Introduction

The goal of the encryption service is to encrypt data that is being sent through Web Service miniApps. For example, you might want us to encrypt the data we are sending to the indicated endpoint. Or you might want us to decrypt the encrypted data we are getting from you. Below you can read how you can configure these options.

The encryption service operates using asymmetric encryption (public-key cryptography).

We encrypt your data with your public key, so only you have the key to decrypt it. How this is set up is described below.

Keep in mind that in order to access the Encryption functionality, you need to be assigned a specific role. For this, contact our Support.

Creating an Encryption Profile

The goal of an encryption profile is to store the keys you will need for encryption or decryption.

To create an Encryption Profile:

  1. Go to the Encryption Profiles tab and click Create.

  2. Insert your Encryption Profile Name and select Group from the drop-down list.

  3. Click Next.

4. Copy and paste your RSA public keys and click Create:

  • Encryption Key:

    • We use this key to encrypt data sent to you (decrypt cipher)

    • The algorithm used: RSA/ECB/OAEPWithSHA-512AndMGF1Padding

  • Verification Key:

    • We use it to verify that the message received was signed with your private key (verify the signature)

    • The algorithm used: SHA512withRSA

5. In the next step, you will see the OCP pair of keys.

Save these keys somewhere safe.

You can use them to encrypt the data you are sending to OCP and sign messages that you send to use:

  • Encryption Key:

    • Use this key to encrypt messages send towards Omilia

    • Algorithm used: RSAES_OAEP_SHA_256

    • Key Specification: RSA_4096

  • Signing Key:

    • Use this key to verify messages are sent from Omilia

    • Algorithm used: RSASSA_PSS_SHA_256

    • Key Specification: RSA_4096

6. Click Finish to save the encryption profile. You can always go back and update your keys or renew the OCP Encryption key if you feel that there has been a security incident.

The keys are renewed by Omilia once every year. You will be notified through email before this happens in order to update your systems.

In case you’ve lost the OCP Verification Key, please contact Support. This key is managed by the OCP team exclusively.

Using an Encryption Profile

To use your Encryption Profile, follow the steps below:

You can have different encryption profiles for each available environment mode (uat, dev, prod).

  1. Go to your Web Service miniApp where you want to use the encryption service.

  2. Go to the Web Services tab and select the encryption profile from the dropdown menu as shown in the screenshot below:

  3. Specify the values you want to be encrypted and signed the following way:

    JSON body

    {
        "creditCardNumber" : "{{extValue1|encrypt}}" - marks the field to be encrypted
        "creditCardNumberSignature": "{{extValue1|sign}}" - marks the field to be signed
    }
    CODE


    Form data
    creditCardNumber→{{extValue1|encrypt}}

extValue1 gets populated during the session, as in the example above, it can be a credit card number the user named during the dialog session.

If you don’t add |encrypt, then the data will remain as it was (unencrypted).

Add decryption path

If you want Omilia to get the encrypted data from your endpoint and decrypt it when, for instance, announcing it to the user, proceed as follows:

  1. Go to Outputs → Decryption and click + Add decryption path:

2. The ID value you specify can be used in Fields → path, and then you will be able to use the output value in any other miniApp (such as Announcement miniApp, for example).