AES-CBC Generate Tokens using a Tokenization Method
This document describes how to generate tokens using the AES-CBC method.
The SHA256 value of the "Encryption Key" set in Elice is used as the key for the AES256 encryption algorithm.
The IV value for AES256 is a 128-bit random value. (Therefore, even if the same content is encrypted, different encryption results are obtained each time encryption is performed.)
The input data length for AES256 must be a multiple of the IV length, so use the PKCS7 padding algorithm to make it a multiple of 128 bits.
Encrypt the padded data using AES256 + CBC with the key and IV values obtained above.
To decrypt the data, it is necessary to pass the IV value along with the encrypted data. Therefore, concatenate the IV value and the encrypted data in order. (For example, if the IV is "asdf" and the encrypted data is "qwer", the result will be "asdfqwer".)
Convert the completed binary token to a string by applying base64 encoding to facilitate transmission via URL.
Additionally, if necessary, URL encode the base64 string before transmission.
Code Examples
Python
Use the following third-party library for encryption:
Since standard AES encryption algorithm and PKCS7 padding are used, you can implement it using other libraries that provide the same algorithm.
C#
Java
Step-by-Step Example of Encrypting a Token
The following is a step-by-step example of encrypting the token information using the AES-CBC encryption method with the encryption key "this_is_secret_key".
The token information is serialized into the following JSON string:
The Key value used for AES256 is the SHA256 hash value of the UTF-8 encoded string "this_is_secret_key". The hash value is a binary value, so when represented in HEX, it is as follows:
During the encryption process, the IV value is a randomly changing value used each time, which ensures that even the same token information always results in a different encrypted token. The randomly generated IV value used in this example is as follows. The IV value is also a binary value, so it is represented in HEX:
Using the Key and IV values above, encrypt the serialized token information, then concatenate the IV and the encrypted token and encode them in Base64. The resulting token is as follows:
Last updated