diff --git a/java_sdk_example/src/main/java/aws/sample/paymentcryptography/EncryptionUtil.java b/java_sdk_example/src/main/java/aws/sample/paymentcryptography/EncryptionUtil.java new file mode 100644 index 0000000..c31dd56 --- /dev/null +++ b/java_sdk_example/src/main/java/aws/sample/paymentcryptography/EncryptionUtil.java @@ -0,0 +1,123 @@ +package aws.sample.paymentcryptography; + +import org.json.JSONObject; +import software.amazon.awssdk.services.paymentcryptographydata.PaymentCryptographyDataClient; +import software.amazon.awssdk.services.paymentcryptographydata.model.*; + +import java.util.Random; +import java.util.logging.Level; +import java.util.logging.Logger; +import java.math.BigInteger; + +public class EncryptionUtil { + + //Decryption API example + public String decrypt(String encryptedData, String ksn, String bdkAlias) {//print all arguments + Logger.getGlobal().log(Level.INFO, + "EncryptionUtil:decrypt Request received with encryptedData {0}, ksn {1}, bdkAlias{2}", + new Object[] {encryptedData, ksn, bdkAlias}); + + try { + PaymentCryptographyDataClient dataPlaneClient = DataPlaneUtils.getDataPlaneClient(); + + DukptEncryptionAttributes dukptEncryptionAttributes = DukptEncryptionAttributes + .builder() + .keySerialNumber(ksn) + .mode(ServiceConstants.MODE) + .build(); + + EncryptionDecryptionAttributes decryptionAttributes = EncryptionDecryptionAttributes + .builder() + .dukpt(dukptEncryptionAttributes) + .build(); + + DecryptDataRequest decryptDataRequest = DecryptDataRequest + .builder() + .cipherText(encryptedData) + .keyIdentifier(bdkAlias) + .decryptionAttributes(decryptionAttributes) + .build(); + + Logger.getGlobal() + .log(Level.INFO,"Attempting to decrypt data {0}" ,encryptedData); + DecryptDataResponse decryptDataResponse = dataPlaneClient.decryptData(decryptDataRequest); + + Logger.getGlobal() + .log(Level.INFO,"Decrypted data {0}" ,decryptDataResponse.plainText()); + + return decryptDataResponse.plainText(); + + } catch (Exception exception) { + Logger.getGlobal().log(Level.INFO, + "Decrypted: Error occurred when decrypting"); + JSONObject returnJsonObject = new JSONObject() + .put("response", exception.getMessage()); + exception.printStackTrace(); + return returnJsonObject.toString(); + } + } + + //Encryption API example + public String encrypt(String track2Data, String ksn, String bdkAlias) { + Logger.getGlobal().log(Level.INFO, + "EncryptionUtil:encrypt Request received with track2Data {0}, ksn {1}, bdkAlias{2}", + new Object[] {track2Data, ksn, bdkAlias}); + + try { + PaymentCryptographyDataClient dataPlaneClient = DataPlaneUtils.getDataPlaneClient(); + + DukptEncryptionAttributes dukptEncryptionAttributes = DukptEncryptionAttributes + .builder() + .keySerialNumber(ksn) + .mode(ServiceConstants.MODE) + .build(); + + EncryptionDecryptionAttributes encryptionAttributes = EncryptionDecryptionAttributes + .builder() + .dukpt(dukptEncryptionAttributes) + .build(); + + EncryptDataRequest encryptDataRequest = EncryptDataRequest + .builder() + .plainText(track2Data) + .keyIdentifier(bdkAlias) + .encryptionAttributes(encryptionAttributes) + .build(); + + String encryptedData = dataPlaneClient.encryptData(encryptDataRequest).cipherText(); + + Logger.getGlobal() + .log(Level.INFO, "Encrypted data {0}", encryptedData); + + return encryptedData; + + } catch (Exception exception) { + Logger.getGlobal().log(Level.INFO, + "Encrypted: Error occurred when encrypting"); + JSONObject returnJsonObject = new JSONObject() + .put("response", exception.getMessage()); + exception.printStackTrace(); + return returnJsonObject.toString(); + } + } + public static void main(String[] args) { + + EncryptionUtil encryptionUtil = new EncryptionUtil(); + String ksn = "064E7913030373800000"; + String encryptedData = "1AA20535832C1E1517C39D09865B6EBB"; + String bdkAlias = ServiceConstants.BDK_ALIAS_TDES_2KEY; + String decryptedData = encryptionUtil.decrypt(encryptedData, ksn, bdkAlias); + System.out.println(decryptedData); + Logger.getGlobal().log(Level.INFO, + "EncryptionUtil:Decrypted data is {0}", + new Object[] {decryptedData}); + } + + protected static String getRandomNumberWithDigitCount(int digCount) { + Random rnd = new Random(); + StringBuilder sb = new StringBuilder(digCount); + for (int i = 0; i < digCount; i++) + sb.append((char) ('0' + rnd.nextInt(10))); + return sb.toString(); + } +} diff --git a/key-import-export/tr34/import_app/import_tr31_raw_key_to_apc.py b/key-import-export/tr34/import_app/import_tr31_raw_key_to_apc.py index 18227a1..bf23d07 100644 --- a/key-import-export/tr34/import_app/import_tr31_raw_key_to_apc.py +++ b/key-import-export/tr34/import_app/import_tr31_raw_key_to_apc.py @@ -95,7 +95,7 @@ def importTR31(kbpk_clearkey,wk_clearkey,exportmode,keytype,modeofuse,algorithm, parser.add_argument("--kbpk_clearkey", help="Clear Text version of KBPK", default="8A8349794C9EE9A4C2927098F249FED6") parser.add_argument("--exportmode", "-e", help="Export Mode - E, S or N", default="E",choices=['E', 'S', 'N']) parser.add_argument("--algorithm", "-a", help="Algorithm of key - (T)DES or (A)ES", default="T", choices=['A', 'T','R']) - parser.add_argument("--keytype", "-t", help="Key Type according to TR-31 norms. For instance K0, B0, etc", default="B0",choices=['K0', 'B0', 'D0','P0','D1']) + parser.add_argument("--keytype", "-t", help="Key Type according to TR-31 norms. For instance K0, B0, etc", default="B0",choices=['C0', 'K0', 'K1', 'D0', 'P0', 'V1', 'V2', 'E0', 'E1', 'E2', 'E6', 'B0', 'E4', 'E5', 'M1', 'M3']) parser.add_argument("--modeofuse", "-m", help="Mode of use according to TR-31 norms. For instance B (encrypt/decrypt),X (derive key)", default="X",choices=['B', 'X', 'N','E','D','G','C','V']) parser.add_argument("--runmode", help="Run mode. APC will directly import will offline will only produce tr-31 payload", default="APC",choices=['APC', 'OFFLINE']) parser.add_argument("--kbpkkey_apcIdentifier","-z", help="Key identifier for KEK that has already been imported into the service. It should have a keytype of K0.", default="",required=True)