PCI Helper - RSA

RSA?

RSA is the most widely used asymmetric algorithm.

Using Encrypted Data in the TabaPay API Calls don't seem to be working?

Make sure you are using RSA with the Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding and the language you are using supports the correct (common usage) implementation of that transform.

Receiving a SC=500?

If you pass in an Encrypted Data that was encrypted incorrectly, you will get a SC=500.

What languages (and libraries, if any) work (or tested)?

We have first hand knowledge that the following languages (and libraries, if any) works:

  • Java with a slight tweak using the built in RSA encryption
  • Go using the built in RSA encryption
  • JavaScript on a browser using the Web Cryptography API which is available in (all) modern browsers
    and we have heard others using the following languages (and libraries, if any):
  • .NET
    and other applications (or libraries):
  • OpenSSL

Is there an example, a working example?

TBD

Why only 2 active Keys?

The key you are using is just a Public Key.
Also, previously, we had Clients who were creating multiple Keys per Day and expiring the Keys in a Year. So we were holding a lot of active Keys for some Clients and the assumption is that most, if not all, of the Keys were no longer in use, see Anti-Patterns to Avoid

For Security Reasons, we want to have more than 2 active Keys?

The key you are using is just a Public Key.

TabaPay doesn't understand Mobile Payments, we need more than 2 active Keys?

The key you are using is just a Public Key.
Also, we have engineers with at least 5 years of mobile app development in the past for both iOS and Android, and they have built PCI Level 1 Compliant financial mobile apps.

Since we can only have 2 active Keys, can the Key expire in more than 1 year?

No, PCI.