Skip to content

Public & Encryption Key Management

System Management > Public & Encryption Key Management

This section is used to provide or update the issuer's public and encryption keys. A valid public key must be defined for each issuer. The issuer system uses the issuer's public key to validate an issuer's signature. Issuers are required to sign their registration messages with a valid private key that corresponds to the public key as provided to the issuer system.

ActiveAccess uses encryption keys to encrypt cardholder data during communication between ActiveAccess and other hosts in the environment.

A KeyStore with the following details should be prepared for the encryption key that is to be uploaded, through Upload encryption key:

  • KeyStore type/format: JCEKS
  • KeyStore provider: SunJCE
  • Key algorithm: DESede
  • Key size: 112 or 168 bit
  • Key name: can be any
  • No of keys in the KeyStore: Only one key must be populated in the KeyStore

Such KeyStores can be easily created by the Java Keytool utility using the following command:

keytool -genseckey -alias enckey168 -keypass 123456 -keyalg DESede -keysize 168
-keystore enc-key.JKS -storepass 123456 -storetype JCEKS

This page displays for each key:

  • Owner-

  • Owner Type - type of the owner of the key, Issuer or Group

  • Certificate Information -

  • Validity - validity of the certificate

  • Issuer - issuer of the certificate

  • Delete encryption key link

  • Download public key link

  • Download encryption key link

Export Encryption Key

System Management > Export Encryption Key

Use the following fields to export the encryption key:

  • Encryption KeyStore - Enter the File password.

  • Click Export.

Upload Public Key

System Management > Upload Public Key

Use the following fields to view/ update public key details:

  • Issuer or an Issuer group.A message is shown to indicate whether a public key is currently available for this item or not.

  • Enter the path and filename for the XML signing certificate; you can use the Choose File / Browse… button.

    The system uses the public key contained in the certificate in order to validate the issuer signature when it receives messages through the registration server. Issuers must ensure that this certificate corresponds to the RSA private key, which is used in signing the registration messages.

  • Certificate information - Displays the certificate information if one is already loaded for the selected issuer or the issuer group

  • Public Key - Displays the public key in hexadecimal format if one is already loaded for the selected issuer or the issuer group

  • Apply button to update public key information.

  • Download button to save a previously uploaded certificate as a PEM encoded certificate.

Upload Encryption Key

System Management > Upload Encryption Key

Use the following fields to view / update encryption key details:

  • Issuer or an Issuer group. A message is shown to indicate whether an encryption key is currently available for this item or not.

  • Choose File button, adjacent to Encryption KeyStore to locate and select an encryption key file to upload.

    The No file chosen message or current file name will be replaced with the name of the file to be uploaded.

    The system uses the AES (128 Bits) key contained in the JKS KeyStore in order to encrypt/decrypt cardholder data that is being transferred between ActiveAccess modules and other external hosts. Issuers must ensure that this AES key is used in encrypting and decrypting cardholder data at other external hosts.

  • KeyStore password - File password for the Encryption KeyStore.

  • Encryption key - Displays the key information if one is already loaded for the selected issuer or the issuer group

  • Apply button to update public key information.