SDK configuration file generation

The SDK can load configuration settings from an encrypted file named pathwaypro_sdk.cfg. This file can be bundled with a customer’s application as a raw resource file by placing it in the app/src/main/res/raw directory.

The file is encrypted using AES in GCM mode with 256-bit keys. The 12-byte nonce is prepended to the beginning of the file, then the entire file is encoded in Base64.

Here is an example of an unencrypted configuration file:

{
  "service_id": 12345
}

The file can be encrypted using the following Python script:

import base64
import os
import sys

# From the "cryptography" module
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend

key = bytes([0x9a, 0x39, 0x46, 0x82, 0xa8, 0x3d, 0x23, 0xfe, 0x1d, 0x7e, 0x12, 0xe6,
             0x16, 0xa9, 0xb6, 0xec, 0xa3, 0xc2, 0x7b, 0x5d, 0xb4, 0x9b, 0x55, 0x51,
             0x49, 0x5f, 0xd8, 0x08, 0x5f, 0xd4, 0xaf, 0xa2]) # example
input_file = "/tmp/config.json"
output_file = "/tmp/pathwaypro_sdk.cfg"

NONCE_SIZE = 12

with open(input_file, "rb") as in_fp:
    plain_data = in_fp.read()

    nonce = os.urandom(NONCE_SIZE)

    cipher = Cipher(algorithms.AES(key), modes.GCM(nonce), backend=default_backend())
    encryptor = cipher.encryptor()
    encrypted_data = encryptor.update(plain_data) + encryptor.finalize()
    tag = encryptor.tag

    with open(output_file, "wb") as out_fp:
        out_fp.write(base64.b64encode(nonce + encrypted_data + tag))

The actual encryption key is provided with the SDK.