Skip to main content

RSA encryption

Generate, import, and manage your RSA encryption keys.

Updated over 11 months ago

Small amounts of data, such as email addresses, can be encrypted by asymmetric RSA encryption and passed to us for decryption. Data can also be encrypted, passed to external systems either for eventual return to us (in case the external system is not able to perform the encryption operation), or for decryption by the external system.

Before you start

Things you need to know:

  • Generated keys are 2048 bit RSA keys.

  • Encryption is performed with OAEP (SHA256) padding, MGF1 with SHA256.

  • Given the key size and padding required, the maximum amount of data that can be encrypted is 190 bytes.

  • Encrypted data is then Base64 encoded (URL Safe) to allow it to be included in links.

  • Private keys can be imported into your account (with an optional password and encryption).

  • A public key can be imported into your account - this can then only be used for encryption purposes.

  • Keys for import should be 2048 bits and serialized in the PEM format.

Key management

You can generate, import, and manage keys on the RSA Settings page:

Generate a new keypair

  1. Expand the User menu, and go to Settings > Security and Privacy > RSA Encryption.

  2. Expand the Key Role drop-down menu and choose a role.

    • The role is used to determine which RSA key to use when decrypting / encrypting plaintext.

  3. For Key Name, enter your key's name.

  4. Select Generate new Keypair.

  5. Select Generate / Import.

Import a private or public key

  1. Expand the User menu, and go to Settings > Security and Privacy > RSA Encryption.

  2. Expand the Key Role drop-down menu and choose a role.

    • The role is used to determine which RSA key to use when decrypting / encrypting plaintext.

  3. For Key Name, enter your key's name.

  4. Select either Import Private Key or Import Public Key Only.

  5. If you selected Import Private Key, enter a Password.

  6. For Key (PEM format), enter the key.

  7. Select GENERATE / IMPORT.

Tools

A test tool is also available on the RSA Test page. This allows you to encrypt and decrypt for any given keypair to allow you to test external systems. To use the RSA test tool:

  1. Expand the User menu, and go to Settings > Security and Privacy > RSA Encryption.

  2. To open the RSA test tool, select Test RSA.

  3. Expand the Key to Use drop-down menu and choose the RSA encryption key you want to use.

Encrypt plain text

To encrypt plain text:

  1. For Plain text, enter the plain text you want to encrypt.

  2. Select Encrypt.

  3. The text encrypts and generates in the Encrypted, base64 encoded Text box.

Decrypt text

To decrypt the encoded text:

  1. For Encrypted, base64 encoded Text, enter the encrypted text you want to decrypt.

  2. Select Decrypt.

  3. The text decrypts and generates in the Decrypted Text box.

Disable unencrypted identification

By default people can be identified by either encrypted or unencrypted email addresses. For added security and privacy it is possible to disable the ability to personalise content for visitors using an unencrypted email address. To do this:

  1. Expand the User menu, and go to Settings > Security and Privacy > Content Serving Encryption.

  2. Select the Disable Unencrypted Identification checkbox.

  3. Select Save.

Related Articles
Cart and SmartBlock layout functions
Web analytics
HTML API
Set up a shared secret
Test RC4 encryption
Did this answer your question?