3.4 Implementing a custom Cryptography Provider
The base product provides a symmetric key cryptography framework that enables the implementation team to implement its own custom symmetric key encryption/decryption mechanism.
The product is shipped out with an out of the box Cryptography Provider that will be invoked if no custom implementation is found.
If you wish to write your own custom Cryptography Provider, the required steps are as follows:
- Write the custom cryptography provider class such that it
implements the interface
com.ofss.digx.infra.crypto.spi.ICryptographyProvider.The interface defines methods as shown below:
- Implement the
encrypt()anddecrypt()methods to encrypt and decrypt the data passed to the methods, using the key passed along with the data. - Implement the
getVersion()method to simply return a number greater than 1.For example:
- Implement the method to simply return the symmetric encryption
algorithm name.
For example:
- You can leave the implementations of the other two methods blank.
- In the custom jar file that contains the custom Cryptography
Provider, create a file with the name
com.ofss.digx.infra.crypto.spi.ICryptographyProviderunder the folder structure META-INF/services. - Open the file for editing.
- Type out the fully qualified class name of your custom Cryptography
Provider class.
For example:
Deploy your custom jar on the WebLogic server and you should be all set.
The Cryptography Provider will be invoked when the system invokes the encryption framework for the following actions:
- Encrypting the SMTP Server password entered by the OBAPI Admin, before storing it in the Database.
- Encrypting the system generated password for first time users, before storing it in the Database. This is will be relevant to the function of Password Printing.
- Encrypting the Identification Number for the selected Identification Type (Driver’s License, Passport etc.) during originating a loan application online.
Parent topic: Guidance for Implementation Teams