To encrypt data, you must do some relevant configuration on the server to generate secret key, and then complete the corresponding configuration on the client based on your operating system.

Client configuration:

## Server configuration

Log in to the mPaaS console, and from the navigation bar on the left, click

**Mobile Gateway Service**.On the

**Manage gateway**tab page, click**Function switch**on the right.Turn the

**Data encryption**switch on.In the pop-up

**Configure encryption algorithm**window, configure the following information:**Encryption algorithm**: Support ECC, RSA and SM2.**Key content**:When the encryption algorithm is ECC or SM2, enter the content of private key.

When the encryption algorithm is RSA, enter the content of public key.

To learn how the encryption algorithm generates keys, see Key generation method.

## Client configuration

### Android configuration

Create a file `Mpaas_netconfig.properties`

in `assets`

directory to save the global configurations related to network.

`Crypt`

: It indicates whether to enable self encryption.`true`

means enabling self encryption while`false`

for disabling self encryption.`RSA/ECC/SM2`

: The asymmetric encryption algorithm to be used, which can only be`RSA`

,`ECC`

or`SM2`

.`PubKey`

: The public key of the asymmetric encryption algorithm.**Note**In the

`properties`

file, the value of`PubKey`

must be in one line.`GWWhiteList`

: The gateway that need to be encrypted, namely the gateway address of the current environment. If this key is not available, all the requests will**not be encrypted**.

### iOS configuration

The encryption configuration of iOS client is read from `info.plist`

file, as shown in the following figure:

Where,

`mPaaSCrypt`

: Primary key of the encryption configuration, the value is`Dictionary`

type, which contains relevant information required for client encryption.`Crypt`

: It indicates whether to encrypt, and the value is`Boolean`

type.`YES`

means “encrypt” while`NO`

means “not to encrypt”.`GWWhiteList`

: The gateway that need to be encrypted, namely the gateway address of the current environment. If this key is not available, all the requests will**not be encrypted**.`RSA/ECC/SM2`

: The asymmetric encryption algorithm to be used, which can only be`RSA`

,`ECC`

or`SM2`

. If you are using an older version of the service, just use`RSA/ECC`

as the key.`PubKey`

: The public key of the asymmetric encryption algorithm. The value is`String`

type, which must be consistent with the asymmetric encryption algorithm.

**Attentions**:

When Crypt is set as

`NO`

, RPC will not be encrypted, and the settings of`RSA/ECC/SM2`

and`PubKey`

will be ignored.When Crypt is set as

`YES`

, you must set`RSA/ECC/SM2`

and`PubKey`

which cannot be null character; otherwise, an interrupt might occur in debugging and the program exits directly.`RSA/ECC/SM2`

settings and`PubKey`

settings must have a one-to-one correspondence:If you select

`RSA`

algorithm, then the PubKey must be the corresponding`RSA`

public key.If you select

`ECC`

algorithm, then the PubKey must be the corresponding`ECC`

public key.If you select

`SM2`

algorithm, then the PubKey must be the corresponding`SM2`

public key.

`PubKey`

must carry`-----BEGIN PUBLIC KEY-----`

and`-----END PUBLIC KEY-----`

, and the format is as follows:`-----BEGIN PUBLIC KEY----- ************************ ************************ ************************ ************************ -----END PUBLIC KEY------`