Data encryption-Mobile Platform as a Service(mPaaS)-阿里云帮助中心

To encrypt data, configure the server-side to generate keys. Then, configure the client for its operating platform.

Server-side configuration

Log on to the mPaaS console. In the navigation pane on the left, click Mobile Gateway.
Click the Gateway Management tab, and then click the Feature Switch tab.
Set the Data Encryption status to On.
In the Configure Encryption Algorithm window that appears, configure the following settings:
- Encryption algorithm: The supported algorithms are ECC, RSA, and SM2.
- Key content:
  - If the selected encryption algorithm is ECC or SM2, enter the private key.
  - If the selected encryption algorithm is RSA, enter the public and private keys.
  For more information about how to generate keys for encryption algorithms, see Key generation methods.

Client-side configuration

Android configuration

In the assets folder, create a file named mpaas_netconfig.properties for global network configurations.

data_encrypt_android

Crypt: Specifies whether to use client-based encryption. true enables this feature, and false disables it.
RSA/ECC/SM2: Specifies the asymmetric key encryption algorithm. The value must be RSA, ECC, or SM2.
PubKey: The public key for the selected asymmetric key encryption algorithm.

Note
In Android, the value in a properties file must be on a single line. When you enter the public key, replace any line breaks in the PubKey value with the line feed character \n to keep the entire value on one line.
GWWhiteList: Specifies the gateway that requires encryption. This is the gateway address for the current environment, which corresponds to the rpcGW field in the configuration file from the mPaaS console. If this key is not present, no requests are encrypted.

iOS configuration

On iOS, the encryption configuration is read from the info.plist file, as shown in the following figure: data_encrypt_ios

mPaaSCrypt: The root key for the encryption configuration. The value is a Dictionary that contains the settings required for client-based encryption.
Crypt: Specifies whether to encrypt data. The value is a Boolean. YES enables encryption, and NO disables it.
- If Crypt is set to NO, RPC calls are not encrypted, and the RSA/ECC/SM2 and PubKey settings are ignored.
- If Crypt is set to YES, you must also set the RSA/ECC/SM2 and PubKey keys, and their values cannot be empty strings. Otherwise, an assertion fails during debugging and causes the program to exit.
GWWhiteList: Specifies the gateway that requires encryption. This is the gateway address for the current environment, which corresponds to the rpcGW field in the configuration file from the mPaaS console. If this key is not present, no requests are encrypted.
RSA/ECC/SM2: Specifies the asymmetric key encryption algorithm. The value is a String and must be RSA, ECC, or SM2. The selected algorithm must correspond to the provided PubKey.
- If you select the RSA algorithm, set PubKey to the corresponding RSA public key.
- If you select the ECC algorithm, set PubKey to the corresponding ECC public key.
- If you select the SM2 algorithm, set PubKey to the corresponding SM2 public key.
PubKey: The public key for asymmetric key encryption. The value is a String and must match the selected asymmetric key encryption algorithm.
The PubKey value must include the header -----BEGIN PUBLIC KEY----- and the footer -----END PUBLIC KEY-----. The format is as follows:
```
 -----BEGIN PUBLIC KEY-----
	 ************************
   ************************
   ************************
   ************************
  -----END PUBLIC KEY-----
```