# RSA Cryptography

The **RSA Cryptography** connector encrypts and decrypts based on the RSA algorithm.

## **Parameters**

Take a look at the configuration parameters of the connector. Parameters supported by [Double Braces expressions](https://docs.digibee.com/documentation/connectors-and-triggers/double-braces/overview) are marked with `(DB)`.

### **General tab**

<table data-full-width="true"><thead><tr><th>Parameter</th><th>Description</th><th>Default value</th><th>Data type</th></tr></thead><tbody><tr><td><strong>Account</strong></td><td>Account to be used by the connector.</td><td>N/A</td><td>String</td></tr><tr><td><strong>Crypto Operation</strong></td><td>Available operation types - <strong>Encrypt Fields</strong>, <strong>Decrypt Fields</strong>, <strong>Encrypt Payload</strong>, <strong>Decrypt Payload</strong>, <strong>Unwrap Key</strong>, and <strong>Wrap Key</strong>.</td><td>Encrypt Fields</td><td>String</td></tr><tr><td><strong>Fields To Encrypt/Decrypt</strong></td><td>Fields to be encrypted/decrypted using a dotted notation (e.g., <code>body.field1</code>, <code>body.field2</code>, <code>body</code>).</td><td>a.test</td><td>String</td></tr><tr><td><strong>Payload To Encrypt/Decrypt</strong></td><td>Payload to be encrypted/decrypted using dotted notation.</td><td>N/A</td><td>String</td></tr><tr><td><strong>Secret Key</strong></td><td>Secret Key to be wrapped/unwrapped using dotted notation.</td><td>N/A</td><td>String</td></tr><tr><td><strong>Operation Mode</strong></td><td>Operation mode to be used.</td><td>ECB</td><td>String</td></tr><tr><td><strong>Padding</strong></td><td>Used in a block cipher where we fill up the blocks with padding bytes (e.g., AES 128 bits uses 16 padding bytes).</td><td>OAEPWithSHA-512AndMGF1Padding</td><td>String</td></tr><tr><td><strong>Charset</strong></td><td>Charset of the provided key of type string.</td><td>UTF-8</td><td>String</td></tr><tr><td><strong>Encrypted Message As Hexa</strong></td><td>If the option is activated, the secret key response will be in hexadecimal; otherwise, it will be in base64.</td><td>False</td><td>Boolean</td></tr><tr><td><strong>Fail On Error</strong></td><td>If the option is enabled, the execution of the pipeline with an error will be interrupted; otherwise, the pipeline execution proceeds, but the result will show a false value for the "success" property.</td><td>False</td><td>Boolean</td></tr></tbody></table>

### **Documentation tab**

<table data-full-width="true"><thead><tr><th>Parameter</th><th>Description</th><th>Default value</th><th>Data type</th></tr></thead><tbody><tr><td><strong>Documentation</strong></td><td>Section for documenting any necessary information about the connector configuration and business rules.</td><td>N/A</td><td>String</td></tr></tbody></table>

To encrypt or wrap, you must configure a **Public Key** account. Encrypt operations also support the property key via body with the respective key.

To decrypt or unwrap, you must configure a **Private Key** account.

## **Parameters additional information**

### **Wrap and Unwrap Key**

Wrap and unwrap operations differ slightly from encrypt and decrypt operations. When you **wrap a key**, you not only encrypt it but also add integrity protection to ensure the key remains untampered. Similarly, when you **unwrap a key**, you decrypt it while simultaneously validating its integrity.

In the RSA Cryptography connector, these operations are designed to securely encapsulate a session (or secret) key for transfer through other Digibee connectors, ensuring both confidentiality and integrity.

Since these are experimental features, only one specific configuration is currently supported.

#### **For Wrap Key Crypto Operation**

<figure><img src="https://content.gitbook.com/content/EKM2LD3uNAckQgy1OUyZ/blobs/P8QqlrpOmpzjgZ0TImmq/Wrap%20Key%20-%20RSA%20Cryptography.png" alt=""><figcaption></figcaption></figure>

In the **Account** field, you must select a public key from an RSA 2048-bit key pair.

In the **Secret Key** field, you must specify a 256-bit AES key from the input payload. Use dotted notation to reference the respective key field.

Values will be encrypted in hexadecimal format.

The RSA wrapping operation will be performed with the following parameters:

* **Operation Mode**: ECB
* **Padding Scheme**: OAEPWithSHA-256AndMGF1Padding

#### **For Unwrap Key Crypto Operation**

<figure><img src="https://content.gitbook.com/content/EKM2LD3uNAckQgy1OUyZ/blobs/oBZhTdV51dpR6TFwCqiJ/Unwrap%20key%20-%20RSA%20Cryptography.png" alt=""><figcaption></figcaption></figure>

In the **Account** field, you must select a private key from an RSA 2048-bit key pair.

In the **Secret Key** field, you must specify a 256-bit AES key from the input payload. Use dotted notation to reference the respective key field.

Values will be encrypted in hexadecimal format.

The RSA unwrapping operation will be performed with the following parameters:

* **Operation Mode**: ECB
* **Padding Scheme**: OAEPWithSHA-256AndMGF1Padding

## **Messages flow**

### **Operation: Encrypt Fields**

#### **Input**

{% code overflow="wrap" %}

```json
{
    "operation": "encrypt_fields",
    "operationMode": "ECB",
    "padding": "OAEPWithSHA1AndMGF1Padding",
    "encryptedFields": "data,data1",
    "failOnError": true,
    "key": "PoeK/VBTcUyRHFkmWYjckbhsRLnZur6S83lKZ78V51EL3KlDNnPJZkdz+m7joRfOxFuEqU=" // Inform the Key parameter if the Account is not configured
}
```

{% endcode %}

#### **Payload**

```json
{
    "data": someData,
    "data1": someData1
}
```

#### **Output**

```json
{
    "data": "RXZlbiBpZiBwZXJmZWN0IGNyeXB0b2dyYXBoaWMgcm91dGluZXMgYXJlIH=",
    "data1": "RXZlbiBpZifd441mZWN0IGNyeXB0b2dyYXBoaWMgcm91dGluZXMgYXJlIH="
}
```

### **Operation: Decrypt Fields**

#### **Input**

```json
{
    "operation": "decrypt_fields",
    "operationMode": "ECB",
    "padding": "OAEPWithSHA1AndMGF1Padding",
    "encryptedFields": "data,data1",
    "failOnError": true
}
```

#### **Payload**

```json
{
    "data": "RXZlbiBpZiBwZXJmZWN0IGNyeXB0b2dyYXBoaWMgcm91dGluZXMgYXJlIH=",
    "data1": "RXZlbiBpZifd441mZWN0IGNyeXB0b2dyYXBoaWMgcm91dGluZXMgYXJlIH="
}
```

#### **Output**

```json
{
    "data": someData,
    "data1": someData1
}
```

### **Operation: Wrap Key**

#### **Payload**

{% code overflow="wrap" %}

```json
{
  "encryptedData": {
    "key": "D379C385D6234349046ABCFD42160E5B461E852A63F53B8FDA3B6ED044332E34"
  }
}
```

{% endcode %}

#### **Output**

{% code overflow="wrap" %}

```json
{
  "encryptedData": {
    "key": "1e9fbbe9f77020cd05318d71ae242c68ab62981cc40b0e88c42ad89bb24807e46c6589edbb81bc7271c3824d60c2fa754651325eb2510a7cd82125f4ca9356b0b48d2dea8e8348f68173eabecb096a4c41a4a852ec2fb7cd9b0381d080e9d1e09a0bb614d3bbf550e52fe4583a5fdd47623e13256c69ee434b6c44d2e90de89804f0e0ff1c83f25adeef9ae89e657b79d8270511b9be5ce56a8955b2c8c5356c9639e6556c12c208a58e2d30e554a51d3a45317de54ab7380482f2d9f6d70c0223594b39c1c2f6f1d28301cb128167946082085c6dbf89825b6fc41929380305d4a5009d85c97d3d08f9672e66e71188b02eb23dffcb40271f1bb7b4d2f4fd5b"
  }
}
```

{% endcode %}

### **Operation: Unwrap Key**

#### **Payload**

{% code overflow="wrap" %}

```json
{
  "encryptedData": {
    "key": "1e9fbbe9f77020cd05318d71ae242c68ab62981cc40b0e88c42ad89bb24807e46c6589edbb81bc7271c3824d60c2fa754651325eb2510a7cd82125f4ca9356b0b48d2dea8e8348f68173eabecb096a4c41a4a852ec2fb7cd9b0381d080e9d1e09a0bb614d3bbf550e52fe4583a5fdd47623e13256c69ee434b6c44d2e90de89804f0e0ff1c83f25adeef9ae89e657b79d8270511b9be5ce56a8955b2c8c5356c9639e6556c12c208a58e2d30e554a51d3a45317de54ab7380482f2d9f6d70c0223594b39c1c2f6f1d28301cb128167946082085c6dbf89825b6fc41929380305d4a5009d85c97d3d08f9672e66e71188b02eb23dffcb40271f1bb7b4d2f4fd5b"
  }
}
```

{% endcode %}

#### **Output**

```json
{
  "encryptedData": {
    "key": "D379C385D6234349046ABCFD42160E5B461E852A63F53B8FDA3B6ED044332E34"
  }
}
```