Mobile Platform as a Service:Data encryption

Server

1. Log on to the mPaaS console. In the left-side navigation pane, click Mobile Gateway Service.

2. Click the Manage gateway tab. On the Manage gateway tab, click the Function switch tab.

3. Switch the status of Data encryption to On.

4. In the Configure encryption algorithm dialog box that appears, configure the following settings:

   • Encryption algorithm: ECC, RSA, and SM2 are supported.

   • Key pair:

     • If the encryption algorithm is set to ECC or SSM, enter the private key content.

     • If the encryption algorithm is RSA, enter the public and private keys respectively.

     For more information about how to generate a key for an encryption algorithm, see How to generate a key.

Client configuration

Android configuration

Create a mpaas_netconfig.properties file in the assets directory to store network-related global configurations.

• Crypt: Indicates whether to use self-encryption, true indicates to use, false indicates to disable self-encryption function.

• RSA/ECC/SM2: Indicates the asymmetric encryption algorithm to use, whose value can only be filled with RSA or ECC or SM2.

• PubKey: Indicates the public key of the selected asymmetric encryption algorithm.

  Note

  Since the value values of the properties files in Android need to be on the same line, you need to be aware of using line breaks \n convert the Pubkey to one line when populating the public key.

• GWWhiteList: The gateway that needs to be encrypted is the gateway address of the current environment (the rpcGW field in the configuration file obtained from the mPaaS console). Without this key, all requests will not be encrypted.

iOS configuration

The iOS encryption configuration is read from the info.plist, as shown in the following figure:

• mPaaSCrypt: The main key and value of the encryption configuration are Dictionary types, which contain relevant information required for client encryption.

• Crypt: specifies whether to encrypt data. The value is Boolean type. YES indicates that data is encrypted. NO indicates that data is not encrypted.

  • When Crypt is set to NO, RPC does not encrypt and RSA/ECC/SM2 and PubKey settings are ignored.

  • When Crypt is set to YES, RSA/ECC/SM2 and PubKey must be set and cannot be empty string, otherwise it will be asserted in Debug and the program will exit directly.

• GWWhiteList: The gateway that needs to be encrypted is the gateway address of the current environment (the rpcGW field in the configuration file obtained from the mPaaS console). Without this key, all requests will not be encrypted.

• RSA/ECC/SM2: asymmetric encryption algorithm selection. The value is of the String type and can only be RSA or ECC or SM2. The RSA/ECC/SM2 and PubKey settings must correspond to each other.

  • Select a RSA algorithm and enter RSA public key in PubKey.

  • Select a ECC algorithm and enter ECC public key in PubKey.

  • Select a SM2 algorithm and enter SM2 public key in PubKey.

• PubKey: Asymmetric encryption the public key. The value is String type, consistent with the asymmetric encryption algorithm chosen.

  The PubKey format must include the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----. The format is as follows:

   -----BEGIN PUBLIC KEY-----
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YTfXiICxPUaDHg7Wlxc
    bzN1UsGfDBHOyn4JYqZq8ySIBa+F9Uuyk0w+Ft/8sQE8MXSnJEqOAcUtG7Y0Js8L
    lDsDi0Dd+e9Zpq+WHp4+cM8GAujTy/hSHjuZPYbovtjTXp9iFo9Mxz3SbllvQ0d3
    VOpbks986gET/rchAlu9L+6oLf+HsiyYSAXQfYD4GI7sjtqYoRiSA6bWw1m+uFDc
    j1iHwW3HA11LsHDkQlLoNgXhvKoy+H7yM6t94ZhvXdgFK2yd5wq6FKIuZmgqiEg9
    A8S3/aUMKRIlVRvfkfcM+sBxiVgr80s6VTojfq/b2I3xKqnJ4KZMStpJHvsxWfw7
    2wIDAQAB
    -----END PUBLIC KEY-----