# Authorization

This part will explain how Faspay account use encrypt method AES 256 for authorization.

Example

* String data that will be encrypted -> **$plaintext = "APP\_KEY:APP\_SECRET";**

* Algorithm used for encryption -> **$algo = "aes256";**

* The Key used for encryption -> **faspay\_secret** (generated by Faspay) Step for encrypted **the key** :

  1. Hashing key uses the sha 256 algorithm and its output is raw binary data.
  2. Then, taken 32 characters from the front. Ex : $password = substr(hash('sha256', $key, true), 0, 32);

* **IV** for encryption (generated by faspay) Step for encrypted IV :

  1. Hashing IV uses the md5 algorithm.
  2. Then taken 16 characters from behind. Ex : $iv = substr(md5($key.self::$iv), -16);

* Encryption using openssl by including **the plaintext, algo, password and iv** for the encryption process, and encryption output is binary raw data. $encrypted = openssl\_encrypt($plaintext, $algo, $password, OPENSSL\_RAW\_DATA, $iv);

* the encryption results are re-encrypted using the base64 encode method to make lowercase hexits. **$base64 = base64\_encode($encrypted);**