In March 2021, Salesforce announced that they are upgrading the cryptography support within Salesforce Commerce Cloud to stronger standards. This means better protection for data but also means that previous methods need to be updated as well.
You can read more details about this here.
Caution: Some aspects of this article may require technical expertise with coding languages.
If you do not currently have someone on staff or contract that can provide that level of technical assistance, Ordergroove suggests seeking out that level of support before attempting to add or alter any working code relating to your subscriptions or storefront.
This change means that merchants must upgrade their encryption packages across all environments and instances of Salesforce Commerce Cloud that they are using. This also means that cartridges and apps must also upgrade their cryptography methods.
Existing Merchants
If you are a merchant that has already integrated with Ordergroove, then you need to implement a small fix to update the package on our instance of Salesforce. This change should be compatible across all versions of Salesforce Commerce Cloud and the Ordergroove cartridge.
In the int_ordergroove/cartridge/scripts/hooks/helper.js file, you must update the references to dw/crypto/Cipher to dw/crypto/WeakCipher.
The first change must be made in the cipher method:
/**
* Function encrypts data using AES
*
* @param {string} data The data to be encrypted
* @returns {string} The encrypted data
*/
exports.cipher = function (data) {
/* Local API Includes */
var StringUtils = require('dw/util/StringUtils');
var Cipher = require('dw/crypto/WeakCipher'); // <--- right here!
if (data === null || typeof data !== 'string') {
return '';
}
var hashKey = Site.getCurrent().getCustomPreferenceValue('OrderGrooveMerchantHashKey');
var hashKeyEncoded = StringUtils.encodeBase64(hashKey);
var padAmount = 32 - (data.length % 32);
var padFill = StringUtils.pad('', padAmount).replace(/\s/g, '{');
var padData = data + padFill;
var dataEncrypted = new Cipher().encrypt(padData, hashKeyEncoded, 'AES/ECB/NOPADDING', '', 0);
dataEncrypted = Encoding.toURI(dataEncrypted);
return dataEncrypted;
};
And the second change must be made in the decipher method:
/**
* Function decrypts data using AES
*
* @param {string} data The data to be decrypted
* @returns {string} The decrypted data
*/
exports.decipher = function (data) {
/* Local API Includes */
var StringUtils = require('dw/util/StringUtils');
var Cipher = require('dw/crypto/WeakCipher'); // <--- right here!
if (data === null || typeof data !== 'string') {
return '';
}
var hashKey = Site.getCurrent().getCustomPreferenceValue('OrderGrooveMerchantHashKey');
var hashKeyEncoded = StringUtils.encodeBase64(hashKey);
var cipher = new Cipher();
var dataDecrypted = cipher.decrypt(data, hashKeyEncoded, 'AES/ECB/NOPADDING', '', 0);
dataDecrypted = dataDecrypted.replace(/{/g, '');
return dataDecrypted;
};
New Merchants
We have upgraded our cartridge with the change above and will be getting that certified through Salesforce’s cartridge certification process. We will update this article once that has been certified via Salesforce. For now, if you are using our cartridge, please just update the lines of code shown above.