{"id":28577433,"url":"https://github.com/mastercard/client-encryption-csharp","last_synced_at":"2025-06-11T00:38:38.655Z","repository":{"id":38010279,"uuid":"171892002","full_name":"Mastercard/client-encryption-csharp","owner":"Mastercard","description":"Library for Mastercard API compliant payload encryption/decryption.","archived":false,"fork":false,"pushed_at":"2025-05-08T13:11:15.000Z","size":375,"stargazers_count":27,"open_issues_count":0,"forks_count":20,"subscribers_count":14,"default_branch":"main","last_synced_at":"2025-06-10T18:33:06.584Z","etag":null,"topics":["csharp","decryption","encryption","field-level-encryption","fle","jwe","mastercard","netcore","netstandard13","openapi"],"latest_commit_sha":null,"homepage":"https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Mastercard.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-02-21T15:00:15.000Z","updated_at":"2025-05-23T11:41:56.000Z","dependencies_parsed_at":"2025-05-08T12:33:35.067Z","dependency_job_id":"b67be1e9-6145-4451-8663-19c1211c1c49","html_url":"https://github.com/Mastercard/client-encryption-csharp","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mastercard%2Fclient-encryption-csharp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mastercard%2Fclient-encryption-csharp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mastercard%2Fclient-encryption-csharp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mastercard%2Fclient-encryption-csharp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Mastercard","download_url":"https://codeload.github.com/Mastercard/client-encryption-csharp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mastercard%2Fclient-encryption-csharp/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259177322,"owners_count":22817349,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["csharp","decryption","encryption","field-level-encryption","fle","jwe","mastercard","netcore","netstandard13","openapi"],"created_at":"2025-06-11T00:37:43.041Z","updated_at":"2025-06-11T00:38:38.628Z","avatar_url":"https://github.com/Mastercard.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# client-encryption-csharp\n[![](https://developer.mastercard.com/_/_/src/global/assets/svg/mcdev-logo-dark.svg)](https://developer.mastercard.com/)\n\n[![](https://github.com/Mastercard/client-encryption-csharp/workflows/Build%20\u0026%20Test/badge.svg)](https://github.com/Mastercard/client-encryption-csharp/actions?query=workflow%3A%22Build+%26+Test%22)\n[![](https://sonarcloud.io/api/project_badges/measure?project=Mastercard_client-encryption-csharp\u0026metric=alert_status)](https://sonarcloud.io/dashboard?id=Mastercard_client-encryption-csharp)\n[![](https://github.com/Mastercard/client-encryption-csharp/workflows/broken%20links%3F/badge.svg)](https://github.com/Mastercard/client-encryption-csharp/actions?query=workflow%3A%22broken+links%3F%22)\n[![](https://img.shields.io/nuget/v/Mastercard.Developer.ClientEncryption.Core.svg?label=nuget%20|%20core)](https://www.nuget.org/packages/Mastercard.Developer.ClientEncryption.Core/)\n[![](https://img.shields.io/nuget/v/Mastercard.Developer.ClientEncryption.RestSharp.svg?label=nuget%20|%20restsharp%20portable)](https://www.nuget.org/packages/Mastercard.Developer.ClientEncryption.RestSharp/)\n[![](https://img.shields.io/nuget/v/Mastercard.Developer.ClientEncryption.RestSharpV2.svg?label=nuget%20|%20restsharp)](https://www.nuget.org/packages/Mastercard.Developer.ClientEncryption.RestSharpV2/)\n[![](https://img.shields.io/badge/license-MIT-yellow.svg)](https://github.com/Mastercard/client-encryption-csharp/blob/main/LICENSE)\n\n## Table of Contents\n- [Overview](#overview)\n  * [Compatibility](#compatibility)\n  * [References](#references)\n  * [Versioning and Deprecation Policy](#versioning)\n- [Usage](#usage)\n  * [Prerequisites](#prerequisites)\n  * [Adding the Libraries to Your Project](#adding-the-libraries-to-your-project)\n  * [Loading the Encryption Certificate](#loading-the-encryption-certificate) \n  * [Loading the Decryption Key](#loading-the-decryption-key)\n  * [Performing Payload Encryption and Decryption](#performing-payload-encryption-and-decryption)\n    * [Introduction](#introduction)\n    * [JWE Encryption and Decryption](#jwe-encryption-and-decryption)\n    * [Mastercard Encryption and Decryption](#mastercard-encryption-and-decryption)\n  * [Integrating with OpenAPI Generator API Client Libraries](#integrating-with-openapi-generator-api-client-libraries)\n\n## Overview \u003ca name=\"overview\"\u003e\u003c/a\u003e\n* [`ClientEncryption.Core`](https://www.nuget.org/packages/Mastercard.Developer.ClientEncryption.Core/) is a zero dependency library for Mastercard API compliant payload encryption/decryption\n* [`ClientEncryption.RestSharpV2`](https://www.nuget.org/packages/Mastercard.Developer.ClientEncryption.RestSharpV2/) is an extension dedicated to [RestSharp](https://restsharp.dev/)\n* [`ClientEncryption.RestSharp`](https://www.nuget.org/packages/Mastercard.Developer.ClientEncryption.RestSharp) is an extension dedicated to [RestSharp Portable](https://github.com/FubarDevelopment/restsharp.portable) (project no longer maintained)\n\n### Compatibility \u003ca name=\"compatibility\"\u003e\u003c/a\u003e\n\n#### .NET \u003ca name=\"net\"\u003e\u003c/a\u003e\n* `ClientEncryption.Core` targets .NET Standard 2.1\n* `ClientEncryption.RestSharpV2` targets .NET Standard 2.1\n* `ClientEncryption.RestSharp` targets .NET Standard 2.1\n\n.NET Standard versions supported by .NET implementations can be found in the following articles: [.NET Standard](https://docs.microsoft.com/en-us/dotnet/standard/net-standard), [.NET Standard versions](https://dotnet.microsoft.com/en-us/platform/dotnet-standard#versions).\n\n#### Strong Naming \u003ca name=\"strong-naming\"\u003e\u003c/a\u003e\nAssemblies are strong-named as per [Strong naming and .NET libraries](https://docs.microsoft.com/en-us/dotnet/standard/library-guidance/strong-naming).\nThe SN key is available here: [`Identity.snk`](https://github.com/Mastercard/client-encryption-csharp/blob/main/Identity.snk).\n\n### References \u003ca name=\"references\"\u003e\u003c/a\u003e\n* [JSON Web Encryption (JWE)](https://datatracker.ietf.org/doc/html/rfc7516)\n* [Securing Sensitive Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/)\n\n### Versioning and Deprecation Policy \u003ca name=\"versioning\"\u003e\u003c/a\u003e\n* [Mastercard Versioning and Deprecation Policy](https://github.com/Mastercard/.github/blob/main/CLIENT_LIBRARY_DEPRECATION_POLICY.md)\n\n## Usage \u003ca name=\"usage\"\u003e\u003c/a\u003e\n### Prerequisites \u003ca name=\"prerequisites\"\u003e\u003c/a\u003e\nBefore using this library, you will need to set up a project in the [Mastercard Developers Portal](https://developer.mastercard.com). \n\nAs part of this set up, you'll receive:\n* A public request encryption certificate (aka _Client Encryption Keys_)\n* A private response decryption key (aka _Mastercard Encryption Keys_)\n\n### Adding the Libraries to Your Project \u003ca name=\"adding-the-libraries-to-your-project\"\u003e\u003c/a\u003e\n\n#### Package Manager\n```shell\nInstall-Package Mastercard.Developer.ClientEncryption.{Core|RestSharp|RestSharpV2}\n```\n\n#### .NET CLI\n```shell\ndotnet add package Mastercard.Developer.ClientEncryption.{Core|RestSharp|RestSharpV2}\n```\n\n### Loading the Encryption Certificate \u003ca name=\"loading-the-encryption-certificate\"\u003e\u003c/a\u003e\n\nA `System.Security.Cryptography.X509Certificates.X509Certificate` object can be created from a file by calling `EncryptionUtils.LoadEncryptionCertificate`:\n```cs\nvar encryptionCertificate = EncryptionUtils.LoadEncryptionCertificate(\"\u003cinsert certificate file path\u003e\");\n```\n\nSupported certificate formats: PEM, DER.\n\n### Loading the Decryption Key \u003ca name=\"loading-the-decryption-key\"\u003e\u003c/a\u003e\n\n#### From a PKCS#12 Key Store\n\nA `System.Security.Cryptography.RSA` object can be created from a PKCS#12 key store by calling `EncryptionUtils.LoadDecryptionKey` the following way:\n```cs\nvar decryptionKey = EncryptionUtils.LoadDecryptionKey(\n                                    \"\u003cinsert PKCS#12 key file path\u003e\", \n                                    \"\u003cinsert key alias\u003e\", \n                                    \"\u003cinsert key password\u003e\");\n```\n\n#### From an Unencrypted Key File\n\nA `System.Security.Cryptography.RSA` object can be created from an unencrypted key file by calling `EncryptionUtils.LoadDecryptionKey` the following way:\n```cs\nvar decryptionKey = EncryptionUtils.LoadDecryptionKey(\"\u003cinsert key file path\u003e\");\n```\n\nSupported RSA key formats:\n* PKCS#1 PEM (starts with \"-----BEGIN RSA PRIVATE KEY-----\")\n* PKCS#8 PEM (starts with \"-----BEGIN PRIVATE KEY-----\")\n* Binary DER-encoded PKCS#8\n\n### Performing Payload Encryption and Decryption \u003ca name=\"performing-payload-encryption-and-decryption\"\u003e\u003c/a\u003e\n\n+ [Introduction](#introduction)\n+ [JWE Encryption and Decryption](#jwe-encryption-and-decryption)\n+ [Mastercard Encryption and Decryption](#mastercard-encryption-and-decryption)\n\n#### Introduction \u003ca name=\"introduction\"\u003e\u003c/a\u003e\n\nThis library supports two types of encryption/decryption, both of which support field level and entire payload encryption: JWE encryption and what the library refers to as Field Level Encryption (Mastercard encryption), a scheme used by many services hosted on Mastercard Developers before the library added support for JWE.\n\n#### JWE Encryption and Decryption \u003ca name=\"jwe-encryption-and-decryption\"\u003e\u003c/a\u003e\n\n+ [Introduction](#jwe-introduction)\n+ [Configuring the JWE Encryption](#configuring-the-jwe-encryption)\n+ [Performing JWE Encryption](#performing-jwe-encryption)\n+ [Performing JWE Decryption](#performing-jwe-decryption)\n+ [Encrypting Entire Payloads](#encrypting-entire-payloads-jwe)\n+ [Decrypting Entire Payloads](#decrypting-entire-payloads-jwe)\n\n##### • Introduction \u003ca name=\"jwe-introduction\"\u003e\u003c/a\u003e\n\nThis library uses [JWE compact serialization](https://datatracker.ietf.org/doc/html/rfc7516#section-7.1) for the encryption of sensitive data.\nThe core methods responsible for payload encryption and decryption are `EncryptPayload` and `DecryptPayload` in the `JweEncryption` class.\n\n* `EncryptPayload` usage:\n```cs\nvar encryptedRequestPayload = JweEncryption.EncryptPayload(requestPayload, config);\n\n```\n\n* `DecryptPayload` usage:\n```cs\nvar responsePayload = JweEncryption.DecryptPayload(encryptedResponsePayload, config);\n```\n\n##### • Configuring the JWE Encryption \u003ca name=\"configuring-the-jwe-encryption\"\u003e\u003c/a\u003e\nUse the `JweConfigBuilder` to create `JweConfig` instances. Example:\n```cs\nvar config = JweConfigBuilder.AJweEncryptionConfig()\n    .WithEncryptionCertificate(encryptionCertificate)\n    .WithDecryptionKey(decryptionKey)\n    .WithEncryptionPath(\"$.path.to.foo\", \"$.path.to.encryptedFoo\")\n    .WithDecryptionPath(\"$.path.to.encryptedFoo\", \"$.path.to.foo\")\n    .WithEncryptedValueFieldName(\"encryptedValue\")\n    .Build();\n```\n\n\n##### • Performing JWE Encryption \u003ca name=\"performing-jwe-encryption\"\u003e\u003c/a\u003e\n\nCall `JweEncryption.EncryptPayload` with a JSON request payload and a `JweConfig` instance.\n\nExample using the configuration [above](#configuring-the-jwe-encryption):\n```cs\nconst string payload = \"{\" +\n    \"    \\\"path\\\": {\" +\n    \"        \\\"to\\\": {\" +\n    \"            \\\"foo\\\": {\" +\n    \"                \\\"sensitiveField1\\\": \\\"sensitiveValue1\\\",\" +\n    \"                \\\"sensitiveField2\\\": \\\"sensitiveValue2\\\"\" +\n    \"            }\" +\n    \"        }\" +\n    \"    }\" +\n    \"}\";\nvar encryptedPayload = JweEncryption.EncryptPayload(payload, config);\nConsole.WriteLine(JObject.Parse(encryptedPayload));\n```\n\nOutput:\n```json\n{\n    \"path\": {\n        \"to\": {\n            \"encryptedFoo\": {\n                \"encryptedValue\": \"eyJraWQiOiI3NjFiMDAzYzFlYWRlM….Y+oPYKZEMTKyYcSIVEgtQw\"\n            }\n        }\n    }\n}\n```\n\n##### • Performing JWE Decryption \u003ca name=\"performing-jwe-decryption\"\u003e\u003c/a\u003e\n\nCall `JweEncryption.DecryptPayload` with a JSON response payload and a `JweConfig` instance.\n\nExample using the configuration [above](#configuring-the-jwe-encryption):\n```cs\nconst string encryptedPayload = \"{\" +\n    \"    \\\"path\\\": {\" +\n    \"        \\\"to\\\": {\" +\n    \"            \\\"encryptedFoo\\\": {\" +\n    \"                \\\"encryptedValue\\\": \\\"eyJraWQiOiI3NjFiMDAzYzFlYWRlM….Y+oPYKZEMTKyYcSIVEgtQw\\\"\" +\n    \"            }\" +\n    \"        }\" +\n    \"    }\" +\n    \"}\";\nvar payload = JweEncryption.DecryptPayload(encryptedPayload, config);\nConsole.WriteLine(JObject.Parse(payload));\n```\n\nOutput:\n```json\n{\n    \"path\": {\n        \"to\": {\n            \"foo\": {\n                \"sensitiveField1\": \"sensitiveValue1\",\n                \"sensitiveField2\": \"sensitiveValue2\"\n            }\n        }\n    }\n}\n```\n\n##### • Encrypting Entire Payloads \u003ca name=\"encrypting-entire-payloads-jwe\"\u003e\u003c/a\u003e\n\nEntire payloads can be encrypted using the \"$\" operator as encryption path:\n\n```cs\nvar config = JweConfigBuilder.AJweEncryptionConfig()\n    .WithEncryptionCertificate(encryptionCertificate)\n    .WithEncryptionPath(\"$\", \"$\")\n    // …\n    .Build();\n```\n\nExample:\n```cs\nconst string payload = \"{\" +\n    \"    \\\"sensitiveField1\\\": \\\"sensitiveValue1\\\",\" +\n    \"    \\\"sensitiveField2\\\": \\\"sensitiveValue2\\\"\" +\n    \"}\";\nvar encryptedPayload = JweEncryption.EncryptPayload(payload, config);\nConsole.WriteLine(JObject.Parse(encryptedPayload));\n```\n\nOutput:\n```json\n{\n    \"encryptedValue\": \"eyJraWQiOiI3NjFiMDAzYzFlYWRlM….Y+oPYKZEMTKyYcSIVEgtQw\"\n}\n```\n\n##### • Decrypting Entire Payloads \u003ca name=\"decrypting-entire-payloads-jwe\"\u003e\u003c/a\u003e\n\nEntire payloads can be decrypted using the \"$\" operator as decryption path:\n\n```cs\nvar config = JweConfigBuilder.AJweEncryptionConfig()\n    .WithDecryptionKey(decryptionKey)\n    .WithDecryptionPath(\"$\", \"$\")\n    // …\n    .Build();\n```\n\nExample:\n```cs\nconst string encryptedPayload = \"{\" +\n    \"  \\\"encryptedValue\\\": \\\"eyJraWQiOiI3NjFiMDAzYzFlYWRlM….Y+oPYKZEMTKyYcSIVEgtQw\\\"\" +\n    \"}\";\nvar payload = JweEncryption.DecryptPayload(encryptedPayload, config);\nConsole.WriteLine(JObject.Parse(payload));\n```\n\nOutput:\n```json\n{\n    \"sensitiveField1\": \"sensitiveValue1\",\n    \"sensitiveField2\": \"sensitiveValue2\"\n}\n```\n\n#### Mastercard Encryption and Decryption \u003ca name=\"mastercard-encryption-and-decryption\"\u003e\u003c/a\u003e\n\n+ [Introduction](#mastercard-introduction)\n+ [Configuring the Mastercard Encryption](#configuring-the-mastercard-encryption)\n+ [Performing Mastercard Encryption](#performing-mastercard-encryption)\n+ [Performing Mastercard Decryption](#performing-mastercard-decryption)\n+ [Encrypting Entire Payloads](#encrypting-entire-mastercard-payloads)\n+ [Decrypting Entire Payloads](#decrypting-entire-mastercard-payloads)\n+ [Using HTTP Headers for Encryption Params](#using-http-headers-for-encryption-params)\n\n##### • Introduction \u003ca name=\"mastercard-introduction\"\u003e\u003c/a\u003e\n \nThe core methods responsible for payload encryption and decryption are `EncryptPayload` and `DecryptPayload` in the `FieldLevelEncryption` class.\n\n* `EncryptPayload` usage:\n```cs\nvar encryptedRequestPayload = FieldLevelEncryption.EncryptPayload(requestPayload, config);\n```\n\n* `DecryptPayload` usage:\n```cs\nvar responsePayload = FieldLevelEncryption.DecryptPayload(encryptedResponsePayload, config);\n```\n\n##### • Configuring the Mastercard Encryption \u003ca name=\"configuring-the-mastercard-encryption\"\u003e\u003c/a\u003e\nUse the `FieldLevelEncryptionConfigBuilder` to create `FieldLevelEncryptionConfig` instances. Example:\n```cs\nvar config = FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig()\n    .WithEncryptionCertificate(encryptionCertificate)\n    .WithDecryptionKey(decryptionKey)\n    .WithEncryptionPath(\"$.path.to.foo\", \"$.path.to.encryptedFoo\")\n    .WithDecryptionPath(\"$.path.to.encryptedFoo\", \"$.path.to.foo\")\n    .WithOaepPaddingDigestAlgorithm(\"SHA-256\")\n    .WithEncryptedValueFieldName(\"encryptedValue\")\n    .WithEncryptedKeyFieldName(\"encryptedKey\")\n    .WithIvFieldName(\"iv\")\n    .WithValueEncoding(FieldValueEncoding.Hex)\n    .Build();\n```\n\nSee also:\n* [FieldLevelEncryptionConfig.cs](https://github.com/Mastercard/client-encryption-csharp/blob/main/Mastercard.Developer.ClientEncryption.Core/Encryption/FieldLevelEncryptionConfig.cs) for all config options\n\n##### • Performing Mastercard Encryption \u003ca name=\"performing-mastercard-encryption\"\u003e\u003c/a\u003e\n\nCall `FieldLevelEncryption.EncryptPayload` with a JSON request payload and a `FieldLevelEncryptionConfig` instance.\n\nExample using the configuration [above](#configuring-the-field-level-encryption):\n```cs\nconst string payload = \"{\" +\n    \"    \\\"path\\\": {\" +\n    \"        \\\"to\\\": {\" +\n    \"            \\\"foo\\\": {\" +\n    \"                \\\"sensitiveField1\\\": \\\"sensitiveValue1\\\",\" +\n    \"                \\\"sensitiveField2\\\": \\\"sensitiveValue2\\\"\" +\n    \"            }\" +\n    \"        }\" +\n    \"    }\" +\n    \"}\";\nvar encryptedPayload = FieldLevelEncryption.EncryptPayload(payload, config);\nConsole.WriteLine(JObject.Parse(encryptedPayload));\n```\n\nOutput:\n```json\n{\n    \"path\": {\n        \"to\": {\n            \"encryptedFoo\": {\n                \"iv\": \"7f1105fb0c684864a189fb3709ce3d28\",\n                \"encryptedKey\": \"67f467d1b653d98411a0c6d3c…ffd4c09dd42f713a51bff2b48f937c8\",\n                \"encryptedValue\": \"b73aabd267517fc09ed72455c2…dffb5fa04bf6e6ce9ade1ff514ed6141\"\n            }\n        }\n    }\n}\n```\n\n##### • Performing Mastercard Decryption \u003ca name=\"performing-mastercard-decryption\"\u003e\u003c/a\u003e\n\nCall `FieldLevelEncryption.DecryptPayload` with a JSON response payload and a `FieldLevelEncryptionConfig` instance.\n\nExample using the configuration [above](#configuring-the-field-level-encryption):\n```cs\nconst string encryptedPayload = \"{\" +\n    \"    \\\"path\\\": {\" +\n    \"        \\\"to\\\": {\" +\n    \"            \\\"encryptedFoo\\\": {\" +\n    \"                \\\"iv\\\": \\\"e5d313c056c411170bf07ac82ede78c9\\\",\" +\n    \"                \\\"encryptedKey\\\": \\\"e3a56746c0f9109d18b3a2652b76…f16d8afeff36b2479652f5c24ae7bd\\\",\" +\n    \"                \\\"encryptedValue\\\": \\\"809a09d78257af5379df0c454dcdf…353ed59fe72fd4a7735c69da4080e74f\\\"\" +\n    \"            }\" +\n    \"        }\" +\n    \"    }\" +\n    \"}\";\nvar payload = FieldLevelEncryption.DecryptPayload(encryptedPayload, config);\nConsole.WriteLine(JObject.Parse(payload));\n```\n\nOutput:\n```json\n{\n    \"path\": {\n        \"to\": {\n            \"foo\": {\n                \"sensitiveField1\": \"sensitiveValue1\",\n                \"sensitiveField2\": \"sensitiveValue2\"\n            }\n        }\n    }\n}\n```\n\n##### • Encrypting Entire Payloads \u003ca name=\"encrypting-entire-mastercard-payloads\"\u003e\u003c/a\u003e\n\nEntire payloads can be encrypted using the \"$\" operator as encryption path:\n\n```cs\nvar config = FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig()\n    .WithEncryptionCertificate(encryptionCertificate)\n    .WithEncryptionPath(\"$\", \"$\")\n    // …\n    .Build();\n```\n\nExample:\n```cs\nconst string payload = \"{\" +\n    \"    \\\"sensitiveField1\\\": \\\"sensitiveValue1\\\",\" +\n    \"    \\\"sensitiveField2\\\": \\\"sensitiveValue2\\\"\" +\n    \"}\";\nvar encryptedPayload = FieldLevelEncryption.EncryptPayload(payload, config);\nConsole.WriteLine(JObject.Parse(encryptedPayload));\n```\n\nOutput:\n```json\n{\n    \"iv\": \"1b9396c98ab2bfd195de661d70905a45\",\n    \"encryptedKey\": \"7d5112fa08e554e3dbc455d0628…52e826dd10311cf0d63bbfb231a1a63ecc13\",\n    \"encryptedValue\": \"e5e9340f4d2618d27f8955828c86…379b13901a3b1e2efed616b6750a90fd379515\"\n}\n```\n\n##### • Decrypting Entire Payloads \u003ca name=\"decrypting-entire-mastercard-payloads\"\u003e\u003c/a\u003e\n\nEntire payloads can be decrypted using the \"$\" operator as decryption path:\n\n```cs\nvar config = FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig()\n    .WithDecryptionKey(decryptionKey)\n    .WithDecryptionPath(\"$\", \"$\")\n    // …\n    .Build();\n```\n\nExample:\n```cs\nconst string encryptedPayload = \"{\" +\n    \"  \\\"iv\\\": \\\"1b9396c98ab2bfd195de661d70905a45\\\",\" +\n    \"  \\\"encryptedKey\\\": \\\"7d5112fa08e554e3dbc455d0628…52e826dd10311cf0d63bbfb231a1a63ecc13\\\",\" +\n    \"  \\\"encryptedValue\\\": \\\"e5e9340f4d2618d27f8955828c86…379b13901a3b1e2efed616b6750a90fd379515\\\"\" +\n    \"}\";\nvar payload = FieldLevelEncryption.DecryptPayload(encryptedPayload, config);\nConsole.WriteLine(JObject.Parse(payload));\n```\n\nOutput:\n```json\n{\n    \"sensitiveField1\": \"sensitiveValue1\",\n    \"sensitiveField2\": \"sensitiveValue2\"\n}\n```\n\n##### • Using HTTP Headers for Encryption Params \u003ca name=\"using-http-headers-for-encryption-params\"\u003e\u003c/a\u003e\n\nIn the sections above, encryption parameters (initialization vector, encrypted symmetric key, etc.) are part of the HTTP payloads.\n\nHere is how to configure the library for using HTTP headers instead.\n\n###### Configuration for Using HTTP Headers \u003ca name=\"configuration-for-using-http-headers\"\u003e\u003c/a\u003e\n\nCall `With{Param}HeaderName` instead of `With{Param}FieldName` when building a `FieldLevelEncryptionConfig` instance. Example:\n```cs\nvar config = FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig()\n    .WithEncryptionCertificate(encryptionCertificate)\n    .WithDecryptionKey(decryptionKey)\n    .WithEncryptionPath(\"$\", \"$\")\n    .WithDecryptionPath(\"$\", \"$\")\n    .WithOaepPaddingDigestAlgorithm(\"SHA-256\")\n    .WithEncryptedValueFieldName(\"data\")\n    .WithIvHeaderName(\"x-iv\")\n    .WithEncryptedKeyHeaderName(\"x-encrypted-key\")\n    // …\n    .WithValueEncoding(FieldValueEncoding.Hex)\n    .Build();\n```\n\nSee also:\n* [FieldLevelEncryptionConfig.cs](https://github.com/Mastercard/client-encryption-csharp/blob/main/Mastercard.Developer.ClientEncryption.Core/Encryption/FieldLevelEncryptionConfig.cs) for all config options\n\n###### Encrypting Using HTTP Headers\n\nEncryption can be performed using the following steps:\n\n1. Generate parameters by calling `FieldLevelEncryptionParams.Generate`:\n\n```cs\nvar parameters = FieldLevelEncryptionParams.Generate(config);\n```\n\n2. Update the request headers:\n\n```cs\nrequest.SetHeader(config.IvHeaderName, parameters.IvValue);\nrequest.SetHeader(config.EncryptedKeyHeaderName, parameters.EncryptedKeyValue);\n// …\n```\n\n3. Call `EncryptPayload` with params:\n```cs\nFieldLevelEncryption.EncryptPayload(payload, config, parameters);\n```\n\nExample using the configuration [above](#configuration-for-using-http-headers):\n\n```cs\nconst string payload = \"{\" +\n    \"    \\\"sensitiveField1\\\": \\\"sensitiveValue1\\\",\" +\n    \"    \\\"sensitiveField2\\\": \\\"sensitiveValue2\\\"\" +\n    \"}\";\nvar encryptedPayload = FieldLevelEncryption.EncryptPayload(payload, config, parameters);\nConsole.WriteLine(JObject.Parse(encryptedPayload));\n```\n\nOutput:\n```json\n{\n    \"data\": \"53b5f07ee46403af2e92abab900853…d560a0a08a1ed142099e3f4c84fe5e5\"\n}\n```\n\n###### Decrypting Using HTTP Headers\n\nDecryption can be performed using the following steps:\n\n1. Read the response headers:\n\n```cs\nvar ivValue = response.GetHeader(config.IvHeaderName);\nvar encryptedKeyValue = response.GetHeader(config.EncryptedKeyHeaderName);\n// …\n```\n\n2. Create a `FieldLevelEncryptionParams` instance:\n\n```cs\nvar parameters = new FieldLevelEncryptionParams(config, ivValue, encryptedKeyValue, …);\n```\n\n3. Call `DecryptPayload` with params:\n```cs\nFieldLevelEncryption.DecryptPayload(encryptedPayload, config, parameters);\n```\n\nExample using the configuration [above](#configuration-for-using-http-headers):\n\n```cs\nconst string encryptedPayload = \"{\" +\n    \"  \\\"data\\\": \\\"53b5f07ee46403af2e92abab900853…d560a0a08a1ed142099e3f4c84fe5e5\\\"\" +\n    \"}\";\nvar payload = FieldLevelEncryption.DecryptPayload(encryptedPayload, config, parameters);\nConsole.WriteLine(JObject.Parse(payload));\n```\n\nOutput:\n```json\n{\n    \"sensitiveField1\": \"sensitiveValue1\",\n    \"sensitiveField2\": \"sensitiveValue2\"\n}\n```\n\n### Integrating with OpenAPI Generator API Client Libraries \u003ca name=\"integrating-with-openapi-generator-api-client-libraries\"\u003e\u003c/a\u003e\n\n[OpenAPI Generator](https://github.com/OpenAPITools/openapi-generator) generates API client libraries from [OpenAPI Specs](https://github.com/OAI/OpenAPI-Specification). \nIt provides generators and library templates for supporting multiple languages and frameworks.\n\nThis project provides you with some interceptor classes you can use when configuring your API client. \nThese classes will take care of encrypting request and decrypting response payloads, but also of updating HTTP headers when needed.\n\nGenerators currently supported:\n+ [csharp-netcore](#csharp-netcore-generator)\n+ [csharp (deprecated)](#csharp-generator)\n\n#### csharp-netcore \u003ca name=\"csharp-netcore-generator\"\u003e\u003c/a\u003e\n\n##### OpenAPI Generator\n\nClient libraries can be generated using the following command:\n\n```shell\nopenapi-generator-cli generate -i openapi-spec.yaml -g csharp-netcore -c config.json -o out\n```\nconfig.json:\n\n```json\n{ \"targetFramework\": \"netstandard2.1\" }\n```\n\nSee also: \n* [OpenAPI Generator CLI Installation](https://openapi-generator.tech/docs/installation)\n* [Config Options for csharp-netcore](https://github.com/OpenAPITools/openapi-generator/blob/master/docs/generators/csharp-netcore.md)\n\n##### Usage of the `RestSharpEncryptionInterceptor`\n\n`RestSharpEncryptionInterceptor` is located in the [`ClientEncryption.RestSharpV2`](https://www.nuget.org/packages/Mastercard.Developer.ClientEncryption.RestSharpV2/) package. \n\n##### Usage\n\n1. Create a new file (for instance, `MastercardApiClient.cs`) extending the definition of the generated `ApiClient` class:\n\n```cs\npartial class ApiClient\n{\n    private readonly Uri _basePath;\n    private readonly RestSharpSigner _signer;\n    private readonly RestSharpEncryptionInterceptor _encryptionInterceptor;\n\n    /// \u003csummary\u003e\n    /// Construct an ApiClient which will automatically:\n    /// - Sign requests\n    /// - Encrypt/decrypt requests and responses\n    /// \u003c/summary\u003e\n    public ApiClient(RSA signingKey, string basePath, string consumerKey, EncryptionConfig config)\n    {\n        _baseUrl = basePath;\n        _basePath = new Uri(basePath);\n        _signer = new RestSharpSigner(consumerKey, signingKey);\n        _encryptionInterceptor = RestSharpEncryptionInterceptor.From(config);\n    }\n\n    partial void InterceptRequest(RestRequest request)\n    {\n        _encryptionInterceptor.InterceptRequest(request);\n        _signer.Sign(_basePath, request);\n    }\n}\n```\n\n2. Configure your `ApiClient` instance the following way:\n\n```cs\nvar client = new ApiClient(SigningKey, BasePath, ConsumerKey, config);\nvar serviceApi = new ServiceApi() { Client = client };\n// …\n```\n\n#### csharp (deprecated)\u003ca name=\"csharp-generator\"\u003e\u003c/a\u003e\n\n##### OpenAPI Generator\n\nClient libraries can be generated using the following command:\n\n```shell\nopenapi-generator-cli generate -i openapi-spec.yaml -g csharp -c config.json -o out\n```\n\nconfig.json:\n```json\n{ \"targetFramework\": \"netstandard2.1\" }\n```\n\n⚠️ `v5.0` was used for `targetFramework` in OpenAPI Generator versions prior 5.0.0.\n\nSee also: \n* [OpenAPI Generator CLI Installation](https://openapi-generator.tech/docs/installation)\n* [Config Options for csharp](https://github.com/OpenAPITools/openapi-generator/blob/master/docs/generators/csharp.md)\n\n##### Usage of the `RestSharpFieldLevelEncryptionInterceptor`\n\n`RestSharpFieldLevelEncryptionInterceptor` is located in the [`ClientEncryption.RestSharp`](https://www.nuget.org/packages/Mastercard.Developer.ClientEncryption.RestSharp/) package. \n\n##### Usage:\n1. Create a new file (for instance, `MastercardApiClient.cs`) extending the definition of the generated `ApiClient` class:\n\n```cs\npartial class ApiClient\n{\n    public RestSharpFieldLevelEncryptionInterceptor EncryptionInterceptor { private get; set; }\n    partial void InterceptRequest(RestRequest request) =\u003e EncryptionInterceptor.InterceptRequest(request);\n    partial void InterceptResponse(RestRequest request, RestResponse response) =\u003e EncryptionInterceptor.InterceptResponse(response);\n}\n```\n\n2. Configure your `ApiClient` instance the following way:\n\n```cs\nvar config = Configuration.Default;\nconfig.BasePath = \"https://sandbox.api.mastercard.com\";\nconfig.ApiClient.RestClient.Authenticator = new RestSharpOAuth1Authenticator(ConsumerKey, signingKey, new Uri(config.BasePath));\nvar encryptionConfig = FieldLevelEncryptionConfigBuilder\n    .AFieldLevelEncryptionConfig()\n    // …\n    .Build();\nconfig.ApiClient.EncryptionInterceptor = new RestSharpFieldLevelEncryptionInterceptor(encryptionConfig);\nvar serviceApi = new ServiceApi(config);\n// …\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmastercard%2Fclient-encryption-csharp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmastercard%2Fclient-encryption-csharp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmastercard%2Fclient-encryption-csharp/lists"}