Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
0
Helpful
4
Replies

Decryption key for input from adaptive card

shrwnaik
Cisco Employee
Cisco Employee

‎05-16-2024 01:46 AM

Hi team,

I have integrated webex bot with websocket,I am using adaptive card for workflow and I want to store the input from the user submitted through adaptive card in mongodb.But I am getting the input in encrypted format how to decrypt the input,i want decryption_key from cisco's KMS API.

Can anyone guide me on this.

0 Helpful
4 Replies 4

Jennifer Tanner1
Level 1
Level 1

‎05-20-2024 09:00 AM - edited ‎05-20-2024 09:01 AM

Hi,

 

To decrypt the input received from the Webex bot through the adaptive card, you will indeed need to use Cisco's KMS (Key Management Service) API to obtain the decryption key. Here’s a general approach to achieve this:

 

  1. Authenticate and Obtain Access Token:

   First, you need to authenticate with Cisco's KMS API and get an access token. This typically involves using OAuth 2.0 to obtain the token.

 

  1. Request the Decryption Key:

   Use the access token to request the decryption key from Cisco’s KMS API. You need to know the key ID or the encryption context that was used to encrypt the data.

 

  1. Decrypt the Data:

   Once you have the decryption key, use it to decrypt the data you received from the Webex bot. This usually involves using a specific encryption algorithm that Cisco's KMS API supports.

 

Here is a basic outline of the steps in code (note that this is a simplified example and may require adjustments based on your specific implementation):

 

```python

import requests

from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes

from cryptography.hazmat.backends import default_backend

import base64

 

# Step 1: Authenticate and get access token

auth_url = ""

client_id = "your_client_id"

client_secret = "your_client_secret"

grant_type = "client_credentials"

headers = {

    "Content-Type": "application/x-www-form-urlencoded"

}

data = {

    "grant_type": grant_type,

    "client_id": client_id,

    "client_secret": client_secret

}

response = requests.post(auth_url, headers=headers, data=data)

access_token = response.json().get("access_token")

 

# Step 2: Request the decryption key from KMS API

kms_url = "https://api.ciscospark.com/v1/kms/keys"

kms_headers = {

    "Authorization": f"Bearer {access_token}",

    "Content-Type": "application/json"

}

kms_response = requests.get(kms_url, headers=kms_headers)

decryption_key = kms_response.json().get("key")

 

# Step 3: Decrypt the data

encrypted_data = base64.b64decode("your_encrypted_data_here")

cipher = Cipher(algorithms.AES(decryption_key), modes.CBC(iv), backend=default_backend())

decryptor = cipher.decryptor()

decrypted_data = decryptor.update(encrypted_data) + decryptor.finalize()

 

print(decrypted_data)

 

```

 

Ensure you replace placeholders with your actual client ID, client secret, and encrypted data. Also, you will need to handle error checking and specific encryption details based on how Cisco's KMS API operates.

 

For those interested in expanding their knowledge and capabilities in related fields, having the right tools is essential. If you're into music production or need high-quality input devices, you might want to check out the migliori tastiere MIDI. These can significantly enhance your workflow and productivity.

 

If you need more detailed guidance or encounter specific issues, feel free to ask!

 

Best regards.



0 Helpful

shrwnaik
Cisco Employee
Cisco Employee
In response to Jennifer Tanner1

‎05-20-2024 08:30 PM

Can you help me out on the link for cisco's KMS API.

0 Helpful

dstaudt
Cisco Employee
Cisco Employee
In response to shrwnaik

‎05-21-2024 09:59 AM

AFAIK the KMS API is not documented for external developer use.  Per this white paper, if you are using one of the Webex-provided SDKs (Node.js/Browser JavaScript or widget), then KMS-decryption is handled by the SDK internally client-side (i.e. via the undocumented API): https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cloudCollaboration/spark/esp/cisco-spark-security-white-paper.pdf
Also per the paper, non-SDK access - i.e. via general HTTP REST requests - will decrypt message data on the Webex server-side, so applications don't need to mess with it.  However, as you mention your app is using websockets (but not via one of the above SDKs?), then it seems the SDK-internal KMS decryption from the official SDKs is not going to be present, and since you're not doing HTTP/REST then the auto-decryption will not occur.  In that case, you may be able to fall back to using HTTP/REST based requests for accessing message content in a non-websocket way, e.g. when there are attachments involved.
Certainly the recommended approach is to use the official SDKs if websockets is a requirement.
(Apologies to Jenner if I'm incorrect, but the post above sure seems to be AI-generated, esp. as it contains a non-sequitar plug for an unrelated product :/)

0 Helpful

Janos Benyovszki
Cisco Employee
Cisco Employee

‎05-16-2024 04:33 AM

@shrwnaik please open a Support ticket for this (email to devsupport@webex.com) with the details:

- how did you implement websockets? Please send us a code snippet and online reference to the guide you used if you have it

- a websocket notification showing the card attachmentAction response

Please do not post those details here, as they can contain personal information, rather open a ticket for it.

0 Helpful
Customers Also Viewed These Support Documents