When issuers request to VTS (i.e. outbound request), issuers must encrypt CEK (Contents Encryption Key) using VISA encryption publickey. (This is JWE Encripted Key then.)
In this case, "kid" of JWE Header must be the identifier of this VISA encryption publickey?
(I have informed only the VISA encryption publickey by a VISA side person in charge. Shoud I ask its KID also?)
Solved! Go to Solution
not outbound but inbound request... sorry.
Key-ID (kid) is a system generated unique identifier (UID), which is associated with your project and identifies the associated key-pairs. This Key-ID must be included as a request header in API calls. Key-ID can be generated and is accessible under Encryption/Decryption section of the Credentials page for applicable projects.
Please reference the Message Level Encryption guide here for detail information about kid (Key-ID).