My question relates to aes 256 bit encryption in browser post. I want to integrate an intranet application with salesforce and want the data transfer between them should be aes 256 bit encrypted so that the client gets utmost security. Can anyone give me ideas as to how it can be implemented? the integration b/w them will also be through SSO. i want the data transfer between the salesforce and application shud be browser post with aes 256 bit encryption.
A:
After creating your encrypted stream, convert it into a Base64 string and it is ready for transmission over the web/intranet. If you create a class of sorts to do this for you on all requests, it will make life a lot easier for you.
However, make sure that the server side security is first put in place, such as SSL and other web server security measures. No matter how secure the code, if the server isn't secure, you're in trouble.
It seems as if Salesforce uses Java to plug into (don't quote me on it though :P), so here is a link for more or less what implementation needs to take place:
http://www.velocityreviews.com/forums/t645364-java-string-encryption-decryption.html
Kyle Rozendo
2010-02-08 07:13:53
I could not make myself clear..sorry for that..actually i logged a case with salesforce. so this is the answer that they gave me:We actually do support 256-bit encryption.To use 256bit, such as AES256, the client/web browser will need 2 b configured 2 advertiz support for only AES256. For testing it, we configurd mozilla so dat it advertises jst 256 bit encryption, and so salesforce now just gives what we wanted.Now actually our main need was to put in place security for api access so that when we load the data into it the data gets transferred securely.Can any kind soul plz help me?
reema
2010-02-12 09:32:57
Well, what you should do is: A. Use SSL for all secure communication and B. Encrypt all the data back and forth using Public/Private key encryption between systems. C. Add a RSA 1024 signature on to all information passed between systems as to make sure that data has not been tampered with. The implementation of all of this is easy to google though, but it should guide you in the right direction.
Kyle Rozendo
2010-02-12 12:28:04
+1
A:
Have you already implemented an SSO solution to integrate between the application and Salesforce? There is currently a company that provides SSO solutions that support AES 256 bit encrypted data transfer with seamless integration between applications.
The company is called Ping Identity. They are the market leaders within the SSO and standards based security industry. I would suggest checking them out.
Here's a link to their site. Hope this helps: link text
bo_biggy
2010-02-08 17:54:51