This guide explains how to generate RSA public and private key pairs using both OpenSSL (via Bash) and Node.js, and how to set them in the Payment Settings section of the dashboard.

RSA Key Pair Generation

RSA is a public-key cryptosystem used for encrypting and signing data. The signature mechanism uses SHA-256 with RSA, a combination of the RSA public-key algorithm and the SHA-256 hash function.

Algorithm Breakdown

  • RSA: A public-key cryptosystem.
  • SHA-256: A cryptographic hash function producing a 256-bit hash value.
  • Signature Algorithm: SHA256withRSA, which hashes the data using SHA-256 and then signs the hash with the RSA private key.

Algorithm Parameters

  • Key Size: 2048 bits
  • Exponent: RSA usually uses a standard exponent (65537), though not explicitly mentioned.

Option 1: Generating Public and Private Keys Using OpenSSL (Bash)

You can generate RSA key pairs using OpenSSL with the following commands:

# Generate the private key (AES-256 encrypted)
openssl genpkey -algorithm RSA -out private_key.pem -aes256

# Extract the public key from the private key
openssl pkey -in private_key.pem -out public_key.pem -pubout

These commands will generate two files:

  • private_key.pem: The private key (encrypted using AES-256).
  • public_key.pem: The public key derived from the private key.

Option 2: Generating Public and Private Keys in Node.js

You can also generate RSA key pairs programmatically in Node.js using the crypto module. Here’s how:

const crypto = require('crypto');

// Generate RSA key pair
crypto.generateKeyPair('rsa', {
  modulusLength: 2048, // Key size
  publicKeyEncoding: {
    type: 'pkcs1',  // Key type
    format: 'pem'   // Output format
  },
  privateKeyEncoding: {
    type: 'pkcs1',  // Key type
    format: 'pem',  // Output format
    cipher: 'aes-256-cbc',  // Optional encryption
    passphrase: 'your-passphrase' // Optional passphrase for private key encryption
  }
}, (err, publicKey, privateKey) => {
  if (err) {
    console.error('Error generating keys:', err);
  } else {
    console.log('Public Key:\n', publicKey);
    console.log('Private Key:\n', privateKey);
  }
});

Key Encoding Options:

  • modulusLength: The length of the key (2048 bits).
  • publicKeyEncoding and privateKeyEncoding: These specify the output format and encryption details.
  • PEM format: The most common format for public/private keys, but you can also use DER for binary output.

Step 3: Setting Keys in Payment Settings

Once you’ve generated the keys, you need to upload the public key to the Payment Settings section of your dashboard.

Test and Production Keys:

  • Test Environment: You can upload your public key via the dashboard under Settings > Webhook Settings > webhook_pubk_test.
  • Production Environment: For production, go to Settings > Webhook Settings > webhook_pubk_prod.

Next Steps: Verifying Webhooks

After setting up your keys, you’ll need to implement webhook signature verification in your application. For detailed instructions on how to verify webhook signatures, please refer to our Verifying Webhook Signatures guide.

Screenshot Example (Insert screenshot of dashboard settings here):

By following these steps, you will have successfully generated and configured your RSA keys for webhook signature verification in your payment system. `

Verifying webhookSingle payment intent