Contents x
      How to Implement Server-Side Encryption in Mapp Intelligence
      • 3 Minutes to read
      • Print
      • Dark
        Light
      Contents

      How to Implement Server-Side Encryption in Mapp Intelligence

      • 3 Minutes to read
      • Print
      • Dark
        Light
      Article summary

      Parameter values that are passed in the pixel request can also be encrypted. Symmetrical encryption methods are used for this purpose. A key is stored in each Mapp account, with the help of which Mapp Intelligence can decrypt the encrypted values.

      How to Implement Server-Side Encryption

      Follow these steps to enable and configure server-side encryption:

      1. Open configuration
        Log in to your Mapp Q3 account and navigate to Configuration > System Configuration > Data Collection

      2. Activate Encryption

        1. Locate the “Encryption” section.

        2. Activate encryption by selecting the appropriate radio button.

      3. Choose an Encryption Algorithm

        Select your preferred encryption algorithm from the following options:

        • BLOWFISH128 (16 characters)

        • AES128

        • RC4128

        The bit length for all keys is uniformly 128 bits. “BLOWFISH” and “AES” use CBC mode with PKCS5 padding. This mode requires a dynamic initialization vector (IV) for encryption and decryption, in addition to the statically stored key. The IV must precede the encrypted value:

        • IV length for “BLOWFISH”: 8 bytes

        • IV length for “AES”: 16 bytes

      4. Enter the Encryption Key

        Input your encryption key into the designated text field.

      5. Save Your Configuration

        Once all settings are configured, ensure you save your changes.

      Additional Recommendations

      • Key Management: Regularly update and securely store your encryption keys to maintain high levels of security.

      • Testing: After configuration, test the encryption setup to ensure that the data is correctly encrypted and decrypted.

      • Documentation: Keep a record of the encryption algorithms and keys used for future reference and troubleshooting.

      Steps to Perform Encryption

      When encrypting a value, follow these steps. Note that if an algorithm without an initialization vector (IV) is used, the corresponding steps related to the IV can be omitted. The output of each step is used as the input for the next:

      1. URL-Encoding

        The value to be encrypted must first be URL-encoded.

      2. Generate Initialization Vector (IV)

        An IV is generated, which is necessary for algorithms like BLOWFISH and AES when operated in CBC mode.

      3. Encrypt the Value

        Use the selected encryption algorithm (e.g., BLOWFISH/CBC/PKCS5Padding) with the generated IV and the encryption key to encrypt the value.

      4. Combine IV and Encrypted Value

        Concatenate the IV and the encrypted value.

      5. Base64 Encoding

        Encode the combined IV and encrypted value using Base64.

      6. Mark the Encrypted Value

        Mark the value as encrypted by surrounding it with ~! at the beginning and !~ at the end.

      7. Pass to Pixel Script

        Pass the marked and encrypted value to the pixel script. The script performs an additional URL-encoding step, which leaves the ~ and ! characters intact.

      Example: Encryption Using Blowfish in Java

      Below is an example in Java 1.6 that demonstrates how to encrypt a value using the Blowfish algorithm:

      // Value to be encrypted
String value = "Confidential Data";
// Algorithm
String algorithmName = "Blowfish";
String fullAlgorithmName = algorithmName + "/CBC/PKCS5Padding";
// Key
String plainKey = "3jdksdz*pd038956";

// Generate Initialization Vector (IV)
final int ivLen = 8;
byte[] iv = new byte[ivLen];
for (byte i = 0; i < ivLen; i++) {
    iv[i] = (byte) (i + 1);
}
IvParameterSpec ivSpec = new IvParameterSpec(iv, 0, ivLen);

// URL-encode the value
String urlEncodedValue = URLEncoder.encode(value, "UTF-8");
BASE64Encoder base64Encoder = new BASE64Encoder();

// Encrypt the value
Cipher encryptCipher = Cipher.getInstance(fullAlgorithmName);
SecretKey secretKey = new SecretKeySpec(plainKey.getBytes(), algorithmName);
encryptCipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
byte[] cryptBytes = encryptCipher.doFinal(urlEncodedValue.getBytes());

// Combine IV and Encrypted Value
byte[] encryptionUnit = new byte[iv.length + cryptBytes.length];
System.arraycopy(iv, 0, encryptionUnit, 0, iv.length);
System.arraycopy(cryptBytes, 0, encryptionUnit, iv.length, cryptBytes.length);

// Base64 encode the combined value
final String base64EncodedUnit = base64Encoder.encode(encryptionUnit);

// Mark the encrypted text
final String startSequence = "~!";
final String endSequence = "!~";
final String markedUnit = startSequence + base64EncodedUnit + endSequence;

// The value of "markedUnit" should now be passed to the pixel script (which will URL-encode it, leaving "~" and "!" intact)

      In this example:

      • Initialization Vector (IV): A static IV is generated for demonstration purposes, but it should typically be generated randomly for each encryption.

      • Base64 Encoding: The combined IV and encrypted value are Base64 encoded to make them URL-safe.

      • Marking: The resulting value is marked with ~! at the beginning and !~ at the end to indicate it is encrypted.

      This value should then be passed to the pixel script, which will perform any additional necessary processing.

      Was this article helpful?
      What's Next