Skip to main content
DocsAPI StandardsPKI Management

PKI Management

info

Participants are allowed to have more than one certificate/key tied to each profile and can choose which one to use for signing and verification.

The DuitNow API uses Public Key Infrastructure (PKI), which is a technology for authenticating users and devices in the digital world. The basic idea is to have one or more trusted parties digitally sign documents certifying that a particular cryptographic key belongs to a particular user or device.

The main feature of PKI is that it uses a pair of different but related keys. The key pair consists of the public key and the private key. The public key can be shared whereas the private key must be kept secret. The key pair guarantees that information encrypted with the public key can only be decrypted by the intended recipient, the holder of the private key. Conversely, when the information is encrypted with the private key and decrypted with the public key, the key pair guarantees that the information originated from a trusted source.

Refer to the PKI flow:

PKI Diagram

1. The sender signs the original message with the sender's private key.

2. The signed message is sent securely over to the recipient.

3. The signed message can only be verified by the corresponding public key before the recipient can consume the message.

The certificate is the mechanism by which the public key is shared. A certificate is authorised by a trusted source, known as the certificate authority (CA). Participants are required to generate their own private key in RSA-SHA256 format. Once this key is generated, they will need to create a certificate to be uploaded to RPP before the API can be consumed.

Request access guide

1. Request access to the Sandbox


1. The My Projects page and select the DuitNow Online Banking/Wallet Project, Scroll to Sandbox section and click the button Request for Sandbox

Screenshot of Request Sandbox

2. Profile registration


2.1. Click the button “Complete Profile” to continue the company profile registration.

Screenshot of Sandbox Assignment

2.2. Fill up your company details

Screenshot of Merchant Registration Form

How to Generate Key Pair


2.3. Generate private key and CSR (Certificate Signing Request). Using OpenSSL for Windows operation system.

openssl req \
       -newkey rsa:2048 -nodes -keyout example.key \
       -out example.csr

2.4. Generate self-signed certificate from generated CSR

info

For production usage, this certificate must be created by valid Certificate Authority (CA). Self-signed certificate only valid for sandbox usage.

openssl x509 \
       -signkey example.key \
       -in example.csr \
       -req -days 365 -out example.cer

Where to Upload Your Merchant Key


2.5. Use the generated CER file upload to Public Key field and click button “Submit”.

Screenshot of Merchant public key

2.6. Next, insert your Webhook and IP address and click button “Submit“ to complete the registration.

Screenshot of Merchant Registration Form - Webhook and IP address

3. Download the Retail Payment Platform(RPP) Public Key


After approval, you will see the the Asset tab in the Sandbox. Click the button “Download” to download the RPP Public key

Screenshot of Download RPP Public Key