Tagih.id

AES-256-CBC Encryption

AES-256-CBC encryption is a symmetric encryption method that uses the AES (Advanced Encryption Standard) algorithm with a 256-bit (32-byte) key length and the CBC (Cipher Block Chaining) mode of operation. It secures data so that the transmitted information cannot be read directly. Before performing encryption, ensure you have received or obtained the Key and IV.

Below are the encryption requirements used:

openssl_encrypt($plainString, ‘AES-256-CBC’, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv);

AES-256-CBC Encryption Parameters

Name	Description
Encryption	AES 256
Mode	CBC
Key	32 bytes. Diberikan oleh tim Espay.
IV	16 bytes. Diberikan oleh tim Espay.
Output	Base64

Encryption Steps

The following are the steps to encrypt data using AES-256-CBC:

1. Prepare the data (plain text) to be encrypted

$plainString = ‘SGWYESSISHOP’;

2. Prepare the Key and IV

$_key = ’45bfba7eb46a6007d49ca55a3738aae0′;

$_iv = ‘acc6d0f5aa29120a’;

3. Add padding (zero padding)

In the AES 256 CBC algorithm, data must have a length that is a multiple of 16 bytes.

before padding:

string(12) ‘SGWYESSISHOP’

after padding:

String menjadi 16 byte: ‘SGWYESSISHOP’ + 4 null byte (\0).

The string looks the same visually, but its length changes to 16 bytes due to the addition of 4 null characters (\0).

⚠️ This padding is applied automatically in the code using a padding function.

4. Data encryption

Encrypt the data using the following encryption format:

openssl_encrypt($plainString, ‘AES-256-CBC’, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv);

5. Encode the Encrypted Result Using Base64

The encrypted plain string is then encoded using Base64.

7ehJDLKEnDvhoTaI0Ao3Fg==

Encryption - PHP


// Encryption function
function encryptData($data, $key, $iv) {
    $paddedData = padZero($data); // Pastikan data dipadding
    return openssl_encrypt($paddedData, 'AES-256-CBC', $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv);
}

// Decryption function
function decryptData($encryptedData, $key, $iv) {
    $decodedData = base64_decode($encryptedData);
    return rtrim(openssl_decrypt($decodedData, 'AES-256-CBC', $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv), "\0");
}

// Utility for padding
function padZero($data) {
    $len = 16;
    $padLength = $len - (strlen($data) % $len);
    return $data . str_repeat("\0", $padLength);
}

Sample Request - Before Encryption


POST /rest/tagihid/sendbillingdigital HTTP/1.1
Host: sandbox-api.espay.id
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Accept: */*

rq_uuid=SGWYESSISHOP973962&
rq_datetime=2025-06-30 08:31:06&
signature=a50e23f466757dbe328e7057a39ce41679135b64d7a40a5b6348b09b2add3d98&
sender_id=SGWYESSISHOP&
comm_code=SGWYESSISHOP&
ccy=IDR&
invoices={
    "1221-31013.SH_2107_00099.F": {
        "member_code": "1221-31013",
        "member_name": "Tambiluk Serang",
        "member_email": "[email protected]",
        "comm_code": "SGWYESSISHOP",
        "reference_number": "F",
        "amount": 20000,
        "due_date": "2018-03-22",
        "issue_date": "2018-03-22"
    },
    "1221-31013.SH_2107_00099.N": {
        "member_code": "1221-31013",
        "member_name": "Tambiluk Serang",
        "member_email": "[email protected]",
        "comm_code": "SGWYESSISHOP",
        "reference_number": "N",
        "amount": 150000,
        "due_date": "2018-03-22",
        "issue_date": "2018-03-22"
    }
}&
total_invoices=2

Sample Request - After Encryption


POST /rest/tagihid/sendbillingdigital HTTP/1.1
Host: sandbox-api.espay.id
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Accept: */*

rq_uuid=SGWYESSISHOP973962&
rq_datetime=2025-06-30 08:31:06&
signature=a50e23f466757dbe328e7057a39ce41679135b64d7a40a5b6348b09b2add3d98&
sender_id=SGWYESSISHOP&
comm_code=7ehJDLKEnDvhoTaI0Ao3Fg==&
ccy=XAgDOyFSyCxclKSInvWVcw==&
invoices=AKxBlnttnPYeN7Sgxyx4nnKX8TdReEucJox4i7poIizxAvfqodP5raJ4aplvOdFM4W2cVtUrmXaxYYUXEvHOoYRjTME0IChs1Ihm3FdB148Ef8Z+JMR2XZqbw338vpNtlR6tShTs1bFfERYvDyo1Epf9WRlTanU79K4Ri+OALy73QpPxZmfc1e+vmq0JbHt10K63x4qbcWuQDPAxwN6klbmAzByCg8tRU3hDPtLOUrhUrvrFmDBvPGbotHQkaOPXqSyqTlvMOxOgA0i4T0aGcdWp0pjv1wSNI0m4IUTJmCT15Vhy88vyX5Wy8BtctN6LnbFRd4eD3rsCHwxUkldXDPWIfu1bbt70kDGT9Ij5gZhIyoaeaVkDnKznEPFjGwhe/wfg24g9Rjkv21FQJiI6VvNV1pxTmvLOn63t9KGfQgGu/WJSrTe6AyqjsZiYdMqA/5pLR0dsG5RSC23NhLMFmVzuYujxAgmlRL5k5260oaCZ1Ps0RbD05VMXXDePMA8ZAIGVEiiMLbek3IN9hGlig26xJM2At1m6fesQlhhnOqtlXCDRSEsLkYqsIkA6sOr9DGLJcRE6mjK12GB6RUkfRZg73/lMvQ7WjjqQBtukk04sOWPUvxiCbMA75c7FbWDrgWF1yoYFuX6DZHrWzZgDmA==&
total_invoices=I3QGPJlhxrj9P2wjsQw/Bw==

What can I help you find?