

The sensitive data shall be encrypted according to JSON Web Encryption (JWE) specification [RFC 7516]. Algorithm used to encrypt the payload is according to [RFC 7518] Section 5.1. The value of a JWE is following:
JWE Protected Header Format
Example:
{
"alg":"RSA1_5",
"enc":"A128CBC-HS256",
"kid":"20190411000000"
}
JWE Encryption Calculation
The JWE Ciphertext is the digital encryption of the Encrypted Data object (as defined in Section 6.2), including any content-coding that has been applied and should NOT apply any transfer-encoding to the payload-body.
JWS signature protecting the entity body is carried in an HTTP header UPI-JWS.
The digital signature is referring the standard of RFC 7797 JSON Web Signature (JWS) with Unencoded Payload Option.
The value of the UPI-JWS is following:
JWS Protected Header Format
Example:
{
"alg":"RS256",
"kid":" 1555570302",
"crit": ["UPI-UUID"," UPI-TIMESTAMP"," UPI-APPID"," UPI-REQPATH"],
"UPI-UUID":"5ba10d46d5d148dfbcc2119c08e01015",
"UPI-TIMESTAMP":"1562232686",
"UPI-APPID":"00520446",
"UPI- REQPATH":"/uais/mpqrc/v1/void"
}
JWS Signature Calculation
The JWS Signature is RSA SHA 256 digital signature of the following signing input:
JWS Payload is the entity body of HTTP message, including any content-coding that has been applied and should NOT apply any transfer-encoding to the message-body.
Demo Project
Demo project of JWE JWSV1.2.zip
Security Requirements Guide
JWE/JWS SDK Source Code
upi-security-jose-SourcecodeV1.2.zip
Public key of SCIS for App Gateway
SCIS certificate of Testing.zip
Tester's Public key and Private key
Please find the certificate id in prefix of certificate name.