Use Encryption in Custom Applications
Learning Objectives
After completing this unit, you'll be able to:
- Describe the Apex Crypto class.
- Explain the different use cases for the Apex Crypto class and custom encryption.
- Implement encryption in your own application.
What Is the Apex Crypto Class?
When it comes to implementing encryption in your Salesforce application, Apex gives you the flexibility to write your own custom cryptographic functions, while also granting you the ability to use a wide range of prebuilt functions. In this unit, we go through some of the powerful functions Salesforce offers at your disposal for creating digests, message authentication codes (MACs), signatures, and encryption and decryption functions via the Apex Crypto class.
The Crypto class provides sets of functions that are particularly valuable for safeguarding your communications. Using these functions, you can effectively shield confidential data from eavesdroppers, verify that message data is complete and unmodified, and verify the authenticity of senders and receivers. Each of these functions support a range of different algorithms. This provides a good degree of control over the composition of your solution, while still minimizing the burden of extra work required to secure your application.
Encryption and Decryption to Protect Confidentiality
Encryption and decryption can be handled with ease and flexibility with the Apex Crypto.Encrypt() and Crypto.Decrypt() functions, which support AES128, AES192, and AES256 algorithms. Encryption and decryption functions are essential for ensuring the confidentiality of your application data. You then have the option to generate your own encryption key, or use the Crypto.generateAESKey(Integer keylength) method. To secure the encryption keys, you can use techniques you practiced in the previous unit for storing secrets in protected custom metadata types or protected custom settings.
Hash Digests to Protect Integrity
Another useful function for verifying data integrity is the Apex Crypto.generateDigest() function. This method generates a one-way hash digest, and supports algorithms such as MD5, SHA1, SHA256, and SHA512. These hash digests can serve a valuable purpose in identifying accidental data corruption (or other unwanted modifications). By performing comparison checks on hash digests, you can quickly discover changes to data. Because the recomputed digest of that data will not match the original digest, you can confirm that the data has been modified. This can alert you to events such as data corruption, accidental changes, or malicious alterations.
Note that hashing algorithms have varying degrees of strength in terms of security. Although MD5 is supported by the Crypto class, it’s considered as a weak hashing algorithm, so Salesforce suggests using SHA1 or higher to compute hash digests.
Hash-Based Message Authentication Codes (MACs) to Prove Authenticity and Integrity
Another useful function is the Apex Crypto.generateMac() method, which can be used to create MACs. MACs can be used alongside message digest functions to set up hashed MACs (HMACs). HMACs are used in both TLS and IPSec protocols for authenticating message senders and ensuring that messages are not modified (or interceptable) in transit.
The Crypto.generateMac() method supports the HMACMD5, HMACSHA1, HMACSHA256, and HMAC512 algorithms. HMAC functions involve the use of message digests and a shared key that the sender uses to encrypt a MAC, and which the receiver uses to decrypt the MAC. Because the receiver has to decrypt the MAC using the shared private key, you can verify the authenticity of the message sender. The message digests can then be compared to allow the receiver to confirm that the message wasn’t modified in transit—that is, via a man-in-the-middle attack.
Creating a Digital Signature
Digital signatures ensure both the integrity and authenticity of messages. To generate a digital signature, you can use the Crypto.sign() function, which uses the SHA1 algorithm to create a digest, which is then subsequently encrypted with a private key using RSA. With this setup, the receiver of a message can use a public key to decrypt a message (which was encrypted with the sender’s private key), and then compare the message digest sent with a digest generated from the received message, allowing the receiver to verify its integrity.
Now that you know how to implement encryption in your Salesforce application, you can use Apex flexibility to leverage prebuilt functions or to write your own custom cryptographic functions.
Encryption, along with platform features like those offered by the Apex Crypto class help you ensure the security of the applications you build for the Salesforce Platform. And secure apps are the key to customer trust and success.
