Generating the JWS Signature
The signature for a request payload is generated using the RS256 JWS algorithm, which involves signing the JSON payload with the private key.
1. Generating the RSA Key Pair
To get started, merchant must securely generate a 2048 bit RSA Public Private Key pair on their servers inside a crypto vault and share the Public Key (KeyFormat-PEM) with Juspay during onboarding. Private key must be then securely kept in a crypto vault on the merchant servers which should never flow to the client.
The below command generates a private key file private-key.pem
The below command generates a public key file public-key.pem for the private key file generated via above command
2. Signing the Payload
|
Algorithm
|
Format
|
|---|---|
RSA-SHA256
| HEX; base 64 encoded
|
The signaturePayload needs to be signed after converting it to String using the Private key stored on the merchant server. And this signature has to be in Base 64 encoded format.
Refer : Code snippet to generate signature
The JSON payload converted to a string that is to be signed, which makes a signature, should exactly be the same as the string that is to be passed in the signature payload field.
On executing this code by replacing the private key, payload, and KID, a response containing the signature, payload, and protected data is generated. These elements make up the json of the process payload. The sample response from the codes is as attached.
Refer : Sample Output
The response returned by the Javascript code is to be passed in the request while making the process call.
The response returned by the Java code contains a token. When split the token on the period ('.') delimiters, the following components are returned.