developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

Google Pay Direct Integration Rotation of keys

I am trying to implement the Google Pay using direct integration and in the google docs it is mentioned that merchants have to manually rotate the keys. During rotation it is mentioned that Caution: You must support the old private key for decryption of payment methods for eight days after you remove the old public key.

Does this mean I need to support old private key even after deleting the old public key?

I found out that Google uses Elliptic Curve Digital Signature which is asymmetric. As far as I know in case of asymmetric algorithms only one key pair will be involved (public and private). Why does Google recommend to support old private key up to 8 days?

 

H and R Block

Gaulke121
Member

‎04-26-2022 04:27 AM

0 Kudos
4 REPLIES 4

The workflow is the following:

  • Define/upload a new key pair (recommended annually)
  • Support both New and old keys during decryption
     String decryptedMessage =
  new PaymentMethodTokenRecipient.Builder()
     .addRecipientPrivateKey(newPrivateKey)
     .addRecipientPrivateKey(oldPrivateKey);

  • remove old key

This is a common approach as the platform might require some time to propagate the new keys and make sure the old ones are no longer used. You need to support the old key deploying the code above (supporting both signatures) for some time (at least 8 days according to Google's note) and ideally

confirm that the old public key is no longer used to encrypt any transactions.

Xamaaa
Member

‎04-30-2022 05:06 AM

0 Kudos

Well it would be nice to have a choice instead of having to bring my wallet and cards in case I have to use a browser based payment system like every venue in my country has now since the pandemic. It's not that much of a big deal but it would be nice to have similar functionality as other browsers.

JamesZimmerman
Member

‎05-04-2022 05:37 AM

0 Kudos

This is a typical methodology as the stage would demand an investment to spread the new keys and ensure the old ones are not generally utilized. You want to help the old key conveying the code above (supporting the two marks) for quite a while (something like 8 days as indicated by Google's note) and preferably

Tonny_Robins
Member

‎06-20-2022 03:53 AM - edited ‎06-20-2022 03:55 AM

0 Kudos

It isn't so a very remarkable serious deal however having comparable usefulness as different browsers would be great. 

 

Tonny_Robins
Member
In response to Tonny_Robins

‎07-20-2022 03:36 AM - last edited on ‎07-20-2022 07:36 AM by Moderator Moderator

0 Kudos
Copyright © 2024 Khoros, LLC