Generating the Signature
Generating the RSA Key Pair
Merchant must securely generate 2048 bit RSA Public Private Key pair on their servers inside a crypto vault. Merchant must share the Public Key (KeyFormat-PEM) with Juspay during onboarding
Private key must be securely kept in a crypto vault on the merchant servers. Private key should never flow to the client.
To simplify integration on sandbox, we have already shared a set of auto-generated keys which need to be configured. Please make sure a new set of keys is generated for production prior to go-live.
The below command would generate a private key file private-key.pem
The below command would generate a public key file public-key.pem for the private key file generated via above command
Signing the Payload
|
Algorithm
|
Format
|
|---|---|
RSA-SHA256
| HEX; base 64 encoded
|
JSON payload needs to be signed after converting it to String using the Private key stored on the merchant server. The signature shall be in Base 64 encoded format.
The JSON payload converted to a string that is to be signed, which makes a signature, should exactly be the same as the string that is to be passed in the signature payload field.