external/com.stripe.stripeterminal.external.callable/EncryptionProvider

EncryptionProvider

interface EncryptionProvider

Interface for encrypting and decrypting data stored locally by the Terminal SDK.

Integrations can implement this interface to provide encryption for sensitive data such as local session tokens.

Implementation Guidelines

  • Encryption: Use authenticated encryption (e.g., AES-GCM) to ensure both confidentiality and integrity. Store initialization vectors (IVs) alongside ciphertext (e.g., prepended).

  • Key Management: Use platform-specific secure key storage (e.g., Java KeyStore, HSM, cloud key management services). Avoid hardcoding keys in source code.

  • Key Rotation: Include a key identifier or version number with each encrypted payload so that data encrypted under older keys can still be decrypted after key rotation.

  • Thread Safety: Implementations must be thread-safe as methods may be called concurrently from multiple threads.

  • Error Handling: Throw EncryptionProviderException for any encryption/decryption failures.

Context Parameter

The EncryptionProviderContext parameter identifies what type of data is being encrypted (e.g., EncryptionProviderContext.LOCAL_SESSION_TOKEN). Integrations can use this to:

  • Apply different encryption keys per data type

  • Implement different security policies per data type

  • Add context-specific metadata to encrypted data

Use of this SDK is subject to the Stripe Terminal Terms: https://stripe.com/terminal/legal

Functions

Link copied to clipboard
abstract fun decrypt(ciphertext: ByteArray, context: EncryptionProviderContext): ByteArray

Decrypts previously encrypted data.

Link copied to clipboard
abstract fun encrypt(plaintext: ByteArray, context: EncryptionProviderContext): ByteArray

Encrypts the provided plaintext data.