🔐 Data Encryption for Secure Payments
Our system requires the encryption of sensitive data before it is transmitted. This ensures secure handling of information such as user credentials, payment details, or personally identifiable information (PII). We currently use RSA encryption with a public key provided during request initialization.
Encryption Overview
- Algorithm: RSA (RSAES-PKCS1-V1_5)
- Encoding: Base64
Required Fields for Encryption
Before sending data, the following fields are passed in the sensitiveData object to be encrypted using your public key:
card_numbercvvcard_pinexpiry_monthexpiry_year
These fields should be packaged as a single JSON object, and the entire object should be encrypted — not the fields individually.
JavaScript Helper Function
Below is an example function using node-forge to handle encryption:
import forge from "node-forge";
/**
* Encrypts sensitive data using the provided RSA public key.
*
* @param sensitiveData - The data to encrypt (as a string).
* @param publicKey - The RSA public key (PEM format).
* @returns Base64-encoded encrypted string or undefined if failed.
*/
export const encryptWithRequestKey = (
sensitiveData: string,
publicKey: string,
) => {
const extractedKey = publicKey
.replace(/-----BEGIN PUBLIC KEY-----\n?/, "")
.replace(/\n?-----END PUBLIC KEY-----/, "")
.replace(/\r?\n/g, "");
const publicKeyPem = `-----BEGIN PUBLIC KEY-----\n${extractedKey}\n-----END PUBLIC KEY-----`;
const dataString = JSON.stringify(sensitiveData);
try {
const rsa = forge.pki.publicKeyFromPem(publicKeyPem);
const encrypted = rsa.encrypt(dataString, "RSAES-PKCS1-V1_5");
const encryptedBase64 = forge.util.encode64(encrypted);
return encryptedBase64;
} catch (error) {
console.error("Encryption failed:", error);
return undefined;
}
};