Crypto

Welcome to PruTAN's Crypto feature — a robust security toolkit designed to protect sensitive data through encryption, decryption, and checksum validation.
With Crypto, you can securely handle confidential information such as account details, customer identifiers, and transaction references directly within scripts and rules.

This feature ensures that your data remains protected, tamper-proof, and compliant with security standards throughout the entire request lifecycle.

Image 1 : API

Image 2 : Hostbox

Image 3 : Interceptor

Overview

Crypto functions in PruTAN enable seamless integration of cryptographic operations into your workflows. They are particularly useful for:

Encrypting sensitive fields before transmission to prevent unauthorized access.
Decrypting received data for processing while maintaining security.
Generating and validating checksums to ensure data integrity and detect tampering.

You can combine these functions in scripts and rules to create secure, end-to-end data flows across API, Hostbox, and Interceptor modules.

Commonly Used Crypto Functions

Below are the core cryptographic functions available in PruTAN, designed for secure data handling in automation scenarios.

1. Encrypt

Purpose:
Encrypts a given value using a specified public key to protect sensitive data before transmission.

Syntax:

req.encrypt(value, "Public_Key")
res.encrypt(value, "Public_Key")

Sample Request Body:

<Request>
  <Customer>
    <AccountNumber>1234567890</AccountNumber>
    <Name>John Doe</Name>
  </Customer>
  <Transaction>
    <Amount>1000.00</Amount>
    <ReferenceId>TXN123</ReferenceId>
  </Transaction>
</Request>

Example Usage:

// Encrypt sensitive fields in request
req.setBody("Request.Customer.AccountNumber", req.encrypt(customerAccountNo, "Public_Key"));
req.setBody("Request.Transaction.Amount", req.encrypt(transactionAmount, "Public_Key"));

2. Decrypt

Purpose:
Decrypts an encrypted value using the corresponding private key to access protected data.

Syntax:

req.decrypt(encryptedValue, "Private_Key")
res.decrypt(encryptedValue, "Private_Key")
oreq.decrypt(encryptedValue, "Private_Key") // For Interceptor request rules
ires.decrypt(encryptedValue, "Private_Key") // In Interceptor response rules

Example Usage:

// Decrypt incoming request fields
accountNo = req.decrypt(req.getBody("Request.Customer.AccountNumber"), "Private_Key");
amount = req.decrypt(req.getBody("Request.Transaction.Amount"), "Private_Key");

// Decrypt and update response field
txnRef = res.decrypt(res.getBody("Response.Transaction.ReferenceId"), "Private_Key");
res.setBody("Response.Transaction.ReferenceId", txnRef);

3. Generate Checksum

Purpose:
Generates a cryptographic hash (checksum) for given data using algorithms like SHA-256 to ensure data integrity.

Syntax:

req.generateChecksum(data, "Algorithm")
res.generateChecksum(data, "Algorithm")

Example Usage:

// Generate checksum for request data
checksum = req.generateChecksum(concatenatedData, "SHA-256");
res.setBody("Request.Checksum", checksum);

// Generate and validate checksum for response
resChecksum = res.generateChecksum(responseData, "SHA-256");
res.setBody("Response.Checksum", resChecksum);

// Validation example
receivedChecksum = req.getBody("Request.Checksum");
calculatedChecksum = req.generateChecksum(concatenatedData, "SHA-256");

if (receivedChecksum === calculatedChecksum) {
    print("Checksum validation successful");
} else {
    print("Checksum mismatch detected");
}

Using Crypto in Scripts

Crypto functions can be integrated into Pre-request Scripts, Rules, and Response Scripts across PruTAN modules.

Example in API Module:

// Encrypt fields before sending request
let encryptedAccount = req.encrypt(req.getBody("accountNumber"), "Public_Key");
req.setBody("encryptedAccount", encryptedAccount);

// Decrypt response data
let decryptedAmount = res.decrypt(res.getBody("encryptedAmount"), "Private_Key");
res.setBody("amount", decryptedAmount);

// Generate checksum for integrity
let checksum = req.generateChecksum(req.getBody("payload"), "SHA-256");
req.setHeader("X-Checksum", checksum);

Notes

Key Management: Public keys are used for encryption, while private keys are used for decryption. Ensure correct key aliases are configured in your environment.
Supported Algorithms: Common hashing algorithms include SHA-256, SHA-512, and others based on your setup.
Security Best Practices: Always use appropriate key management and avoid hardcoding sensitive keys in scripts.
Module Compatibility: Crypto operations work in API scripts, Hostbox rules, and Interceptor rules.
Data Integrity: Checksums help verify that data has not been altered during transmission.

Example Use Case

Scenario: Securing a financial transaction request with encryption and checksum validation.

// Pre-request script example
let accountNo = req.getBody("accountNumber");
let amount = req.getBody("amount");

// Encrypt sensitive data
req.setBody("encryptedAccount", req.encrypt(accountNo, "Public_Key"));
req.setBody("encryptedAmount", req.encrypt(amount, "Public_Key"));

// Generate checksum for entire payload
let payload = accountNo + amount + "credit";
let checksum = req.generateChecksum(payload, "SHA-256");
req.setHeader("X-Transaction-Checksum", checksum);

// Remove original sensitive fields
req.removeBody("accountNumber");
req.removeBody("amount");

This ensures that sensitive transaction data is encrypted during transmission and can be validated for integrity upon receipt.

The Crypto feature in PruTAN empowers teams to build secure, compliant automation workflows. Whether protecting customer data, ensuring transaction integrity, or validating message authenticity, Crypto provides the tools needed for enterprise-grade security in API testing and simulation.

FeaturesFunctions

FeaturesIntellisense