Skip to content

Instantly share code, notes, and snippets.

@jeffdonthemic
Created May 4, 2023 17:20
Show Gist options
  • Save jeffdonthemic/8c0b266c1ee0501181fc89493ed97198 to your computer and use it in GitHub Desktop.
Save jeffdonthemic/8c0b266c1ee0501181fc89493ed97198 to your computer and use it in GitHub Desktop.
public with sharing class EncryptionService {
// Keys are here for testing purposes. NEVER DO THIS!!!
// Use an approved secrets management solution like Shield Platform Encryption
public static final Blob PRIVATE_KEY = EncodingUtil.base64Decode(
'IMAGE-A-LOT-MORE-LINES-HERE\n' +
'MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCS7LXFvLFELXwy\n' +
'UVKIYJEI3j/7b4HUIOJ1IU1la1g2Vr5SKPn+GziMFhFcBjx6LlJxAkJQlOgBOnkO\n' +
'cHC3etOoAsrrRh4LPzZ6CXQeSRjilQnzaCdq2CIu+f8UqVWbwPtb3K/aQAX905Ck\n' +
'qC9DNbUBwQx01n161Nm6Wsg='
);
public static final Blob PUBLIC_KEY = EncodingUtil.base64Decode(
'IMAGE-A-LOT-MORE-LINES-HERE\n' +
'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkuy1xbyxRC18MvA8lo2/\n' +
'poqRQoQFHOz46ve8IDOVjofzPh7EergYj8XcjCquBH1uep3uzyXZyl34Zq2Cu+38\n' +
'gwIDAQAB'
);
// verify a signature generated by node/ruby
public static void testVerify(String data, String thirdPartySignature) {
Blob dataToSign = Blob.valueOf(data);
Blob signature = EncodingUtil.base64Decode(thirdPartySignature);
try {
EncryptionService.verify(signature, dataToSign);
System.debug('Signature verified successfully!');
} catch (Exception ce) {
System.debug(ce.getMessage());
}
}
// sign a string and then verify it
public static void testSignAndVerify(String data) {
Blob dataToSign = Blob.valueOf(data);
try {
Blob signature = EncryptionService.sign(dataToSign);
System.debug(EncodingUtil.base64Encode(signature));
EncryptionService.verify(signature, dataToSign);
System.debug('Signature verified successfully!');
} catch (Exception ce) {
System.debug(ce.getMessage());
}
}
/**
* @description Generates one-way Digital Signature (encrypted with an asymmetric key) that can be checked in destination to ensure integrity, authenticity and non-repudiation.
* @param dataToSign Blob that contains some data to sign
* @return Blob
* @example
* Blob dataToSign = Blob.valueOf('Test data');
* Blob signature = EncryptionService.sign(dataToSign);
* System.debug(EncodingUtil.base64Encode(signature));
**/
public static Blob sign(Blob dataToSign) {
// Call Crypto.sign specifying the selected algorithm
return Crypto.sign('RSA-SHA512', dataToSign, PRIVATE_KEY);
}
/**
* @description Recomputes Digital Signature for and compares it with the received one, throwing an exception if they're not equal.
* @param signature Blob that contains the received signature
* @param dataToCheck Blob that contains the data to check the signature for
* @return void
* @example
* try {
* EncryptionService.verify(signature, corruptedData);
* } catch(Exception e) {
* // Should log exception
* System.debug(e.getMessage());
* }
**/
public static void verify(Blob signature, Blob dataToCheck) {
Boolean correct = Crypto.verify('RSA-SHA512', dataToCheck, signature, PUBLIC_KEY );
if (!correct) {
throw new CryptographicException('Doh! Signatures are not equal.');
}
}
/**
* @description Internal custom exception class
*/
public class CryptographicException extends Exception {
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment