function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
sudha rani 13sudha rani 13 

Trustpilot encryption process

I am working on the Encryption process.

I need to generate encrypted payload by following instructions from the below link: https://support.trustpilot.com/hc/en-us/articles/115004145087--Business-Generated-Links-for-developers-
I tried below code below:
 

String text = '{"email":"sudharani256@gamil.com","name":"Sudha Rani Y","ref":"1234"}';

Blob key = Crypto.generateAesKey(128);

Blob data = Blob.valueOf(text);

String clearText = '{"email":"sudharani256@gmail.com","name":"Sudha Rani Y","ref":"1234"}';

String b64Data = EncodingUtil.base64Encode(data);


String encryptKey = '/...................';

Blob cipherText = Crypto.encryptWithManagedIV('AES128', key, Blob.valueOf(clearText));

//note 1 add above iV in place of key
blob encryptedData = Crypto.encrypt('AES256', EncodingUtil.base64Decode(encryptKey),key,data);

//16 byte string. since characters used are ascii, each char is 1 byte.
//encrypted blob

String strMd5= EncodingUtil.base64Encode (Crypto.generateDigest('MD5',EncodingUtil.base64Decode('ekR0VlHRzQxIlNu0smkKh8sOOcfUAqwsw71g4fhHChA=')));


String algorithmName = 'HmacSHA256';


Blob hmacData = Crypto.generateMac(algorithmName, EncodingUtil.base64Decode(strMd5), data);

string input='...';  // what you want to sign

string privateKey= '...................';  // your private key
Blob keyTwo = Crypto.generateAesKey(256);

//blob rs256sig = Crypto.sign('RSA', data, EncodingUtil.base64Decode(encryptKey));

system.debug(EncodingUtil.urlEncode(EncodingUtil.base64Encode(key)+EncodingUtil.base64Encode(cipherText)+EncodingUtil.base64Encode(hmacData),'UTF-8'));
 


From the above code, I tried rs256sig instead of hmacData but getting error like "System.SecurityException: Invalid Crypto Key".
Please help me it is very needful.

VinayVinay (Salesforce Developers) 
Hi Sudha,

Found below links which are relavant to 'System.SecurityException: Invalid Crypto Key' error.

https://developer.salesforce.com/forums/?id=9060G0000005ZrLQAU
https://salesforce.stackexchange.com/questions/281029/crypto-verify-format-of-a-public-key
https://salesforcekings.blogspot.com/2015/10/how-to-encrypt-and-decrypt-value-in.html

Hope above information was helpful.

Please mark as Best Answer so that it can help others in the future.

Thanks,
Vinay Kumar
sudha rani 13sudha rani 13
Do we use open SSL in apex also to create the Crypto key?
sudha rani 13sudha rani 13
I have encrypted key and oAuth key
VinayVinay (Salesforce Developers) 
Hi Sudha,

Apex Crypto class provides support for Digital Signatures with the sign() method. OpenSSL can be used to generate a certificate from which a private key can be extracted. The important thing to note is that the resulting private key must be in PCKS#8 format.

Found below related documentation for your reference.

https://developer.salesforce.com/page/Apex_Crypto_Class
https://salesforce.stackexchange.com/questions/275453/encrypt-with-apex-and-decrypt-with-openssl-base64-encoding-and-line-breaks
https://www.jitendrazaa.com/blog/tag/openssl/
https://developer.salesforce.com/forums/?id=906F00000008xUXIAY
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_restful_crypto.htm

Thanks,
Vinay Kumar
sudha rani 13sudha rani 13

Here is the sample python code, they are not generating any crypto key. They are just using the encryption key and the Auth key.

https://github.com/trustpilot/python-authenticated-encryption
sudha rani 13sudha rani 13
Here links are must be dynamic. we can not keep generating certificates manually using open SSL.is there a way to generate it programmatically/dynamically.
sudha rani 13sudha rani 13

Here is the updated code(Modified encryption process and applied concatenation logic):

String text = '{\"email\":\"sudharani256@gmail.com\",\"name\":\"Sudha Rani\",\"ref\":\"1234\"}';
Blob data = Blob.valueOf(text);
Blob iv =Crypto.generateAesKey(128);
BLob encryptKeyDecode = EncodingUtil.base64Decode('.............');
BLob authKeyDecode = EncodingUtil.base64Decode('............');
Blob cipherText = Crypto.encrypt('AES256', encryptKeyDecode, iv,data);


String ivCipherString = EncodingUtil.base64Encode(iv)+EncodingUtil.base64Encode(cipherText);

Blob ct = EncodingUtil.base64Decode(ivCipherString);




String algorithmName = 'hmacSHA256';
Blob hmacData = Crypto.generateMac(algorithmName,ct,authKeyDecode);

String base64_payload  = EncodingUtil.base64Encode(iv)+EncodingUtil.base64Encode(cipherText)+EncodingUtil.base64Encode(hmacData);
String urlEncodeInfohmacData = EncodingUtil.urlEncode(EncodingUtil.base64Encode(hmacData),'UTF-8');

system.debug(urlEncodeInfohmacData);

String urlEncodeInfo = EncodingUtil.urlEncode(base64_payload,'UTF-8');

system.debug(urlEncodeInfo);
 

 
sudha rani 13sudha rani 13

I cracked it. 

 

String text = '{\"email\":\"sudharani256@gmail.com\",\"name\":\"Sudha Rani\",\"ref\":\"1234\"}';
Blob encryptCode = EncodingUtil.base64Decode('...........');
Blob data = Blob.valueOf(text);

Blob ciphertextAndIV = Crypto.encryptWithManagedIV('AES256', encryptCode, data);

BLob authKeyDecode = EncodingUtil.base64Decode('.............................');

String ciphertextAndIVTExt = EncodingUtil.base64Encode(ciphertextAndIV);
String algorithmName = 'hmacSHA256';
Blob hmacData = Crypto.generateMac(algorithmName,ciphertextAndIV,authKeyDecode);


String base64_payload  = ciphertextAndIVTExt+EncodingUtil.base64Encode(hmacData);
String urlEncodeInfohmacData = EncodingUtil.urlEncode(base64_payload,'UTF-8');

system.debug(urlEncodeInfohmacData);
Stanley LopezStanley Lopez
Can any algorithm detect fake reviews of mining cryptocurrency (https://allianceminers.com) website?