---
page_source: https://docs.juspay.io/payout-sea/docs/resources/encryption-guide
page_title: Encryption Guide
---


# Encryption Guide



Please refer below implementation guide for JWE / JWS.

[NPM Library](https://www.npmjs.com/package/node-jose) - Above library carries basic understanding of JSON web encryption and its implementation in node.js. You can use this understanding to build your logic for other frameworks.  

> **Note**
> **alg**  : The alg (algorithm) identifies the cryptographic algorithm used to secure the JWE Encrypted Key. Please use following algorithm: **RSA-OAEP** 



> **Note**
> **enc**  : The encryption identifies the symmetric encryption algorithm used to secure the Ciphertext. Please use following encryption: **A128CBC-HS256** 



> **Note**
> If JWS is being used please sign the payload using **alg** : **RS256** post encryption



Please refer below request body params for encrypted request:


| Param name	 | Type | Description |
|---|---|---|
| payload	 | String	 | Encrypted body payload |
| kid	 | String	 | Juspay private key identifier shared by Juspay |
| sid	 | String | Merchant public key identifier shared by Juspay |
| format	 | String | Please pass compact always. |



### Step 1 Stringify the JSON payload


Convert the JSON payload received after signature generation to string (stringify) and form an intermediate payload




### Step 2 Encrypt the Payload


Use bank’s public key to generate an encrypted payload (JWE) using **RSA_OAEP_256** **+ A128CBC-HS256**  as the algorithm (usually this is just a call to a crypto library)




### Step 3 Sign the Payload (Optional)


Using your private key, generate a signature (JWS) using **RS256**  algorithm (usually this is just a call to a crypto library)




### Step 4 Create the payload and call the API


Generate the payload as per documentation and pass the correct kid and sid shared by Juspay