You need to sign in to do that
Don't have an account?
Ryan Werner 22
How can I encrypt a string in Apex in a way that an external system can decrypt using C#?
Our security team has found an issue in our lightning experience site where a link to an external system is adding the account # in the URL. This means any user who can access this link can modify the account # in the URL and see other people's data in the external system (big oops to whoever esigned that).
I was thinking the easiest way to fix this is to encrypt the account # so the external system can still grab the encrypted # from the URL, decrypt it, and show the correct information.
Below is the code I created to encrypt this account # in Apex (This is just a sample key):
private static final Blob KEY = EncodingUtil.base64Decode('ZZZB0LSDWRlPSpOR3LgqSpZdN0DCJYcxohJ/K3oPsA=');
private static String encryptString(String clearText) {
Blob encryptedBlob = Crypto.encryptWithManagedIV('AES256', KEY, Blob.valueOf(clearText));
String encryptedText = EncodingUtil.base64Encode(encryptedBlob);
return encryptedText;
}
I told the external systems developer to use the key provided above as well as AES256 to decrypt the value and he says this isn't enough info.
How can I encrypt a value in a way where another system can decrypt it?
Thanks
I was thinking the easiest way to fix this is to encrypt the account # so the external system can still grab the encrypted # from the URL, decrypt it, and show the correct information.
Below is the code I created to encrypt this account # in Apex (This is just a sample key):
private static final Blob KEY = EncodingUtil.base64Decode('ZZZB0LSDWRlPSpOR3LgqSpZdN0DCJYcxohJ/K3oPsA=');
private static String encryptString(String clearText) {
Blob encryptedBlob = Crypto.encryptWithManagedIV('AES256', KEY, Blob.valueOf(clearText));
String encryptedText = EncodingUtil.base64Encode(encryptedBlob);
return encryptedText;
}
I told the external systems developer to use the key provided above as well as AES256 to decrypt the value and he says this isn't enough info.
How can I encrypt a value in a way where another system can decrypt it?
Thanks
Are you referring to the URL hacks that salesforce started supporting from Spring'21? I don't see Hash is needed in this case
Reference:https://releasenotes.docs.salesforce.com/en-us/spring20/release-notes/rn_general_lex_navigate_to_record_dfv.htm
You might want to try this approach if it fits your requirement.
If this information helps, please mark the answer as best. Thank you