How to decrypt the contact cookie

  1. Contact S-360 support to ask for:
    • the private key associated to your institution (to decrypt the data)
    • S-360 certificate (to check that the cookie was emitted by S-360)
  2. Extract the additionnal data from the cookie. You should obtain a JSON String like that:
"additionalData":"{\"key\":\"O2jW7phFlNhc1XXnhPVOaxltGsqC+hhXbu/QMlRZahcNKd6y6wdQFgJ5vL6QQIrFevdsx++g8rr5d8xg5DBVMU5RyQdrjfWr9M0JNkgQNkAPNUj5lssZ67nGQWjR4jm/M2LXxX8cWlM5Im5dwtFNu70yrih75s7n0jqGOz+wCtQ=\",\"digest\":\"TL20RUjhPXcne58d8uzT5b3GjfVa7kCerhkIBWzYIsov3DAXbBS90VN7spRHnUb8IpL58rHBCEzDH//5CshxC7dcmqOLsPlw2E9xAcOBqppe8GowtLSSsY2BJ+9XtOPTsQuQ9KWHk9oYOQ5aMLVxMoVSCCZq+0K50ImFgFifIRg=\",\"data\":\"qJr1z3f2zM2Hv2zvfC/eBMeBFFrsFjQ0OVtIVkhy6x8yOXo2bZEB+m4OQLAka3GQlXi9g3EnG3vtIpsbivv7gQ==\"}"

And if there is no additionnal data in your cookie?
Open a service in S-360 service desk to add this feature. S-360 team will then provide you with the appropriate private key.

  1. Decrypt the cookie and check the digest:
    • Decrypt de key of the cookie: do Base64 decoding, then decrypt it using your institution's private RSA key.
    • Decrypt the data using the decrypted AES key.
    • Check the digest using secutix public certificate.
    • The following example in java will show you how to proceed.

CookieDecoder.java: example in Java on how to read the content of the cookie.

The contact cookie will look like this in the browser: Contact cookie