Webhook Security
Branch uses AES
with CBC
mode and PKCS5
padding to encrypt sensitive data.
All sensitive data is prepended with a random initialization vector(IV)
to avoid dictionary attacks.
Decryption mechanism needs to be implemented on the client side in order to read sensitive data.
#
ConfigurationBranch provides the AES key in BASE64
format. Clients need to be sure that they have the key provided by Branch before implementing the solution on their end.
#
ImplementationImplementation can be summed up in two steps.
- Separate the initialization vector (iv) from the data
- Decrypt the data with iv and key