Skip to main content

Key Settings

To ensure the security and integrity of communication, PayCloud requires third-party applications to use API keys and signature encryption mechanisms when interacting with it.

1. API Key

  • To verify the identity of both communicating parties and ensure that messages have not been tampered with by third parties, all messages must be signed.
    • The signatures use the RSA algorithm, with each party generating a pair of RSA keys and exchanging public keys.
    • During a request, the private key is used for signing, and the recipient uses the public key for verification.
    • It is essential to ensure the secure storage and management of private keys.
  • To ensure data security, certain parameters need to be encrypted.
    • Sensitive data, such as card numbers, CVV, and expiration dates, must be encrypted during transmission. The requester uses the recipient's public key for encryption, and the recipient uses their private key for decryption.

2. Generating Key Pairs

When generating key pairs, the following points should be noted:

  • When using Java, the private key format should be PKCS8; other languages should use PKCS1.
  • The key length should be 2048 bits.
  • The public key format is typically PEM, but some languages (such as C#) require the DER format, and these keys may need to be converted.

There are various methods for generating keys:

  • You can manually generate RSA2 keys using the openssl command, as shown below:
# 1. Generating the private key
openssl genrsa -out client_private_key.pem

# 2. If you are a Java developer, convert the private key to PKCS8 format, other development languages use the PKCS1 format
openssl pkcs8 -topk8 -inform PEM -in client_private_key.pem -outform PEM -nocrypt -out client_private_key_pkcs8.pem

# 3. Generate the public key
openssl rsa -in client_private_key.pem -pubout -out client_public_key.pem

# 4. Generate the private key that can be used in Java
cat client_private_key_pkcs8.pem | grep -v "^\-" | tr -d "\n" | sed 's/%$//' > client_private_key_java.pem

# 5. Generate the public key that can be used in Java
cat client_public_key.pem | grep -v "^\-" | tr -d "\n" | sed 's/%$//' > client_public_key_java.pem
  • Additionally, we provide a key tool (PayCloud Key Tool), which can directly generate keys, create signatures, and verify signatures.
Using PayCloud's signature tool to generate rsa keys

3. Exchanging Keys

Public keys need to be exchanged between 3rd-party applications and PayCloud. This process can be set up on the platform by referring to the section Configuring Application Keys