IDES Interactive Knowledge Base

Step 3 Encrypt the XML File with AES 256 Key

Last Updated: Jul 26, 2016 02:17PM CDT
Step 3 - Encrypt the XML File with AES 256 Key

AES is one of the most secure encryption algorithms and the preferred encryption standard for IDES. The file is encrypted to protect FI and taxpayer sensitive information.
 
Encrypt XML File with AES Key:
Process Descriptions File Naming Convention
Encrypt XML File
  • After compression, encrypt the file “FATCAEntitySenderId_ Payload.zip” using the AES-256 cipher with a randomly generated “one-time use” AES key. 
  • While performing AES encryption, there are several settings and options depending on the tool used to perform encryption.  IRS recommended settings should be used to maintain compatibility:
    • Cipher mode: CBC
    • Salt: No salt
    • Initialization Vector (IV): 16 byte IV
    • Key size: 256 bits/32 bytes
    • Encoding: None
    • Padding: PKCS#5 or PKCS#7
  •  The AES encrypted file name is “FATCAEntitySenderId_Payload”. The file is case sensitive and any variation in file name or format will cause the transmission to fail.
[FATCAEntitySenderId]_Payload

Table 5 – Process to encrypt an XML file with an AES key.

Resources:
1 - NIST Special Publication 800-57: Recommendation for Key Management – Part 1: General (Revision 3)

2 - Advanced Encryption Standard (FIPS 197), November 2001
3 - FATCA IDES Technical FAQ
4 - FATCA XML Schema and Business Rules for Form 8966
5 - FATCA FAQ General

Examples and Oracle Documentation:
1 - "Java Cryptography Architecture (JCA) Reference Guide” contains description of cryptographic support provided by Oracle Java 
2 - "
Java Cryptography Architecture Standard Algorithm Name Documentation” defines all the standard names for keystores, algorithms and certificate types in Oracle Java
3 - Javax.crypto.Cipher identifies classes and interfaces that provide encryption and decryption
8cbd1ad8a75f68469f58a890843cbdbe@ides.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete