# Encryption
source: https://developer.mastercard.com/mastercard-processing-fraud/documentation/api-basics-section/encryption/index.md

The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security), which means data is encrypted by default when transmitted across networks.

In addition, the Mastercard Processing Fraud API uses [JSON Web Encryption (JWE)](https://datatracker.ietf.org/doc/html/rfc7516) to provide end-to-end payload encryption to secure sensitive data like Personally Identifiable Information (PII). You can manage your encryption keys using your [Developer Dashboard](https://developer.mastercard.com/dashboard).

To learn more, refer to our [Securing Sensitive Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#overview) guides. We highly recommend using Mastercard client [encryption libraries](https://github.com/Mastercard?q=client-encryption) available in several popular programming languages. For these, you will need a configuration object as follows (to be used at the [JWE -- Create encryption keys](https://developer.mastercard.com/mastercard-processing-fraud/tutorial/create-sandbox-apis/step6/index.md) step):
* Java
* C#

```java
// change these values accordingly
String clientEncryptionCertPath = "#PATH AND NAME OF YOUR PEM FILE HERE#";
String mastercardEncryptionKeyFilePath = "#PATH AND NAME OF YOUR P12 FILE HERE#";
String mastercardEncryptionAlias = "#YOUR KEY ALIAS HERE#";
String mastercardEncryptionPass = "#YOUR KEY PASSWORD HERE#";

// This will be the certificate used to encrypt the payload before sending
Certificate encryptionCertificate = EncryptionUtils.loadEncryptionCertificate(clientEncryptionCertPath);

// The response received from the call will need to be decrypted using this key
PrivateKey decryptionKey = EncryptionUtils.loadDecryptionKey(
        mastercardEncryptionKeyFilePath,
        mastercardEncryptionAlias,
        mastercardEncryptionPass);

// Prepare JweConfig 
JweConfig config = JweConfigBuilder.aJweEncryptionConfig()
        .withEncryptionCertificate(encryptionCertificate)
        .withDecryptionKey(decryptionKey)
        .withEncryptionPath("$", "$")
        .withDecryptionPath("$.encryptedValue", "$")
        .withEncryptedValueFieldName("encryptedValue")
        .build();

```

```csharp
// change these values accordingly
var clientEncryptionCertPath = "#PATH AND NAME OF YOUR PEM FILE HERE#";
var mastercardEncryptionKeyFilePath = "#PATH AND NAME OF YOUR P12 FILE HERE#";
var mastercardEncryptionAlias = "#YOUR KEY ALIAS HERE#";
var mastercardEncryptionPass = "#YOUR KEY PASSWORD HERE#";

// This will be the certificate used to encrypt the payload before sending
var encryptionCertificate = EncryptionUtils.loadEncryptionCertificate(clientEncryptionCertPath);

// The response received from the call will need to be decrypted using this key
var decryptionKey = EncryptionUtils.loadDecryptionKey(
        mastercardEncryptionKeyFilePath,
        mastercardEncryptionAlias,
        mastercardEncryptionPass);

// Prepare JweConfig 
var config = JweConfigBuilder.AJweEncryptionConfig()
        .WithEncryptionCertificate(encryptionCertificate)
        .WithDecryptionKey(decryptionKey)
        .WithEncryptionPath("$", "$")
        .WithDecryptionPath("$.encryptedValue", "$")
        .WithEncryptedValueFieldName("encryptedValue")
        .Build();
```

<br />

Tip: To learn how to build an API application with JWE, refer to the [Build an end-to-end application](https://developer.mastercard.com/mastercard-processing-core/tutorial/build-end-to-end-app/) tutorial of the Core API.