Security

Encryption Methodology:

Request data is encrypted using AES encryption which uses the following parameters:

Algorithm	AES 256
Key Size	256 Bits
Block Size	128 Bits
Padding	PKCS7
Mode / Cipher	CBC
IV	16 bytes of IV value will be provided by CAMS in a base64 string format
Key	32 bytes of Key value will be provided by CAMS in a base64 string format

To ensure integrity of data, a SHA-256 hash of the data is sent in an encrypted format along with the encrypted data.

Steps for Encryption:

To encrypt and send data, the sender must follow the steps below:

1. Construct the request JSON data as per the format provided.

2. Using the Initialization Vector and AES Key as provided by CAMS, perform AES-256 encryption of the data (use parameters as mentioned in the “Encryption Methodology” section) and convert the same as a base64 string. This will give "Data".

3. Refer the sample request given in the "Sample Encrypted Response".

Decryption Methodology:

CAMS will send the response data to client in an encrypted manner.

Response data is decrypted using AES decryption which uses the following parameters:

Algorithm	AES 256
Key Size	256 Bits
Block Size	128 Bits
Padding	PKCS7
Mode / Cipher	CBC
IV	16 bytes of IV value will be provided by CAMS in a base64 string format
Key	32 bytes of Key value will be provided by CAMS in a base64 string format

Steps for Decryption

The process of decryption of an AES ciphertext is similar to the encryption process in the reverse order. So, when encrypted data is received, the receiver must use the following steps to decrypt the response data.

1. Perform base64 decoding of response data and use the Initialization Vector and AES Key as provided by CAMS to perform AES-256 decryption of the data (use parameters as mentioned in the “Decryption Methodology” section). This will give the actual data for use.