Apex Developer Guide

Apex Developer Guide
Release Notes
Getting Started with Apex
Writing Apex
Running Apex
Invoking Apex
Apex Transactions and Governor Limits
Using Salesforce Features with Apex
Integration and Apex Utilities
Invoking Callouts Using Apex
JSON Support
XML Support
ZIP Support
Securing Your Data
Encoding Your Data
Using Patterns and Matchers
Debugging, Testing, and Deploying Apex
Apex Reference
Appendices
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Securing Your Data

You can secure your data by using the methods provided by the Crypto class.

The methods in the Crypto class provide standard algorithms for creating digests, message authentication codes, and signatures, as well as encrypting and decrypting information. These alogorithms can be used for securing content in Salesforce or for integrating with external services such as Google or Amazon WebServices (AWS).

The code excerpts on this page are written to highlight the use of the Crypto class. A production-level implementation would incorporate more plaintext key security. Refer to Strengthen Your Data’s Security with Shield Platform Encryption in Salesforce Help.

Note

Example Integrating Amazon WebServices

This example demonstrates an integration of Amazon WebServices with Salesforce.

1public class HMacAuthCallout {
2
3   public void testAlexaWSForAmazon() {
4 
5   // The date format is yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
6      DateTime d = System.now();
7      String timestamp = ''+ d.year() + '-' +
8      d.month() + '-' +
9      d.day() + '\'T\'' +
10      d.hour() + ':' +
11      d.minute() + ':' +
12      d.second() + '.' +
13      d.millisecond() + '\'Z\'';
14      String timeFormat = d.formatGmt(timestamp);
15
16      String urlEncodedTimestamp = EncodingUtil.urlEncode(timestamp, 'UTF-8');
17      String action = 'UrlInfo';
18      String inputStr = action + timeFormat;
19      String algorithmName = 'HMacSHA1';
20      Blob mac = Crypto.generateMac(algorithmName,  Blob.valueOf(inputStr), 
21                                                    Blob.valueOf('your_signing_key'));
22      String macUrl = EncodingUtil.urlEncode(EncodingUtil.base64Encode(mac), 'UTF-8');
23 
24      String urlToTest = 'amazon.com';
25      String version = '2005-07-11'; 
26      String endpoint = 'http://awis.amazonaws.com/';
27      String accessKey = 'your_key';
28 
29      HttpRequest req = new HttpRequest();
30      req.setEndpoint(endpoint +
31                      '?AWSAccessKeyId=' + accessKey +
32                      '&Action=' + action +
33                      '&ResponseGroup=Rank&Version=' + version +
34                      '&Timestamp=' + urlEncodedTimestamp +
35                      '&Url=' + urlToTest +
36                      '&Signature=' + macUrl);
37 
38      req.setMethod('GET');
39      Http http = new Http();
40      try {
41         HttpResponse res = http.send(req);
42         System.debug('STATUS:'+res.getStatus());
43         System.debug('STATUS_CODE:'+res.getStatusCode());
44         System.debug('BODY: '+res.getBody());
45      } catch(System.CalloutException e) {
46         System.debug('ERROR: '+ e);
47      }
48   }
49}

Example Encrypting and Decrypting

This example uses the encryptWithManagedIV and decryptWithManagedIV methods and the generateAesKey method of the Crypto class.

1// Use generateAesKey to generate the private key
2Blob cryptoKey = Crypto.generateAesKey(256);
3
4// Generate the data to be encrypted.
5Blob data = Blob.valueOf('Test data to encrypted');
6
7// Encrypt the data and have Salesforce generate the initialization vector 
8Blob encryptedData = Crypto.encryptWithManagedIV('AES256', cryptoKey, data);
9
10// Decrypt the data
11Blob decryptedData = Crypto.decryptWithManagedIV('AES256', cryptoKey, encryptedData);
This example shows how to write a unit test for the encryptWithManagedIV and decryptWithManagedIV Crypto methods. 
1@isTest
2private class CryptoTest {
3    static testMethod void testValidDecryption() {
4
5        // Use generateAesKey to generate the private key
6        Blob key = Crypto.generateAesKey(128);
7        // Generate the data to be encrypted.
8        Blob data = Blob.valueOf('Test data');
9        // Generate an encrypted form of the data using base64 encoding
10        String b64Data = EncodingUtil.base64Encode(data);
11        // Encrypt and decrypt the data
12        Blob encryptedData = Crypto.encryptWithManagedIV('AES128', key, data);
13        Blob decryptedData = Crypto.decryptWithManagedIV('AES128', key, encryptedData);
14        String b64Decrypted = EncodingUtil.base64Encode(decryptedData);
15        // Verify that the strings still match
16        System.assertEquals(b64Data, b64Decrypted);
17    }
18    static testMethod void testInvalidDecryption() {
19        // Verify that you must use the same key size for encrypting data
20        // Generate two private keys, using different key sizes
21        Blob keyOne = Crypto.generateAesKey(128);
22        Blob keyTwo = Crypto.generateAesKey(256);
23        // Generate the data to be encrypted.
24        Blob data = Blob.valueOf('Test data');
25        // Encrypt the data using the first key 
26        Blob encryptedData = Crypto.encryptWithManagedIV('AES128', keyOne, data);
27        try {
28         // Try decrypting the data using the second key   
29            Crypto.decryptWithManagedIV('AES256', keyTwo, encryptedData);
30            System.assert(false);
31        } catch(SecurityException e) {
32            System.assertEquals('Given final block not properly padded', e.getMessage());
33        }
34    }
35}