Paybiz, employs a robust encryption and decryption strategy using both Java and JavaScript to ensure the utmost security for its data transactions. In the realm of Java, Paybiz leverages industry-standard libraries such as Java Cryptography Architecture (JCA) and Java Cryptography Extension (JCE) to implement strong encryption algorithms. These libraries provide a comprehensive set of tools for cryptographic operations, ensuring data confidentiality and integrity.
Encryption and Decryption in JAVA
Below is the sample code of JAVA:
public static String encryptAES(String key,String encryptString)
throws Exception{
byte[] encryptedText=null;
IvParameterSpec ivspec=null;
SecretKeySpec skeySpec=null;
Cipher cipher=null;
byte[] text=null;
String s=null;
try{
ivspec = new IvParameterSpec(AES_IV.getBytes("UTF8"));
skeySpec = new SecretKeySpec(key.getBytes("UTF-8"),
"AES");
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec,ivspec);
text = encryptString.getBytes("UTF-8");
encryptedText = cipher.doFinal(text);
s = byteArrayToHexString(encryptedText);
}catch(Exception e){
e.printStackTrace();
}
finally
{
encryptedText=null;
ivspec=null;
skeySpec=null;
cipher=null;
text=null;
}
return s.toUpperCase();
}
public static String decryptAES(String key,String encryptedString)
throws Exception{
SecretKeySpec skeySpec=null;
IvParameterSpec ivspec=null;
Cipher cipher =null;
byte[] textDecrypted=null;
try{
byte[] b = hexStringToByteArray(encryptedString);
skeySpec = new SecretKeySpec(key.getBytes("UTF8"),
"AES");
ivspec = new IvParameterSpec(AES_IV.getBytes("UTF8"));
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, skeySpec,ivspec);
textDecrypted = cipher.doFinal(b);
}catch(Exception e){
e.printStackTrace();
}
finally
{
skeySpec=null;
ivspec=null;
cipher =null;
}
return(new String(textDecrypted));
}
Encryption in JavaScript
On the client-side, Paybiz employs JavaScript to enhance security in web-based interactions. Using modern cryptographic libraries like CryptoJS, the company ensures that sensitive information is encrypted on the client’s browser before transmission, adding an extra layer of protection. Paybiz remains at the forefront of security measures by combining the strengths of Java and JavaScript, thereby safeguarding user data throughout the entire transaction process.
Below is the sample code of JavaScript:
encrypt(value) {
var key = CryptoJS.enc.Utf8.parse(secretKey);
var iv = CryptoJS.enc.Utf8.parse(secretKey);
var encryptedKey =
CryptoJS.AES.encrypt(CryptoJS.enc.Utf8.parse(value), key,
{
keySize: 128 / 8,
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
return encryptedKey.toString();
}
Note: Decryption is handled by the PG as mentioned in JAVA.