Skip to content
Airpay

Encryption

| View as Markdown

Encryption protects sensitive information by transforming readable data into ciphertext, making it inaccessible to unauthorized users. Only those with the decryption key can revert the ciphertext to its original form, ensuring secure transmission and storage.

Encryption Key
Section titled “Encryption Key”

We use Symmetric Key Encryption, where the same key is applied for both encryption and decryption. This method is efficient and ideal for securing large volumes of data. However, safeguarding the key is critical—any compromise can lead to unauthorized data access.

Encryption key flow

What is AES/CBC/PKCS5PADDING Mechanism
Section titled “What is AES/CBC/PKCS5PADDING Mechanism”

AES/CBC/PKCS5PADDING combines three elements:

AES (Advanced Encryption Standard): A widely trusted algorithm for secure data encryption.

CBC (Cipher Block Chaining): Chains each block of plaintext with the previous ciphertext block, adding randomness and security. An initialization vector (IV) is used for the first block.

PKCS5Padding: Ensures the data fits the required block size by adding padding when necessary.

This method offers a strong, reliable mechanism for safeguarding sensitive data and preventing identifiable patterns in encrypted content.

Implementation Steps:

  1. Prepare the Data — Create the request payload and convert it into a JSON-encoded string.

  2. Generate the Encryption Key — Apply the MD5 hash to the concatenated string of the provided username and password:

    md5(username . "~:~" . password)

  3. Generate an Initialization Vector (IV) — The IV should be a 16-byte random string and must be shared along with the encrypted data for decryption.

  4. Encrypt the Data and Send the Request — Use AES-256-CBC encryption with the generated key and IV, apply PKCS5Padding to ensure proper block size, and include the encrypted payload in the request.

Request Body

Section titled “Request Body”
ParameterTypeRequiredDescriptionExample
dataStringThe request payload must be JSON-encoded before encryption.{"order_id":"ORD123456","merchant_id":"456"}
encryptionkeyStringThe encryption key provided by Airpay used to encrypt all request payloads using the AES/CBC/PKCS5PADDING mechanism.a197b462cb0350a093f34996f698dc94

PHP

Section titled “PHP”
<?php
  $payload = array();
  $payload['order_id']    = "ORD123456";
  $payload['merchant_id'] = 456;
  $data = json_encode($payload);
  $encryptionkey = 'a197b462cb0350a093f34996f698dc94';
  $encdata = encrypt($data,$encryptionkey);


  function encrypt($data,$encryptionkey)
  {
      $iv = bin2hex(openssl_random_pseudo_bytes(8));
      $raw = openssl_encrypt($data, 'AES-256-CBC', $encryptionkey, OPENSSL_RAW_DATA, $iv);
      $encryptedata = $iv . base64_encode($raw);
      return $encryptedata;
  }
Did this page help you?