To authenticate into a document retrieval API, I'm passing an encrypted string as a custom header value called ciphertext using a pre-request script. Is there a better/cleaner way of doing this?
var interface_name = "interface name";
var password = "12344576789";
var keySize = 256;
var ivSize = 128;
var iterations = 100;
var isoDate = new Date().toISOString();
var namedate = interface_name + '&' + isoDate;
pm.globals.set("interface_name", interface_name);
pm.globals.set("iterate", iterations);
pm.globals.set("strenth", keySize);
function encrypt(namedate, password) {
var salt = CryptoJS.lib.WordArray.random(ivSize / 8);
var key = CryptoJS.PBKDF2(password, salt, {
keySize: keySize / 32,
iterations: iterations
});
var iv = CryptoJS.lib.WordArray.random(ivSize / 8);
pm.globals.set("salt", salt.toString());
pm.globals.set("iv", iv.toString());
var encrypted = CryptoJS.AES.encrypt(namedate, key, {
iv: iv,
padding: CryptoJS.pad.Pkcs7,
mode: CryptoJS.mode.CBC
});
var ciphertext = salt.toString() + iv.toString() + encrypted.toString();
return ciphertext;
}
var encrypted = encrypt(namedate, password);
pm.globals.set("ciphertext", encrypted);