Is it possible/feasible to SHA-256 hash user's email addresses in Marketo?

API_Dev
Level 2

Is it possible/feasible to SHA-256 hash user's email addresses in Marketo?

I have a requirement where the client is asking to encrypt/hash users' email addresses in the unsubscribe link in any marketo email. Can we do this in Marketo, and if yes, then can anyone share their knowledge on how to implement this in Marketo? Would be a great help

11 REPLIES 11
SanfordWhiteman
Level 10 - Community Moderator

Re: Is it possible/feasible to SHA-256 hash user's email addresses in Marketo?

Yes, it is possible in a Velocity token. But I'd like to hear the full use case. This is a non-Marketo page unsubscribe page, I presume? What is the specific reason they can only compare hashes?

API_Dev
Level 2

Re: Is it possible/feasible to SHA-256 hash user's email addresses in Marketo?

So the use case is that the unsubscribe page is non-marketo and when a user clicks on the unsubscribe link in the marketo email, the user's email address is passed along the mkto token, and the requirement is to encrypt that email address which will be further processed in the unsubscribe page as per the need (which I'm not fully aware of-meaning I don't know what operations they will have on that encrypted address). We only have the ask to encrypt the email address in that unsubscribe link.

SanfordWhiteman
Level 10 - Community Moderator

Re: Is it possible/feasible to SHA-256 hash user's email addresses in Marketo?

So they understand that SHA-256 is not reversible?  They already have a database with all the email address and their precomputed hashes? Or are they going to hash every email address in their db on-the-fly while searching (terrible idea)?

Please check this with them because I don't want to send you down a road that will end up being unusable.

Jay_Jiang
Level 10

Re: Is it possible/feasible to SHA-256 hash user's email addresses in Marketo?

Just sharing... I've done a similar project in the past where instead each user in the external app had a unique ID, which was created upon registration and sent to Marketo via API. Marketo emails would append the unique id to the unsubscribe link (a non-marketo page) and allowed the user to edit their email preferences. An API call would send their updated preferences back to Marketo.

SanfordWhiteman
Level 10 - Community Moderator

Re: Is it possible/feasible to SHA-256 hash user's email addresses in Marketo?

API_Dev
Level 2

Re: Is it possible/feasible to SHA-256 hash user's email addresses in Marketo?

Thank you for the reply Sanford, and I apologize for responding so late (was absent from work), but here's the update from the original requester. They want to do something called advanced encryption standard, they want to have a symmetric encryption implemented between Marketo and their system (where their unsub page is). They want to perform encryption at Marketo side and using a shared key they would decrypt the email address. They also mentioned that Hashing will not work as their system needs to know the cleartext email to unsubscribe the user.

Now I'm not completely aware of this technique and I'm not sure if this is possible in Marketo, that to maintain a shared key in Marketo for this symmetric encryption. So I hope that you're aware of this as well and could shed some light on this type of integration in Marketo

Cheers.

SanfordWhiteman
Level 10 - Community Moderator

Re: Is it possible/feasible to SHA-256 hash user's email addresses in Marketo?

Yes, you can use AES from Velocity for reversible encryption (of course that's why I mentioned they probably didn't want SHA-256 because it isn't reversible... I can read into these things from experience!).

However, you should professionally engage a Marketo-fluent Velocity developer from this point. It's too complex and sensitive a project for unsupported code.

API_Dev
Level 2

Re: Is it possible/feasible to SHA-256 hash user's email addresses in Marketo?

Thank you for your reply Sanford, really appreciate your help here. Just one quick question. Is the velocity script that you've written here : SHA-256-ing an email address in Velocity is only for SHA-265 hashing or can we use/modify it for AES encryption?

Thanks

SanfordWhiteman
Level 10 - Community Moderator

Re: Is it possible/feasible to SHA-256 hash user's email addresses in Marketo?

It supports all of the MessageDigest hash algorithms by substituting the corresponding name: MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512.

It doesn't do encryption or decryption. That requires a different set of of classes and functions.