Message-Level Encryption Using HTTP Signature Authentication

To use Message-Level Encryption (MLE) with HTTP Signature Authentication, you must send the encrypted payload with the CEK generated for each transaction. The serialized encrypted payload, the JWE, is passed as the request body.
Follow these steps to use MLE with HTTP Signature Authentication:
  1. Generate the JWE.
    Using the code shown here accomplishes these things:
    • Generates and encrypts the CEK with the recipient's public key using the RSAES-OAEP algorithm.
    • Produces the JWE encrypted key.
    • Generates the encrypted payload with AES GCM using the CEK as the encryption key.
    //This Java example uses the following Maven dependency: <dependency> <groupId>com.nimbusds</groupId> <artifactId>nimbus-jose-jwt</artifactId> <version>9.0</version> </dependency>
    customHeaders.put("iat", Instant.now().getEpochSecond()); JWEAlgorithm algo = JWEAlgorithm.RSA_OAEP_256; EncryptionMethod encryptionMethod = EncryptionMethod.A256GCM; String content = "{\"clientReferenceInformation\":{\"code\":\"TC50171_3\"}, \"processingInformation\":{\"commerceIndicator\":\"internet\"}, \"aggregatorInformation\":{\"subMerchant\":{\"cardAcceptorID\":\"1234567890\", \"country\":\"US\",\"phoneNumber\":\"650-432-0000\",\"address1\":\"900MetroCenter\", \"postalCode\":\"94404-2775\",\"locality\":\"FosterCity\",\"name\":\"VisaInc\", \"administrativeArea\":\"CA\",\"region\":\"PEN\",\"email\":\"
    test@cybs.com
    \"}, \"name\":\"V-Internatio\",\"aggregatorID\":\"123456789\"}, \"orderInformation\":{\"billTo\":{\"country\":\"US\",\"lastName\":\"VDP\", \"address2\":\"Address2\",\"address1\":\"201S.DivisionSt.\",\"postalCode\":\"48104-2201\", \"locality\":\"AnnArbor\",\"administrativeArea\":\"MI\",\"firstName\":\"RTS\", \"phoneNumber\":\"999999999\",\"district\":\"MI\",\"buildingNumber\":\"123\", \"company\":\"Visa\",\"email\":\"
    test@cybs.com
    \"},\"amountDetails\":{\"totalAmount\":\"102.21\", \"currency\":\"USD\"}},\"paymentInformation\":{\"card\":{\"expirationYear\":\"2031\", \"number\":\"5555555555554444\",\"securityCode\":\"123\", \"expirationMonth\":\"12\",\"type\":\"002\"}}}" public String encryptAttributeWithAlgo(String content, X509Certificate x509Certificate, JWEAlgorithm algo, EncryptionMethod encryptionMethod, Map<String, Object> customHeaders) { if (isNullOrEmpty(content)) { logger.error("empty or null content"); return null; } else if ( x509Certificate == null) { logger.error("public certificate is null"); return null; } String serialNumber = extractSerialNumberFromDN(x509Certificate); JWEObject jweObject = new JWEObject( new JWEHeader.Builder(algo, encryptionMethod) .contentType("JWT") // required to signal nested JWT .keyID(serialNumber) .customParams(customHeaders) .build(), new Payload(content)); jweObject = encrypt(jweObject, x509Certificate); return jweObject == null ? null : serializeToken(jweObject); }
  2. Send the JWE as the body.
    HTTP Request Header: Content-Type: application/json v-c-merchant-id: testrest v-c-date: Mon, 12 Jun 2023 21:08:24 GMT host:
    apitest.cybersource.com
    digest: SHA-256=1wk5Hls1qcbZtjYDldGyl3B2i92v4rOqXyx6twRboEs= signature: keyid="08c94330-f618-42a3-b09d-e1e43be5efda", algorithm="HmacSHA256", headers="host request-target digest v-c-merchant-id", signature="ldqJNbiFZ0ZhOHzhejvuAaNomlFmXv1xykNAEq7irn4=" HTTP Request Body: {"encryptedRequest":"eyJ2LWMtbWVyY2hhbnQtaWQiOiJtcG9zX3BheW1lbnRlY2giLCJ4NWMiOlsiTUlJRE5UQ0NBaDJnQXdJQkFnSVdNVFkwT1RFNU1ERXhNREEwTkRBd056Y3lOakF6T0RBTkJna3Foa2lHOXcwQkFRc0ZBREJwTVFzd0NRWURWUVFHRXdKVlV6RU5NQXNHQTFVRUNnd0VWbWx6WVRFVU1CSUdBMVVFQ3d3TFEzbGlaWEpUYjNWeVkyVXhOVEF6QmdOVkJBTU1MRU41WW1WeVUyOTFjbU5sSUZSeVlXNXpZV04wYVc5dVlXd2dUbTl1VUhKdlpDQkpjM04xYVc1bklFTkJNQjRYRFRJeU1EUXdOVEl3TWpFMU1Wb1hEVEkxTURRd05USXdNakUxTVZvd1BqRWJNQmtHQTFVRUF3d1NRM2xpWlhKVGIzVnlZMlZmVTBwRFgxVlRNUjh3SFFZRFZRUUZFeFl4TmpRNU1Ua3dNVEV3TURRME1EQTNOekkyTURNNE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBeE53S1F5UXFJV2tCVWpLd041WEZyazgxdm5BSk9FOGVlUE80UENmckdETDdGeFJwS0NCWXN3MTk2MTB3MzlVMlFUU3hib3grMVhERUcxSVd3SGtTckJMeDVSVTQ3T2ZBeDEySHdcL3lNNCttUUVENERXSWFCVld6NmZRZDBJTG5tWTB5VDRkMjVWUTZ6dDRRYU1pcXMwM2x5d21WdGFvWEx3SDNuRjJzRzhXV1pEUjRqZ1J2ZkNnZzZVUWN6aVNQMzNRVENsMmxqUmYrTmtWRFJYNGFEOWFQblwvVWh2Qzlna1JBVVlXMUZCb0RMVVA0TTdrQ29WakVsZDgyZnVnMmNyNzNFTVlRbmtKUnpjT0xVcXk4T3lrQXNYWDBsTktKVVFINW1OTUlTWTVjXC8yVSs1UVVFSWRJalp1SFB0UkVxUklpb2tjdVlzRGlvUVRtQUxWSCtWdGR3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDY2t0VytIczdXTGVDNGhBQTVvNmR6WXJvSXpcL2RnYXl0MWlDOVltUnNGRng1d3ZWV0pqeGM4aElDaXJHXC93QURWNjRxMDg3Y1ZobWJoM1wvZG52UEJwR1V6TWhnMUFsM1VBcFRDZTN0KzJhdENGR0lvWDZabk1aUEtKNnAxNEp5TTFUN2F2eEY0a3ZXaklQYVllbmJxWk5qcFBuTm1DREdselhZdjhwRXQ4ZWRZbGorT1QzS3N0VVV1eDZoRXI5MnJUekFGbVFXZlZxaURjYklZUG12XC9UWU0yNGxkUlwvMldUd3NpbzZwWUsxMk4yQUxxemJcL3U5MVE5MGEyN3NHbFNFV0RZcUo4aVwvM3Jidys5cDNkNXFlZzlXRmJ6N2FUUWVpOFJyU2pBRU1SRllDNnREUWEweStpUUgxZlNLaEg1YmJuOGdDbWJpbjNGaXJqWXFKVnVOZFplIl0sImtpZCI6IjE2NDkxOTAxMTAwNDQwMDc3MjYwMzgiLCJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiaWF0IjoxNjg2MjU2NjkyLCJhbGciOiJSU0EtT0FFUCJ9.YyXUcX_fzTGwhfAon6gT62rrZWIybdgAH2FLhtJxQin0hu0OaWvYYT34bLguXqbEOxzXxYRcOo-GCEaFs15Ul_BrtlhQTn9aKjX_-rbYxM-ZXJlbpg6CsyAqy63-MkYPP2BNXjFfP3yUSxes76zHlMaJG0gp681QY85AqGq6mCSrDqWE7NUTWifseRtKMv5u9pMHMxddkz9Xvp6Q5TbiEjGZbvD-xKhhgs0-IupvPDKhxdJSNVPaDiTnFVnYtyOuLZLOFO4Fq2bfj86iGHRjfh9zq91Gp4uN36kmRHzkLN4Wrr5R6D79Z-FC5bLU4BUrilGQtVSWCWtcxYAIQOhz1w.tuv-9Xtl0uNoPxXV.RRGnkA1chplnGQf-SlXaXEntzGJrEF4EJU-F6PEx6H3us1APoWAR-26aHdWctNFoGSalNt1ZzidRi3TA-iwpSFkEonSVbe7aVLJeAKgqCHnVXT-eWb89gqTVkQFZiSZCHtIjDUtOMy95sU4MRcCvtrfAPDnIMudVVA5YtAsCZpta_ATl_iS6oLBMI57R0Ra7pO3MxFdLTrk-FkLSd4JbGokm_JXpH8lI1V11vaMAtyEqGrzllrQv408zUGbvtvSirF31iiGITEF7QG5rbVn7oTWF4wWzKEkpSZ7J4LpIdjCG6sojeld4XkK9dHHL1r0-vFVfa-ua4uh4PNcVK0o3ke4TOqLnVcnaEtYW1AS2wIu_tHxW_hdkyPmDI8ceSBqmloRxV3q8xOS5u-2GNQ9p5pm2_NjkqVB8RYup9NFZWBBjriLRaMTp41W5T_gOOQkH8Xt2JaKAxwevrtg0UST3rryjt5U9y074DJqDZAS1OOjoCHaQga4S34L5gJTPIPRe94G_jBU1o9SmGtrHMDTkxL5-RzJ0mOwPF2MZzQ318z78IyAGXotYT4QXGJZhnyDMNgHjyyGX7IZtGPRYDpxc10Kko9DLM_r6fWoDLemRhFbi8prnlJpQZbUh98TLRwCndmH9lIdyH6v3YUfFde_ncxYPMbkDqEdoi26bvm1pWRFm8EI6kXGZV_H9bCcse2x3JZFzUg0xp5yv0bfSAxdjKOqmRqIR.5ooQUzqPfFtPjGCefMZ_6A"}