Skip to main content

9. Encryption and Decryption of DVLA response

9.1 Introduction

Hybrid Encryption is employed for encrypting and decrypting the DVLA response. This method combines the efficiency of symmetric encryption for data with the security advantages of asymmetric encryption for key exchange, maintaining a balance between speed and security.

9.2 Generating public and private keys

  • Here, we use the OpenSSL tool to create an RSA private key and subsequently derive the public key from it.
  • We use the below script to generate a pair of keys and also encode them to base64.
# Generate private key
openssl genpkey -algorithm RSA -out private.pem
echo "Private Key generated successfully:"
cat private.pem

# Extract public key from private key
openssl rsa -pubout -in private.pem -out public.pub
echo "Public Key extracted successfully:"
cat public.pub

# Encode keys to base64
encode_to_base64() {
input_file=$1
output_file=$2

cat "$input_file" | base64 -w 0 > "$output_file"
echo "Encoded $input_file successfully to $output_file"
}

encode_to_base64 public.pub base64_encoded_public_key.txt
encode_to_base64 private.pem base64_encoded_private_key.txt

  • Separate keys will be generated for each environment and stored as environment variables.

9.3 Process

9.3.1 Encryption

9.3.2 Decryption

Status: Draft (Pending Review)
Category: Protected
Authored By: Sohan on Dec 06, 2023