Message Level Encryption {#salesforce-b2c-message-level-encryption}
===================================================================

Message Level Encryption (MLE) uses certificates to ensure each message is securely encrypted and tied to the sender's verified identity, without needing to share secret keys in advance.
MLE provides stronger authentication, easier key management, and better protection against fraud or tampering.  
A shared secret uses the same key for both sending and receiving messages, meaning both parties must securely exchange and protect that key in advance. While MLE can be simpler, it offers less identity verification and can be more vulnerable if the key is compromised.

> Message Level Encryption requires that a [.p12 certificate to be created](https://developer.visaacceptance.com/docs/vas/en-us/platform/developer/all/rest/rest-getting-started/restgs-jwt-message-intro/restgs-security-p12-intro.md "").

1. Extract and convert the p12 certificate to the .*pem* format using this command:

   ```
   openssl pkcs12 -in <key filename>.p12 -cacerts -nokeys -out <key filename>.crt
   ```

   {#salesforce-b2c-message-level-encryption_codeblock_e5t_13d_c3c} Be sure to note the serial number of the ` Cybersource `_SJC_US certificate.

2. Import the certificate, by going to Administration \> Operations \> Private Keys and Certificates and importing the extracted *.crt*. Make a note of the alias.

3. Enable Message Level Encryption, by going to Merchant Tools \> Site Preferences \> Custom Preferences \> Cybersource_MLE.

4. Enable the Enable Message-Level Encryption option.

5. In the Alias of the Certificatefield, enter the Alias from when the certificate was imported.

6. In the Certificate Serial Numberfield, enter the serial number from the `Cybersource`_SJC_US certificate.