Excerpt | |||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Cardinal Cruise utilizes a JWE to handle encryption and to assist in passing secure data between you and Cardinal. As of writing, typically JWE's are only being used in wallet type payment brands like Apple Pay or Visa Checkout to transmit card details from Cardinal to the merchant. The JWE must be sent server-side for decryption. Decrypting a JWE client-side is not a valid activation option. The JWE is used as the method of transmitting encrypted payment data as a custom claim within a Cardinal Cruise response JWT. The examples below will reflect the passing of credit card data within our SecuredData object. Please be aware that the specific payment data passed in the SecuredData object will depend on the individual payment brand. The encryption and decryption process will remain the same regardless of the data being sent.
The contents of a JWE may differ for each place a JWE is used. JWE's are simply a vehicle to return back sensitive information of any kind. The Payload claim of the decrypted JWE will always be wrapped in a generic 'SecuredData' object. The SecuredData object will contain the sensitive information being returned. A common use case for JWE's is using a wallet payment brand. In this case the SecuredData object would have 1 child object, an Account object that describes the credit card details the consumer picked to use at the wallet. Below is an example of the JSON content of a wallet JWE Payload claim:
The JWE will be sent back on the response JWT within the payload on a new 'JWE' field. Below is a sample JSON object that represents the data structure of the JWT and JWE:
|
...
Below are samples of decryption JWT's in a few different languages.
Java
We recommend using an existing third party library to assist you in decrypting the JWE. The JWT.io website contains a list of approved libraries, with their feature sets. Check it out here.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
// This sample code was written using the Jose4j // library (https://bitbucket.org/b_c/jose4j/wiki/Home) found at JWT.io import org.jose4j.jwe.JsonWebEncryption; import org.jose4j.jwk.JsonWebKey; import org.jose4j.lang.JoseException; private String decryptJwe(String encryptedJwe) throws JoseException { String key = "xeBVa77hvlGhRpOlAtB6Mbupkfclxv91S4AMNmfLiWU="; //test value String jwkJson = "{\"kty\":\"oct\",\"k\":\"" + key + "\"}"; JsonWebKey jwk = JsonWebKey.Factory.newJwk(jwkJson); JsonWebEncryption receiver = new JsonWebEncryption(); receiver.setCompactSerialization(encryptedJwe); receiver.setKey(jwk.getKey()); return receiver.getPlaintextString(); } |
...