I am trying to generate Tustpilot Business Generated Link(BGL). I have and Encryption key and Authentication key. Ask is to encrypt json payload containing user data with AES-CBC using a key size of 256 bits, a block size of 128 bits, and PKCS7 padding mode. Below steps are mentioned in trustpilot official site as well.
- Generate IV according to block size 128 bits
- Encrypt the JSON with the encryptkey and IV
- Create a signature of the ciphertext.
- For this, we use HMAC-SHA256 and the authkey. Compute the HMAC by hashing the IV followed by the ciphertext. Here's an example: HMAC = HMAC-SHA256( IV + ciphertext )
Finally, base64-encode it like base64_payload = base64( IV + ciphertext + HMAC )
I tried this in javascript/nodejs and using crypto library to perform the encryption.
const ecryptionKey = 'xxxxx';
const authenticationKey = 'xxxxx';
const payload = {
"email":"[email protected]",
"name":"abc",
}
const plainText = JSON.stringify(payload);
const key = Buffer.from(ecryptionKey, 'base64');
const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
const HMAC = crypto.createHmac('sha256', key)
.update(plainText)
.digest('hex');
const base64_payload = Buffer.from(iv + cipher + HMAC).toString('base64')
const url = https://www.trustpilot.com/evaluate-bgl/<domain>?p= + encodeURI(base64_payload)
Only way to test this is to hit the URL and if it is asking for login to submit review, the encryption is not done correctly.
So far I have no success. Any help would be greatly appreciated as I am completely lost!