Encrypting Email Address

Encrypting Email Address

Consumer information can be retrieved via email address filter using User Profile endpoint. Email address need to be encrypted before passing it to User Profile API.

Although every programming platform will vary in its implementation of AES, the following general steps will need to be performed to cipher user email address:

  1. Convert the secret key into bytes(UTF-8). Take 16 character key length of converted secret key and make Secretkeyspec with AES
  2. Encrypt Cipher with AES and the key
  3. Cipher do final to Convert into byte
  4. Encode the plain text with base64
  5. Convert the bytes to string and returns the encrypted email

Code samples


The code samples below are for educational purposes only.

The following code samples demonstrate how to encrypt the user email address with Email Shared Secret. Refer to your programming language's documentation for the exact implementation.

//This code sample was created using Java 8.
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.Base64;
private static final String CIPHER = "AES/ECB/PKCS5PADDING";
private static final String KEY_ALGO = "AES";
public static String encrypt(final String plainText, final String secret) {
        try {
            SecretKeySpec keySpec = makeKey(secret);
            byte[] plainTextByte = plainText.getBytes();
            Cipher cipher = Cipher.getInstance(CIPHER);
            cipher.init(Cipher.ENCRYPT_MODE, keySpec);
            byte[] encryptedByte = cipher.doFinal(plainTextByte);
            Base64.Encoder encoder = Base64.getEncoder();
            return encoder.encodeToString(encryptedByte);
        } catch (Exception exception) {
            LOGGER.log(Level.SEVERE, "Error while encrypting: ", exception);
            return null;
private static SecretKeySpec makeKey(final String secret)
    SecretKeySpec secretKey = null;
    try {
            byte[] key = secret.getBytes(StandardCharsets.UTF_8);
            key = Arrays.copyOf(key, 16);
            secretKey = new SecretKeySpec(key, KEY_ALGO);
    catch(Exception exception){
            LOGGER.error("Error while secret key creation: ", exception);
    return secretKey;
//This code sample was created using C# 6.0.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography;
using System.IO;
public static string Encrypt(string plainText, string secret)
     using (var rijAlg = new RijndaelManaged())
     rijAlg.Mode = CipherMode.ECB;
     rijAlg.Padding = PaddingMode.PKCS7;
     rijAlg.Key = MakeKey(secret);
     using (var encryptor = rijAlg.CreateEncryptor())
     byte[] plainBytes = Encoding.UTF8.GetBytes(plainText);
     using (var msEncrypt = new MemoryStream())
     using (var csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
     csEncrypt.Write(plainBytes, 0, plainBytes.Length);
     byte[] encryptedBytes = msEncrypt.ToArray();
     return Convert.ToBase64String(encryptedBytes);
public static byte[] MakeKey(string key)
byte[] bytes = Encoding.UTF8.GetBytes(key);
return bytes.Take(16).ToArray();
//This code sample was created using Node v18.0.
const crypto = require('crypto');
const ciphertext = 'encrypted text'; // encrypted text
const ciphering = 'AES-128-ECB'; // encryption algorithm and mode
const saltkey = 'sharedsecretkey'; // shared secret key
function makeKey(saltkey) {
return saltkey.slice(0, 16);
function encrypt(plaintext,secretkey){
// Create the cipher object
const cipher = crypto.createCipheriv('aes-128-ecb', secretkey, '');
// Update the cipher with the plaintext input
let ciphertext = cipher.update(plaintext, 'utf8', 'base64');
// Finalize the cipher and append any remaining data
ciphertext += cipher.final('base64');
return ciphertext;
secretkey = makeKey(saltkey);
plaintext = encrypt(ciphertext,secretkey);
// Print the encrypted ciphertext
"This code sample was created using Python 3"
from base64 import b64decode
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import padding
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
UTF_8 = "utf-8"
SHARED_ENCODING_KEY = "secret key"
ENCRYPTED_TEXT = "encrypted text"
def make_aes_ecb_cipher(secret: str, key_size: int = 16) -> Cipher:
"""Makes the AES/ECB cipher using python stdlib packages.
secret (str): Shared secret
key_size (int): Size of the key made using the secret
Cipher: Returns the AES/ECB cipher for encryption/decryption
return Cipher(
algorithms.AES(make_key(secret, key_size)),
def make_key(secret: str, key_size: int) -> str:
"""Create the key used for AES encryption/decryption using
the shared secret.
secret (str): Shared secret
key_size (int): Size of the key made using the secret
str: Key used for AES encryption/decryption
if key_size <= 0:
AssertionError("key_size cannot be <=0.")
return secret.encode(UTF_8)[:key_size]
def encrypt_to_base64(plain_text: str, secret: str, key_size: int) -> str:
"""Encrypts plain_text to AES/ECB/PKCS5 encrypted text.
plain_text (str): Text which will be encrypted to aes_ecb_pkcs5 b64
secret (str): Shared secret
key_size (int): Size of the key made using the secret
str: Encrypted text using AES/ECB/PKCS5 encryption in base64
padder = padding.PKCS7(algorithms.AES.block_size).padder()
padded_bytes = padder.update(plain_text.encode(UTF_8)) + padder.finalize()
cipher = make_aes_ecb_cipher(secret, key_size)
encryptor = cipher.encryptor()
encrypted_bytes = encryptor.update(padded_bytes) + encryptor.finalize()
return b64encode(encrypted_bytes).decode(UTF_8)
print(encrypt_to_base64(PLAIN_TEXT, SHARED_ENCODING_KEY, 16))
//This code sample was created using PHP 5.5
function makeKey($saltkey) {
return substr($saltkey, 0, 16);
// Store the cipher method - AES/ECB/PKCS5PADDING
$ciphering = "AES-128-ECB";
// Store a string into the variable which need to be Encrypted
$plain_text = "plain text";
// Store the encryption key
$saltkey = "sharedsecretkey";
// make secret key from saltkey
$secretkey = makeKey($saltkey);
// Use openssl_encrypt() function to encrypt the data
$encryption = base64_encode(openssl_encrypt($plain_text, $ciphering, $secretkey, 1));
// Display the encrypted string
echo "\nEncrypted String: " . $encryption . "\n";