Card Information Encryption
EVO Cloud supports encrypting card information in the request message before sending it. You need to place the encrypted card information ciphertext in the encryptedCardInfo field of the request message.
Standard RSA Encryption Rules
EVO Cloud supports using the standard RSA encryption algorithm to encrypt card information.
Key Usage Rules
When using the RSA algorithm to encrypt card information, a pair of RSA keys generated by EVOCloud is required. You will use the public key for encryption, and EVO Cloud will use the private key for decryption. The public key can be downloaded from the EVO Cloud platform.
Step 1: Construct the String to be Encrypted
Construct the string to be signed as the entire cardInfo structure from the request message.
INFO
Here is an example of the completed string to be signed
{ "cardNumber": "1234123412341234", "expiryDate": "0724", "cvc": "123", "holderName": "" }Encrypt the Card Information
Use the RSA algorithm to encrypt the string obtained in the first step, with the padding scheme as PKCS1.
Suppose the public key is:
-----BEGIN PUBLIC KEY-----
MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQBuqFg4TAUyuvDTciQMuOB0
HtAJ/BH0AacJIqkHUaMOIpA4kH+RlHBuUNd2OGdjhprTh0lGXNLi9neH9Wc7b2EE
isG+efE3eRInRRfq6lVWms+3OiVzLqVvVoQI0yg+wIg08wl2+s1tobLJfHXbjWfl
PbzRFnytWyMZXOq2gSGMjTX3QL1O9dWI4/onRTlEmxoHN55R6uO32fa0GaQHE9+w
CH64ZJKXKXVZHhEipHYtXEq0roDJWQTuLa9QdWIpybPgJkfKN2h3I58ve+QAWTOZ
BC1vO5imxE4C71RJuSU+qG8OREeTZGBcvb7GYiLUvU3Z+bg5+IrmAjpi60P9bNez
AgMBAAE=
-----END PUBLIC KEY-----The resulting ciphertext after encryption is:CvV0wRxQ3W8oSCR0XBe403NClYnUZvVTZXI467jOEuDhRQy57ah4lk3/Kc+eiKjdV0V2wECU4kTF5QDWjdGCQG6ClOJvJv+TgBMVBM8+K4NFsJ3VmT8K/7pkPGCXj8OPz72Lj5ula1EPvkx1ey7qG24THBXOnshCEpQbTy+SX1FB3+0URHdyIqvZ+INvqGey5kuYPLi28loCcAxTFGemA2wTj/eU7yweO9u0HB28/EO5C/IgVTWjAlsdyG66CfGy6We52rZQDiFsIiKLnYVYmGNDJHM4QWC+65BObK8FnFo0zOHBKEZjVQ15e3DBPNvYaRh49gUuka6kONx+167CDw==(the ciphertext result is different each time it is computed)
Step 3: Place the Ciphertext in the Request Message
Set the cardInfoEncryptMethod field to the encryption method used and set encryptedCardInfo to the ciphertext obtained in the second step. Replace the cardInfo structure with encryptedCardInfo in the final request message:
{
"card": {
"encryptedCardInfo": "CvV0wRxQ3W8oSCR0XBe403NClYnUZvVTZXI467jOEuDhRQy57ah4lk3/Kc+eiKjdV0V2wECU4kTF5QDWjdGCQG6ClOJvJv+TgBMVBM8+K4NFsJ3VmT8K/7pkPGCXj8OPz72Lj5ula1EPvkx1ey7qG24THBXOnshCEpQbTy+SX1FB3+0URHdyIqvZ+INvqGey5kuYPLi28loCcAxTFGemA2wTj/eU7yweO9u0HB28/EO5C/IgVTWjAlsdyG66CfGy6We52rZQDiFsIiKLnYVYmGNDJHM4QWC+65BObK8FnFo0zOHBKEZjVQ15e3DBPNvYaRh49gUuka6kONx+167CDw==",
"cardInfoEncryptMethod": "RSA"
}
}National Encryption Rules (SM2)
EVO Cloud supports using the SM2 encryption algorithm to encrypt card information.
Key Usage Rules
When using the SM2 algorithm to encrypt card information, a pair of SM2 keys generated by EVOCloud is required. You will use the public key for encryption, and EVO Cloud will use the private key for decryption. The public key can be downloaded from the EVO Cloud platform.
Step 1: Construct the String to be Encrypted
Construct the string to be signed as the entire cardInfo structure from the request message.
Here is an example of the completed string to be signed:
{ "cardNumber": "1234123412341234", "expiryDate": "0724", "cvc": "123", "holderName": "" }Step 2: Encrypt the Card Information
Use the SM2 algorithm to encrypt the string obtained in the first step. EVO Cloud recommends using the C1C3C2 order for the ciphertext, but also supports C1C2C3 order.
Suppose
The public key is:04f9364b9c6040d58ce86d773c74dd3acf04195b88081306d56a0698a736c30e5e277d396b380bdd9dfda341e50b9c8ca8f7a98379a824a6df1347cbc7c6f0dfd3
The private key is:59306fbb8e1a612e4d26091c88c346e63fee9d00dc997357a1728a7513257b9c
The resulting ciphertext in Hex format is:e1062939b997da142671a4cf4400add62920f625df42ddb629dbbe89965bbac3f19095e91abbf7f644ab6591b4d9d256902395a294c876b17c9533f685ee615f973d3b2118d5088d04c5f3fc5d56671a3f23b259a377297f1574926e25b28f840d22e3286fbbb3d3f461d648869bb7f8ae9f7a07f2d1e7572ee8afa23153292280d0a6e9d26124ee2329bff2c380f777b98aac3f6339a8d5581f67306c0ca5f3ac4078f36e8e8b3acd5c8057f56c31c0aa(the ciphertext result is different each time it is computed)
Step 3: Place the Ciphertext in the Request Message
Set the cardInfoEncryptMethod field to the encryption method used and set encryptedCardInfo to the ciphertext obtained in the second step. Replace the cardInfo structure with encryptedCardInfo in the final request message:
{
"card": {
"encryptedCardInfo": "e1062939b997da142671a4cf4400add62920f625df42ddb629dbbe89965bbac3f19095e91abbf7f644ab6591b4d9d256902395a294c876b17c9533f685ee615f973d3b2118d5088d04c5f3fc5d56671a3f23b259a377297f1574926e25b28f840d22e3286fbbb3d3f461d648869bb7f8ae9f7a07f2d1e7572ee8afa23153292280d0a6e9d26124ee2329bff2c380f777b98aac3f6339a8d5581f67306c0ca5f3ac4078f36e8e8b3acd5c8057f56c31c0aa",
"cardInfoEncryptMethod": "SM2"
}
}