Appearance
Encryption Plugin
Overview
The encryption plugin is a utility plugin that provides encryption and decryption functionality for sensitive data. This plugin is designed to ensure that data is securely transmitted and stored within the IPA platform, safeguarding user information and maintaining compliance with data protection regulations. This will help you ensure that only specific features can have access to data stored in the platform and that no other feature are able to access the information. This plugin provide your feature with the ability to manage and control your data stored in the platform.
shell
npm install --save @investec/ipa-plugins-encryptionImplementation Guide
The plugin exposes 3 functions that will generate a private key, encrypt data, and decrypt data.
Generate Private Key
ts
export async function generatePrivateKey(customString: string, featureKey: string): Promise<CryptoKey> {
const keyMaterial = await window.crypto.subtle.importKey(
"raw",
new TextEncoder().encode(customString + featureKey),
{ name: "PBKDF2" },
false,
["deriveBits", "deriveKey"]
);
const salt = new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]);
// Generate a new private key
const privateKey = await window.crypto.subtle.deriveKey(
{
name: "PBKDF2",
salt: salt,
iterations: 100000,
hash: "SHA-256"
},
keyMaterial,
{ name: "AES-GCM", length: 256 },
false,
["encrypt", "decrypt"]
);
return privateKey;
}Ensure you pass the correct information to generate and store the private key in a constant manner to ensure that your feature(s) can decrypt the data when needed. If you have multiple features reading from the same feature namespace in IPA , all the features need to have the same private key to decrypt the data, thus all features must generate the using the same parameters.
ts
const privateKey = await generatePrivateKey('asfg-13fsjd-qefkfgu-644gy6', 'example-app');Or
ts
generatePrivateKey('asfg-13fsjd-qefkfgu-644gy6', 'example-app').then((privateKey) => {
console.log(privateKey);
});Encrypt Data
ts
// Function to encrypt data
export async function encryptData(data: string, privateKey: CryptoKey): Promise<IEncryptedData> {
const iv = window.crypto.getRandomValues(new Uint8Array(12)); // Initialization vector
const encodedData = new TextEncoder().encode(data);
const encryptedData = await window.crypto.subtle.encrypt(
{
name: "AES-GCM",
iv: iv
},
privateKey,
encodedData
);
return {
iv: Array.from(iv), // Convert to array for storage
data: Array.from(new Uint8Array(encryptedData)) // Convert to array for storage
};
}When encrypting your data, ensure that you are passing the data as a string and the private key generated in the previous step.
ts
const encryptedData = await encryptData('data-to-encrypt', privateKey);
ipaSdk.platform.updateSingleFeatureContext({keyName:'example-app',payload:encryptedData});Or
ts
encryptData('data-to-encrypt', privateKey).then((encryptedData) => {
ipaSdk.platform.updateSingleFeatureContext({keyName:'example-app',payload:encryptedData});
});This will store your data in the platform in an encrypted format.
Decrypt Data
ts
// Function to decrypt data
export async function decryptData(encryptedData: IEncryptedData, privateKey: CryptoKey): Promise<string> {
const iv = new Uint8Array(encryptedData.iv);
const data = new Uint8Array(encryptedData.data);
const decryptedData = await window.crypto.subtle.decrypt(
{
name: "AES-GCM",
iv: iv
},
privateKey,
data
);
return new TextDecoder().decode(decryptedData);
}When retrieving or listening for your data changes in the platform, you will get the data in an encrypted format. You will need to decrypt the data using the private key generated in the first step.
ts
ipaSdk.data.getFeatureContext('example-app').then(res => {
decryptData(res.result, privateKey).then((decryptedData) => {
const result = JSON.stringify(decryptedData,null,2)
});
})
ipaSdk.data.listenForFeatureContextChanges('example-app').subscribe(res => {
decryptData(res.result, privateKey).then((decryptedData) => {
const result = JSON.stringify(decryptedData,null,2)
});
})