Service Configurations for Client Encryption PHP - Mastercard/client-encryption-php GitHub Wiki

Table of Contents

• Overview
• Configurations
  • MDES Token Connect
  • MDES Digital Enablement API
  • Installment APIs
  • Payment Account Management
  • Payment Account Reference Inquiry
  • Mastercard QR for Merchant Aggregators
  • Mastercard Directory Services
  • Buyer Payment Agent
  • Supplier Payment Agent

Overview

Predefined service configurations for the PHP client encryption library.

Configurations

MDES Token Connect

$config = FieldLevelEncryptionConfigBuilder::aFieldLevelEncryptionConfig()
    ->withEncryptionPath('$.pushFundingAccount.encryptedPayload.encryptedData', '$.pushFundingAccount.encryptedPayload')
    ->withEncryptionCertificate($encryptionCertificate)
    ->withOaepPaddingDigestAlgorithm('SHA-512')
    ->withEncryptedValueFieldName('encryptedData')
    ->withEncryptedKeyFieldName('encryptedKey')
    ->withIvFieldName('iv')
    ->withOaepPaddingDigestAlgorithmFieldName('oaepHashingAlgorithm')
    ->withEncryptionCertificateFingerprintFieldName('publicKeyFingerprint')
    ->withFieldValueEncoding(FieldValueEncoding::HEX)
    ->build();

MDES Digital Enablement API

$config = FieldLevelEncryptionConfigBuilder::aFieldLevelEncryptionConfig()
    ->withEncryptionPath('$.cardInfo.encryptedData', '$.cardInfo') // Before version 1.2.9
    ->withEncryptionPath('$.fundingAccountInfo.encryptedPayload.encryptedData', '$.fundingAccountInfo.encryptedPayload')
    ->withEncryptionPath('$.encryptedPayload.encryptedData', '$.encryptedPayload')
    ->withDecryptionPath('$.tokenDetail', '$.tokenDetail.encryptedData')
    ->withDecryptionPath('$.encryptedPayload', '$.encryptedPayload.encryptedData')
    ->withEncryptionCertificate($encryptionCertificate)
    ->withDecryptionKey($decryptionKey)
    ->withOaepPaddingDigestAlgorithm('SHA-512')
    ->withEncryptedValueFieldName('encryptedData')
    ->withEncryptedKeyFieldName('encryptedKey')
    ->withIvFieldName('iv')
    ->withOaepPaddingDigestAlgorithmFieldName('oaepHashingAlgorithm')
    ->withEncryptionCertificateFingerprintFieldName('publicKeyFingerprint')
    ->withFieldValueEncoding(FieldValueEncoding::HEX)
    ->build();

Installment APIs

$config = FieldLevelEncryptionConfigBuilder::aFieldLevelEncryptionConfig()
    ->withEncryptionPath('$.calculatorReqData.primaryAccountNumber', '$.calculatorReqData')
    ->withEncryptionPath('$.configReqData.primaryAccountNumber', '$.configReqData')
    ->withEncryptionPath('$.processInstallmentReqData.primaryAccountNumber', '$.processInstallmentReqData')
    ->withEncryptionPath('$.receiveIssuerApprReqData.primaryAccountNumber', '$.receiveIssuerApprReqData')
    ->withEncryptionCertificate($encryptionCertificate)
    ->withOaepPaddingDigestAlgorithm('SHA-256')
    ->withEncryptedValueFieldName('primaryAccountNumber')
    ->withEncryptedKeyFieldName('wrappedKey')
    ->withIvFieldName('iv')
    ->withFieldValueEncoding(FieldValueEncoding::BASE64)
    ->build();

Payment Account Management

$config = FieldLevelEncryptionConfigBuilder::aFieldLevelEncryptionConfig()
    ->withEncryptionPath('$.encryptedPayload.encryptedData', '$.encryptedPayload')
    ->withDecryptionPath('$.encryptedPayload', '$.encryptedPayload.encryptedData')
    ->withEncryptionCertificate($encryptionCertificate)
    ->withDecryptionKey($decryptionKey)
    ->withOaepPaddingDigestAlgorithm('SHA-512')
    ->withEncryptedValueFieldName('encryptedData')
    ->withEncryptedKeyFieldName('encryptedKey')
    ->withIvFieldName('iv')
    ->withOaepPaddingDigestAlgorithmFieldName('oaepHashingAlgorithm')
    ->withEncryptionCertificateFingerprintFieldName('publicKeyFingerprint')
    ->withFieldValueEncoding(FieldValueEncoding::HEX)
    ->build();

Payment Account Reference Inquiry

$config = FieldLevelEncryptionConfigBuilder::aFieldLevelEncryptionConfig()
    ->withEncryptionPath('$.encryptedPayload.encryptedData', '$.encryptedPayload')
    ->withDecryptionPath('$.encryptedPayload', '$.encryptedPayload.encryptedData')
    ->withEncryptionCertificate($encryptionCertificate)
    ->withDecryptionKey($decryptionKey)
    ->withOaepPaddingDigestAlgorithm('SHA-512')
    ->withEncryptedValueFieldName('encryptedData')
    ->withEncryptedKeyFieldName('encryptedKey')
    ->withIvFieldName('iv')
    ->withOaepPaddingDigestAlgorithmFieldName('oaepHashingAlgorithm')
    ->withEncryptionCertificateFingerprintFieldName('publicKeyFingerprint')
    ->withFieldValueEncoding(FieldValueEncoding::HEX)
    ->build();

Mastercard QR for Merchant Aggregators

$config = FieldLevelEncryptionConfigBuilder::aFieldLevelEncryptionConfig()
    ->withDecryptionPath('$', '$.items')
    ->withDecryptionKey($decryptionKey)
    ->withOaepPaddingDigestAlgorithm('SHA-512')
    ->withEncryptedValueFieldName('items')
    ->withEncryptedKeyFieldName('encryptedKey')
    ->withIvFieldName('iv')
    ->withOaepPaddingDigestAlgorithmFieldName('oaepHashingAlgorithm')
    ->withFieldValueEncoding(FieldValueEncoding::BASE64)
    ->build();

Mastercard Directory Services

$config = FieldLevelEncryptionConfigBuilder::aFieldLevelEncryptionConfig()
    ->withEncryptionPath('$', '$.encrypted_payload')
    ->withDecryptionPath('$.encrypted_payload', '$')
    ->withEncryptionCertificate($encryptionCertificate)
    ->withDecryptionKey($decryptionKey)
    ->withOaepPaddingDigestAlgorithm('SHA-256')
    ->withEncryptedValueFieldName('data')
    ->withEncryptedKeyHeaderName('x-encrypted-key')
    ->withIvHeaderName('x-iv')
    ->withOaepPaddingDigestAlgorithmHeaderName('x-oaep-hashing-algorithm')
    ->withEncryptionKeyFingerprintHeaderName('x-public-key-fingerprint')
    ->withFieldValueEncoding(FieldValueEncoding::BASE64)
    ->build();

Buyer Payment Agent

$config = FieldLevelEncryptionConfigBuilder::aFieldLevelEncryptionConfig()
    ->withEncryptionCertificate($encryptionCertificate) 
    ->withDecryptionKey($decryptionKey) 
    ->withEncryptionPath('$.card', '$.encryptedCard') 
    ->withDecryptionPath('$.encryptedCard', '$.card') 
    ->withOaepPaddingDigestAlgorithm('SHA-256') 
    ->withEncryptedValueFieldName('encryptedValue') 
    ->withEncryptedKeyFieldName('encryptedKey')
    ->withIvFieldName('iv') 
    ->withOaepPaddingDigestAlgorithmFieldName('oaepPaddingDigestAlgorithm')
    ->withEncryptionKeyFingerprintFieldName('publicKeyFingerprint')
    ->withFieldValueEncoding(FieldValueEncoding::BASE64) 
    ->build();

Supplier Payment Agent

$config = FieldLevelEncryptionConfigBuilder::aFieldLevelEncryptionConfig()
    ->withDecryptionKey($decryptionKey)
    ->withDecryptionPath('$.encryptedCard', '$.card')
    ->withOaepPaddingDigestAlgorithm('SHA-256')
    ->withEncryptedValueFieldName('encryptedValue')
    ->withEncryptedKeyFieldName('encryptedKey')
    ->withIvFieldName('iv')
    ->withOaepPaddingDigestAlgorithmFieldName('oaepPaddingDigestAlgorithm')
    ->withEncryptionKeyFingerprintFieldName('publicKeyFingerprint')
    ->withFieldValueEncoding(FieldValueEncoding::BASE64)
    ->build();