrypt(JSON.stringify(data), key, {
        mode: CryptoJS.mode.ECB
    });
    return encrypted.ciphertext.toString(CryptoJS.enc.Base64);
}

3-3. API Data Decryption (AES-256-ECB)

const CryptoJS = require('crypto-js');

function decryptECB(encryptedData, apiKey) {
    const hashedKey = CryptoJS.SHA256(apiKey);
    const key = CryptoJS.lib.WordArray.create(hashedKey.words.slice(0, 8), 32);
    const cipherParams = CryptoJS.lib.CipherParams.create({
        ciphertext: CryptoJS.enc.Base64.parse(encryptedData)
    });
    const decrypted = CryptoJS.AES.decrypt(cipherParams, key, {
        mode: CryptoJS.mode.ECB
    });
    return JSON.parse(decrypted.toString(CryptoJS.enc.Utf8));
}

3-4. WEBHOOK Data Encryption (AES-256-CBC)

import CryptoJS from 'crypto-js';

function generateKeyAndIV(apiKey) {
    const hashedKey = CryptoJS.SHA256(apiKey);
    const key = CryptoJS.lib.WordArray.create(hashedKey.words.slice(0, 8), 32);
    const iv = CryptoJS.lib.WordArray.create(hashedKey.words.slice(8, 12), 16);
    return { key, iv };
}

function encryptCBC(data, apiKey) {
    const { key, iv } = generateKeyAndIV(apiKey);
    const encrypted = CryptoJS.AES.encrypt(JSON.stringify(data), key, { iv: iv, mode: CryptoJS.mode.CBC });
    return encrypted.ciphertext.toString(CryptoJS.enc.Base64);
}

3-5. WEBHOOK Data Decryption (AES-256-CBC)

const CryptoJS = require('crypto-js');

function generateKeyAndIV(apiKey) {
    const hashedKey = CryptoJS.SHA256(apiKey);
    const key = CryptoJS.lib.WordArray.create(hashedKey.words.slice(0, 8), 32);
    const iv = CryptoJS.lib.WordArray.create(hashedKey.words.slice(8, 12), 16);
    return { key, iv };
}

function decryptCBC(encryptedData, apiKey) {
    const { key, iv } = generateKeyAndIV(apiKey);
    
    // Create cipher params for decryption
    const cipherParams = CryptoJS.lib.CipherParams.create({
        ciphertext: CryptoJS.enc.Base64.parse(encryptedData)
    });
    
    // Decrypt the data
    const decrypted = CryptoJS.AES.decrypt(cipherParams, key, {
        iv: iv,
        mode: CryptoJS.mode.CBC,
        padding: CryptoJS.pad.Pkcs7
    });
    
    return JSON.parse(decrypted.toString(CryptoJS.enc.Utf8));
}