Apex Crypto Example
The methods in the Crypto class can be used for securing content in Lightning Platform, or for integrating with external services such as Google or Amazon Webservices (AWS).The cryptographic capabilities of the Crypto class are normally used in the following scenarios:
- Confidentiality – the protection of data either at rest or in transit from unauthorized parties
- Integrity – the data is complete and correct
- Authenticity – proof of the authenticity of the sender or receiver of the message
Encryption and Decryption
Salesforce supports encrypt and decrypt information using AES128, AES192, and AES256 algorithms. Currently, only symmetric private key encryption using the AES algorithm is supported. The length of privateKey must match the specified algorithm: 128 bits, 192 bits, or 256 bits, which is 16, 24, or 32 bytes, respectively. You can use a third-party application or the generateAesKey method to generate this key for you.Here is the example that will show encryption and decryption.
AES128 algorithms
Blob initializationVector = Blob.valueOf('SixtenDigitlen16'); Blob key = Crypto.generateAesKey(128); Blob cipherText = Blob.valueOf('The Data to be encrypted'); Blob encrypted = Crypto.encrypt('AES128', key, initializationVector, cipherText); Blob decrypted = Crypto.decrypt('AES128', key, initializationVector, encrypted); String decryptedString = decrypted.toString(); System.debug(decryptedString);
AES192 algorithms
Blob initializationVector = Blob.valueOf('123456789012345678901234'); Blob key = Crypto.generateAesKey(192); Blob cipherText = Blob.valueOf('The Data to be encrypted'); Blob encrypted = Crypto.encrypt('AES192', key, initializationVector, cipherText); Blob decrypted = Crypto.decrypt('AES192', key, initializationVector, encrypted); String decryptedString = decrypted.toString(); System.debug(decryptedString);
AES256 algorithms
Blob initializationVector = Blob.valueOf('12345678901234567890123456789012'); Blob key = Crypto.generateAesKey(256); Blob cipherText = Blob.valueOf('The Data to be encrypted'); Blob encrypted = Crypto.encrypt('AES256', key, initializationVector, cipherText); Blob decrypted = Crypto.decrypt('AES256', key, initializationVector, encrypted); String decryptedString = decrypted.toString(); System.debug(decryptedString);
Encrypt Decrypt With ManagedIV
Blob exampleIv = Blob.valueOf('Example of IV123'); Blob key = Crypto.generateAesKey(128); Blob data = Blob.valueOf('Data to be encrypted'); Blob encrypted = Crypto.encrypt('AES128', key, exampleIv, data); Blob decrypted = Crypto.decrypt('AES128', key, exampleIv, encrypted); String decryptedString = decrypted.toString(); System.assertEquals('Data to be encrypted', decryptedString);
AES192 algorithms
Blob key = Crypto.generateAesKey(192); Blob data = Blob.valueOf('Data to be encrypted'); Blob encrypted = Crypto.encryptWithManagedIV('AES192', key, data); Blob decrypted = Crypto.decryptWithManagedIV('AES192', key, encrypted); String decryptedString = decrypted.toString(); System.assertEquals('Data to be encrypted', decryptedString);
AES256 algorithms
Blob key = Crypto.generateAesKey(256); Blob data = Blob.valueOf('Data to be encrypted'); Blob encrypted = Crypto.encryptWithManagedIV('AES256', key, data); Blob decrypted = Crypto.decryptWithManagedIV('AES256', key, encrypted); String decryptedString = decrypted.toString(); System.assertEquals('Data to be encrypted', decryptedString);
Digital signature
String algorithmName = 'RSA'; String key = ''; Blob privateKey = EncodingUtil.base64Decode(key); Blob input = Blob.valueOf('12345qwerty'); Crypto.sign(algorithmName, input, privateKey);
You can use Salesforce Certificate to use for signing as shown below.The Unique Name for a certificate stored in the Salesforce organization’s Certificate and Key Management page to use for signing.
Blob data = Blob.valueOf('12345qwerty'); System.Crypto.signWithCertificate('RSA-SHA256', data, 'signingCert');