Skip to main content

Encryption

In NeCIPCo, all the sensitive information is exchanged ciphered using RSA Public/Private Pair Keys.

The sended sensitive data (like 16 digit card numbers & pins), must be always encrypted in every request with system public key returned in Get Public Key.

note

When cipher data, be shure to use RSA_PKCS1_PADDING.

The received sensitive data (like 16 digit card numbers & pins), is always returned encrypted in every response with the api client public key registered in Add Public Key, and must be decrypted with your Private key file.

You can generate a RSA Key pair for encrypt/decrypt information using OpenSSL with the following commands (GNU/Linux or MacOS shells):

  1. Generate a 2048 bit RSA

    1. With password
      • $ openssl genrsa -des3 -out private.pem 2048
    2. Without password
      • $ openssl genrsa -out private.pem 2048

  2. Export the RSA Public Key to a File (the -pubout flag is really important .)

    • $ openssl rsa -in private.pem -outform PEM -pubout -out public.pem

  3. Verify the exported RSA Public Key (starts with -----BEGIN PUBLIC KEY----- )

    • $ cat public.pem

  4. If you need too export your private key (EXTREMELY DANGEROUS!) use the following command:

    • $ openssl rsa -in private.pem -out private_unencrypted.pem -outform PEM

  5. Verify the exported RSA Private Key (starts with -----BEGIN RSA PRIVATE KEY----- )

    • $ cat private_unencrypted.pem