I am using the API Key and sharedSecret key for the field-level Encryption for the API core/cards enrollment API.
Using the below function I validate the payload by encrypting and then decrypting the payload.
public static string CreateJwe(string payload, string apiKey, string sharedSecret,
JweAlgorithm jweAlgorithm = JweAlgorithm.A256GCMKW,
JweEncryption jweEncryption = JweEncryption.A256GCM,
IDictionary<string, object> extraHeaders = null)
{
var secretKey = GetHash(SHA256.Create(), sharedSecret);
IDictionary<string, object> jweHeaders = new Dictionary<string, object>();
jweHeaders.Add("kid", apiKey);
if (extraHeaders != null && extraHeaders.Count > 0)
{
foreach (KeyValuePair<string, object> author in extraHeaders)
{
//Console.WriteLine("Key: {0}, Value: {1}",
//author.Key, author.Value);
jweHeaders.Add(author);
}
/*foreach (var (key, value) in extraHeaders) {
jweHeaders.Add(key, value);
}*/
}
return JWT.Encode(payload, secretKey, jweAlgorithm, jweEncryption, null, jweHeaders);
}
public static string DecryptJwe(string jweStr, string sharedSecret)
{
var secretKey = GetHash(SHA256.Create(), sharedSecret);
return JWT.Decode(jweStr, secretKey);
}
As per the sample code of visa c# of JWE use the apikey and sharedSecret key. When the encCard data is sent to the API getting the below-error.
{"errorResponse": {
"status": 400,
"reason": "invalidParameterEncCard",
"message": "Invalid input parameter(s)",
"details": [ {
"location": "encCard",
"message": "Unable to parse or decrypt"
}]
}}
The API key , sharedSecret key and test data is getting from the visa developer account
Need help in this regard
Hi, @Syed_Talha Thank you for reaching out. An agent is looking for a solution for you and will get back to you as soon as possible. Until then, if any community members know a solution, please share it here. -Cathy
Hi Chen,
As a first step, you need to enroll the card using the Universal Card enrollment API for getting the vCardId. You should be encrypting the card object using JWE Asymmetric encryption. Please refer to the attached Encryption Certificate and KID for encrypting the card object. Card Object details can be retrieved from the API Reference page.
Please find below the test data, along with the certificate that is attached to this post.
*************************************************************************************
Encryption Key
VisaPublicKey_ForEncryption_Sbx_Cert.pem |
Visa Public Key used in JWE Asymmetric Encryption. |
Q2AY3V5E3ICNBUU66D8K11hBmzqdXSvTiNzZ-YnpozWRXTo50 |
KID – To be used in JWE Header |
Test Data – VDP Sandbox (sandbox.api.visa.com)
Google Pay
PAN
|
X51X23XX20053999 – Replace X with 4 X51X231XX7208143 |
deviceID |
uztEQocBRFrbK5hCgcDbxqw_ |
Apple Pay
PAN
|
45X42344X3926268 – Replace X with 1 45X4236833852412 |
deviceCert |
MIID/TCCA6OgAwIBAgIIMq/qUa9Z2nMwCgYIKoZIzj0EAwIwgYAxNDAyBgNVBAMMK0FwcGxlIFdvcmxkd2lkZSBEZXZlbG9wZXIgUmVsYXRpb25zIENBIC0gRzIxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xODA2MDEyMjAzMTBaFw0yMDA2MzAyMjAzMTBaMGwxNTAzBgNVBAMMLGVjYy1jcnlwdG8tc2VydmljZXMtZW5jaXBoZXJtZW50X1VDNi1TQU5EQk9YMREwDwYDVQQLDAhBcHBsZVBheTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATGiJjmEMmvOZBGj+tdj2ED7xnc9y1C0vNVaqZva7lvKkbgrfcWdo0/NdIJZ5wDcZ0eBtPuRJ+q/eSP9FLXQ19wo4ICGDCCAhQwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSEtoTMOoZichZZlOgao71I3zrfCzBHBggrBgEFBQcBAQQ7MDkwNwYIKwYBBQUHMAGGK2h0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDMtYXBwbGV3d2RyY2EyMDUwggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxld3dkcmNhMi5jcmwwHQYDVR0OBBYEFMNruSHk5gH1LauD+wBI/9sgl/VpMA4GA1UdDwEB/wQEAwIDKDASBgkqhkiG92NkBicBAf8EAgUAMAoGCCqGSM49BAMCA0gAMEUCIQDhL+sL9bcrvAVO3UvswA805EHujfL7iVDrbEuJfOSJoAIgBPKehtuILl9x/SJ5kxReiml1zkJqUB8nTy0UOfUNIIQ= |
nonceSignature |
QHuLYArUCO2OZevP0rHc99g9RJp4O1dgsZuVpUdlA7zPWqCDhVQo9Mxr1uPS6GVyjZYo3YElIhHRV4Mv3wEJ3hGOaxK1gResup88QWDK1fL0 |
nonce |
kauVuA== |
Sample Card Object
Card Object
{
"accountNumber": "451X234413926268",
"nameOnCard": "Google",
"expirationDate": {
"month": "12",
"year": "2022"
},
"cvv2": "533",
"billingAddress": {
"name": "shankar",
"line1": "12301 Research Boulevard",
"line2": "Research Boulevard",
"line3": "Visa USA",
"city": "Austin",
"state": "TX",
"countryCode": "US",
"postalCode": "78759"
}
}
Hello,
Thanks to this I was able to encrypt the data needed for Create Customer Endpoint.
But where can I get the key to be used for decryption?
When I retrieve the created customer, some of the fields are encrypted. When I use the same key I used for encryption, the decryption fails. Also, I tried all pem keys listed under the "Credentials" page in the dashboard, but I can't seem to find the correct key to be used for FLE.
Thanks!
Hi @sed,
I'm happy to help investigate the error. Please share with us the details to your error below.
1. End Point
2. Request Header
3. Request Body
4. Response Header (include the x-correlation-id)
5. Response Body
Using SoapUI, you can find the x-correlation-id in the Raw Tab of the response header.
Hi @sed,
I've logged incident INC16660455 for our engineering team to investigate the error. Please provide us with the x-correlation-id asked below in my prior post to you. Thank you.
Hi @sed,
Please use the decryption key that is attached to this forum post and share your result with us. The attached decryption key filename is VisaPublicKey_ForEncryption_Sbx_Cert.zip.
Hi @sed,
Has the issue been fixed? Do you need further assistance? If the issue is fixed, please let me know so I can take you off my contact list.
Hi @sed,
I haven't heard back from you so I'll take you off my contact list. Please reach out to us at the community if you need help and someone will be happy to assist.