Documentation
Support Documentation Security Requirements
JWE Encryption

The sensitive data shall be encrypted according to JSON Web Encryption (JWE) specification [RFC 7516]. Algorithm used to encrypt the payload is according to [RFC 7518] Section 5.1. The value of a JWE is following:

jwe sample.png

JWE Protected Header Format 

jwe protected header format.png

Example: 

{

   "alg":"RSA1_5",

   "enc":"A128CBC-HS256",

"kid":"20190411000000"

}


JWE Encryption Calculation

The JWE Ciphertext is the digital encryption of the Encrypted Data object (as defined in Section 6.2), including any content-coding that has been applied and should NOT apply any transfer-encoding to the payload-body.


JWS Signature

JWS signature protecting the entity body is carried in an HTTP header UPI-JWS.

The digital signature is referring the standard of RFC 7797 JSON Web Signature (JWS) with Unencoded Payload Option. 

The value of the UPI-JWS is following:

jws.png

JWS Protected Header Format

jws header.png

Example:

{

   "alg":"RS256",

   "kid":" 1555570302",

   "crit": ["UPI-UUID"," UPI-TIMESTAMP"," UPI-APPID"," UPI-REQPATH"],

"UPI-UUID":"5ba10d46d5d148dfbcc2119c08e01015",

"UPI-TIMESTAMP":"1562232686",

"UPI-APPID":"00520446",

"UPI- REQPATH":"/uais/mpqrc/v1/void"

}


JWS Signature Calculation 

The JWS Signature is RSA SHA 256 digital signature of the following signing input:

jws calculation.png

JWS Payload is the entity body of HTTP message, including any content-coding that has been applied and should NOT apply any transfer-encoding to the message-body.



Documentation

Demo Project

Demo project of JWE JWSV1.2.zip


Security Requirements Guide

Guide for JWE JWSV1.2.zip


JWE/JWS SDK Source Code

upi-security-jose-SourcecodeV1.2.zip


Public key of SCIS for App Gateway

SCIS certificate of Testing.zip


Tester's Public key and Private key

39999990.rar

Please find the certificate id in prefix of certificate name.


  • Contact Us
  • If you have any further questions, please register and submit order in your user center.