Why RSA?
RSA is the most widely used asymmetric algorithm.
What data do I encrypt?
Unencrypted Card Data Format
CardNumber|ExpirationDate|SecurityCode
- No spaces
- Pipe symbol (
|) delimited - Expiration Date, Security Code optional
Examples
CardNumber, ExpirationDate, SecurityCode
CardNumber, ExpirationDate, SecurityCode4000056655665556|202512|123
CardNumberis4000056655665556ExpirationDateis202512SecurityCodeis123
CardNumber, ExpirationDate, NO SecurityCode
CardNumber, ExpirationDate, NO SecurityCode4000056655665556|202512|
CardNumberis4000056655665556ExpirationDateis202512SecurityCodeis blank
CardNumber, NO ExpirationDate, NO SecurityCode
CardNumber, NO ExpirationDate, NO SecurityCode4000056655665556||
CardNumberis4000056655665556ExpirationDateis blankSecurityCodeis blank
Using Encrypted Data in the TabaPay API Calls doesn't seem to be working?
Make sure you are using RSA with the Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding and the language you are using supports the correct (common usage) implementation of that transform.
Receiving a SC=500?
If you pass in an Encrypted Data that was encrypted incorrectly, you will get a SC=500.
What languages (and libraries, if any) work (or tested)?
We have first hand knowledge that the following languages (and libraries, if any) works:
- Java with a slight tweak using the built in RSA encryption
- Go using the built in RSA encryption
- JavaScript on a browser using the Web Cryptography API which is available in (all) modern browsers
and we have heard others using the following languages (and libraries, if any): - .NET
and other applications (or libraries): - OpenSSL
Is there an example, a working example?
TBD
Can I have more than 2 active keys?
We have found 2 active keys is plenty for production environments. The key you are using is just a Public Key, so security shouldn't be an issue.
Since we can only have 2 active Keys, can the Key expire in more than 1 year?
No, PCI.