JWE encryption

The finX API provides the ability to encrypt sensitive information like credentials and authentication challenge responses with JSON Web Encryption. This is an additional security mechanism to the usual transport layer encryption of the data.

A common use-case is when a client application communicates through an intermediate server with the finX API. To avoid privacy and security issues, the sensitive data can be encrypted with JWE on the client application side to conceal them from the intermediate server.

Please note that the plaintext to be encrypted has to be a valid JSON value. This means especially that string literals have to be surrounded by double quotes (e.g. "123456").

Public key

The public key that can be used for encryption on the finX shared environments is shown below in PEM format.

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qB2hmObbCbAM+lc+ggD
auoIZReejEimnvrmeqEs0opeTeZiiietoHT1FkB8HjlgCWrh6UimxrRvBwwvNn/4
uiVEqxuPb37ozWRj87bp1R3iwhzIGHBMgkibfFf9v3FxEjtY6CgCvOJ/12+AiotL
+4jBCwsUWcqui3phq4/C19bQTWaN8u1Q1ABB0SSExcfqH3Ahg6i4pJfDwY+/khb4
rgvmqPpb7a0tHiWuWqAMUxfEO/GJVaDV+Bq4k5vfUNirIcazUtmnLhBVSTBcjw7O
EDEIHGckwUHs6prKE0kkQD4Xjm06XupuZW8/H+/oPBdHJBr+Ugv5Kzlsst/81BEy
oQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiV1OFoaF/c0BqQLwp1Q
qmJ+TgPHoLfllEigREsvRCbJImCln6RLtNbLbNTHDaV1+96idkFiQW0y0jlu9RhN
uO8p8a5hO8zDpYC1vV5DkWRpbPbapiVYHb8eETI7obA1TAnkN7beTPT3uGm59qhq
wlyi+OyfiVdi4N8g2xIq6wWw6nVm9wkvn5BXPjNNBMNE7hdHBcH4zszPSkLq1DjR
gLYGjYkhZoP97cqxkcb9epS1KXGNy3Rc977kolvq7JzDdZQLLMW3hf9GGY+GHdMW
wyV0+C9klFNLFRZvZoqk0VhYq1oxTp0snvS5NAC8p4mMFJ93HaMUXb3rasGDUiRy
lQIDAQAB
-----END PUBLIC KEY-----

Supported algorithms

Key encryptionContent encryption
RSA-OAEPA128CBC-HS256
A256CBC-HS512