All Products
Search
Document Center

Encrypt data

Last Updated: Mar 23, 2021

To encrypt data, you must do some relevant configuration on the server to generate secret key, and then complete the corresponding configuration on the client based on your operating system.

Server configuration

  1. Log in to the mPaaS console, and from the navigation bar on the left, click Mobile Gateway Service.
  2. On the Manage gateway tab page, click Function switch on the right.
  3. Turn the Data encryption switch on.
  4. In the pop-up Configure encryption algorithm window, configure the following information:

    • Encryption algorithm: Support ECC, RSA and SM2.
    • Key content:

      • When the encryption algorithm is ECC or SM2, enter the content of private key.
      • When the encryption algorithm is RSA, enter the content of public key.
        algorithm

      To learn how the encryption algorithm generates keys, see Key generation method.

Client configuration

Android configuration

Create a file Mpaas_netconfig.properties in assets directory to save the global configurations related to network.

data_encrypt_android

  • Crypt: It indicates whether to enable self encryption. true means enabling self encryption while false for disabling self encryption.
  • RSA/ECC/SM2: The asymmetric encryption algorithm to be used, which can only be RSA, ECC or SM2.
  • PubKey: The public key of the asymmetric encryption algorithm.
    Note: In the properties file, the value of PubKey must be in one line.
  • GWWhiteList: The gateway that need to be encrypted, namely the gateway address of the current environment. If this key is not available, all the requests will not be encrypted.

iOS configuration

The encryption configuration of iOS client is read from info.plist file, as shown in the following figure:

data_encrypt_ios

Where,

  • mPaaSCrypt: Primary key of the encryption configuration, the value is Dictionary type, which contains relevant information required for client encryption.
  • Crypt: It indicates whether to encrypt, and the value is Boolean type. YES means “encrypt” while NO means “not to encrypt”.
  • GWWhiteList: The gateway that need to be encrypted, namely the gateway address of the current environment. If this key is not available, all the requests will not be encrypted.
  • RSA/ECC/SM2: The asymmetric encryption algorithm to be used, which can only be RSA, ECC or SM2. If you are using an older version of the service, just use RSA/ECC as the key.
  • PubKey: The public key of the asymmetric encryption algorithm. The value is String type, which must be consistent with the asymmetric encryption algorithm.

Attentions:

  • When Crypt is set as NO, RPC will not be encrypted, and the settings of RSA/ECC/SM2 and PubKey will be ignored.
  • When Crypt is set as YES, you must set RSA/ECC/SM2 and PubKey which cannot be null character; otherwise, an interrupt might occur in debugging and the program exits directly.
  • RSA/ECC/SM2 settings and PubKey settings must have a one-to-one correspondence:
    • If you select RSA algorithm, then the PubKey must be the corresponding RSA public key.
    • If you select ECC algorithm, then the PubKey must be the corresponding ECC public key.
    • If you select SM2 algorithm, then the PubKey must be the corresponding SM2 public key.
  • PubKey must carry -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----, and the format is as follows:

    1. -----BEGIN PUBLIC KEY-----
    2. MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YTfXiICxPUaDHg7Wlxc
    3. bzN1UsGfDBHOyn4JYqZq8ySIBa+F9Uuyk0w+Ft/8sQE8MXSnJEqOAcUtG7Y0Js8L
    4. lDsDi0Dd+e9Zpq+WHp4+cM8GAujTy/hSHjuZPYbovtjTXp9iFo9Mxz3SbllvQ0d3
    5. VOpbks986gET/rchAlu9L+6oLf+HsiyYSAXQfYD4GI7sjtqYoRiSA6bWw1m+uFDc
    6. j1iHwW3HA11LsHDkQlLoNgXhvKoy+H7yM6t94ZhvXdgFK2yd5wq6FKIuZmgqiEg9
    7. A8S3/aUMKRIlVRvfkfcM+sBxiVgr80s6VTojfq/b2I3xKqnJ4KZMStpJHvsxWfw7
    8. 2wIDAQAB
    9. -----END PUBLIC KEY-----