API ReferenceStatus Page

RSA Encryption for Disposition File

These are instructions to set up RSA private and public key pairs for card information on a Disposition file.

Institution

Create RSA private key with 4096 bits (keep this private key securely for decryption)

openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:4096

Create RSA public key from private key (provide this public to Priority for card encryption)

openssl rsa -pubout -in private_key.pem -out public_key.pem

The Institution needs to turn on "Include VCNs in Disposition" feature on CPX™ portal under Settings > Processor options, to have card information.

CPX™ Platform

CPX™ platform will use the provided public key from the Institution to encrypt card information when it is available.

Disposition File fields for each row in order and separate by comma:

FieldValue
"network",255 alpha
"bid",20 alpha
"buyerName",60 alpha
"sid",20 alpha
"supplierName",60 alpha
"amount",10 decimal
"transactionId",20 alpha
"id",128 alpha"
"paymentStatus",50 alpha
"paymentAuthCode",10 alpha
"paymentAuthMessage",255 alpha
"virtualCardNumber",Int encrypted
"vcnAccountExpirationDate",Int encrypted
"securityCode",Int encrypted
"accountId",50 alpha
"originalAmount",10 decimal

A sample Disposition file with no card information:

network77,bid000022,The Buyer,sid1111100,The Supplier,1.19,EN-000VCN-035,020b08ab-eec7-4a72-970a-aeec253a5072,Email Sent,,Email Sent,,,,

A sample Disposition file with encrypted card information:

network77,bid000022,The Buyer,sid1111100,The Supplier,1.19,EN-000VCN-035,020b08ab-eec7-4a72-970a-aeec253a5072,Email Sent,,Email Sent,Cu/3TCKZeI4pvtO4mNNeANfGI0wXND2NlSGfcObZnuVBSIs4xtX4Lf0kDYvW1T/Ry4V0bIRxgy4Oo8FxVRiEM0Ad717SDsN+78YqWw9UWnsNgqu9Gleti50FXoYN+dE8Cg3+qG/Mxvb5TTPFjGiUFYkc9+NJq+TSDn5CTzomXlZShvZhhcjMV+asGAEAT+i9F3swp6cm2QT8OaDyjo661mg/EzAl9Fan+rKPp9MoGwSyND9HCiP1iVUK9TiQJxN52DCUa0AuZVFCr6DA1bRNqAdDL2WPA+hDrzdvCBpQJ/4NXwo6Ef6/XqEmTHHP+QLHaexNyGnAfK178GlbZ8wj+cH7nrl5bAZkpcSRTzxSuHJA95PYZVGnvsgGHlSJO8sQpTJi7M29iS0aGLxNQ1to/FjA/tzWWI7h2RTqA8dR4okP9Q/Y3/QuG8JqleYcQXxqMUx9R0FAn4l75aw2NwKt4Ib6Cf8T1c5MYPQoMPBys8Hh6DQ+4JKCPGSW7plmp7vZf5NsGBZcA6v7+ThOaJA20501lxq/Xpp8BMl23n3QxIszQFrWNsZ1cdIqvLp3uWZGSPWzJfpYepArT21yAdvwVQi3FqBI5u24QPOzr9HNwUOqKw4pYOljUsgytUElgnXawQAx+SELRbnQWf9kHdfMXctlEmBbgs1eMWQKwdUXSI0=,goh4yV13GchgQe4r8w7/hdVKMbzTyr8pfOsn3hrYKQC5KU6x7rO9JzMT23+YVrQqHyYRyZoqVwz+krzPO8HDcDrjjaesxfSrB8iy22pZLuQpIKAyJxu33/YZIrmsh5PTandfOpcQT1lXX1vr60qFl3fibgkjS7F3xJcXEOstKdSmySxXCus2ENRwNZ6LrmoCeNQbiwbEfTb16r1E/FSc1MoU94V3/7D+yEXBUHyY56sJXTgroUzfIh2MXzR6CL/jdIaSU5WiRu8SQPj4faTWimo94KApCByY7JzVpEDCMEGXiiY49kj/18aFus7D/G5nNDSXtzfFlha30ighQIFyblAexmFBi9zxIuCWn40v+rptD+0exfW0fg4JhhBsLNtox2LsWhdrNmOKltntRW7YVMa893BHAStl+OCYeJpe9uICrFdJnZknt9WBWvJP3LpzLrlz009LuTtgDcLxR3Lsh3SkVPZ2Sx72tE+9VRozwwYzloe6yaBkKXvaVJxgWGxnLlZXdD0MHph5a1XQVFPpbL3uwq8jz21717IXyWyOVql+MtYFjY++5cYE6pY4dmyQbxId94Q4KIH30TmdkMOTx3IpcQwC2cup3jMD8RcIua6vwKFnQx7lXYT1B1iLJg9SC6EwhdOj7l8DjcCnUBjH/e7ozjD6H9K9VnZSPCfxxdM=,i+MGdmoYwPQ7cBwvImhwjAmwQMLFqGNkykFEQuvGH8pZ9w0bRREdulj1IbEd+6jfvksf5nZMPO2kkKwnnzQROCkyQiHBPpxTGca6fU73mFXuK6k5ipdMBNZTOKPESkciRnFQdkBcuthrny5Qrj3G+Y60EPaTVML1oxB3Owh8YTxVHZfeuqvvQ14gqgBsmj+z9mqSIRz3t2yRax0WWl2JRzie4iYAnsH+BgeKk1Ire76aRM5kaAIFOf8MR7f1hIlb1Rx2E6DskRg0smZo/PJTozEC/pkyrAzCoH9JfUhPkYtaqAVCaP4PikWXrYBmPgQw82EB8nPAeWuCuLjyp9L7474GPnGzJSmnvq4P2d1atxv9c7XTWL8Nx2+r6E8WVFkzGvzsqy7173x4xfbOvTQANrWSS52dHCrCKOGY3d3G2TTZQj7PCnzJg66Ed8JNdTU7bzSp44YPapZxINgdiI/+XIGSx3NQLGNaK0EkoME2/C2DElRHP8/xgar93LMP2vYjd/3MBXk0jJsGkPRctpeQhcKBDSxaWL4y7jmJ+/+CBAKXJa31bDweRcE9hWouqXHiZN3Kxrs8ntSFajLAj0ZkARClkz/XCugqPZH6ZogYnQoG/PYjC9uE8rd1r8Cv9hAqh+NANCN/47GzG3Ja3FQbk4vMlEK2p3AiarckOjIRhHk=,

Institution

With provided SFTP access, the Institution can get Disposition files to a private, secure location for decryption. Note that all of the processing servers and programs must be PCI compliant.

Decryption Process:

First, convert encrypted text to base64. There are three parts with card information, virtualCardNumber, vcnAccountExpirationDate, and securityCode.

Decrypt each part at a time.

cat $ENCRYPTED_FILE | base64 -D > $DECRYPTED_BASE64

Second, decrypt based64 text to raw text

openssl rsautl -decrypt -in $DECRYPTED_BASE64 -out $DECRYPTED_TEXT -oaep -inkey $PRIVATE_KEY

References to RSA encryption

There are many resources about RSA encryption on the internet that can provide more information. Here are some examples for using RSA encryptions

References for PCI Compliance

Updated over 4 years ago