PCI Helper - RSA

Why RSA?

RSA is the most widely used asymmetric algorithm.


What data do I encrypt?

Unencrypted Card Data Format

CardNumber|ExpirationDate|SecurityCode

  • No spaces
  • Pipe symbol (|) delimited
  • Expiration Date, Security Code optional

Examples

CardNumber, ExpirationDate, SecurityCode

4000056655665556|202512|123

  • CardNumber is 4000056655665556
  • ExpirationDate is 202512
  • SecurityCode is 123

CardNumber, ExpirationDate, NO SecurityCode

4000056655665556|202512|

  • CardNumber is 4000056655665556
  • ExpirationDate is 202512
  • SecurityCode is blank

CardNumber, NO ExpirationDate, NO SecurityCode

4000056655665556||

  • CardNumber is 4000056655665556
  • ExpirationDate is blank
  • SecurityCode is blank

Using Encrypted Data in the TabaPay API Calls doesn't seem to be working?

Make sure you are using RSA with the Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding and the language you are using supports the correct (common usage) implementation of that transform.


Receiving a SC=500?

If you pass in an Encrypted Data that was encrypted incorrectly, you will get a SC=500.


What languages (and libraries, if any) work (or tested)?

We have first hand knowledge that the following languages (and libraries, if any) works:

  • Java with a slight tweak using the built in RSA encryption
  • Go using the built in RSA encryption
  • JavaScript on a browser using the Web Cryptography API which is available in (all) modern browsers
    and we have heard others using the following languages (and libraries, if any):
  • .NET
    and other applications (or libraries):
  • OpenSSL

Is there an example, a working example?

TBD


Can I have more than 2 active keys?

We have found 2 active keys is plenty for production environments. The key you are using is just a Public Key, so security shouldn't be an issue.


Since we can only have 2 active Keys, can the Key expire in more than 1 year?

No, PCI.


Questions? Contact Sales or make a post