JWE + JWS with Keys

Required to use issuer & receiver keys (public & private) to generate and process the JWT

For enhanced security, 2C2P implements JWTs with public/private key pairs to secure information sent to and from merchants. Specifically, JSON Web Encryption (JWE) and JSON Web Signature (JWS) methods are used to generate and process JWTs.

The guide below demonstrates the process.

👍

Before you start

  1. Download the 2C2P Public Key from the 2C2P Merchant Portal: Go to Account > Options > 2C2P Public Keys > JWE
  2. Secure a pair of public and private keys. (For a guide to generating keys, refer here). Please make sure the uploaded public key is in x509 format
  3. Merchants must then upload the generated public key to the 2C2P Merchant Portal: Log in and go to Account > Options > Merchant Public Keys. Add the public key and set it as default.

 

Preparing a request

To prepare a request, refer to the steps and flow below.

Step

Description

1 . Encrypting a payload

Encrypt using 2C2P Public Key.
JWE Algorithm : RSA_OAEP
JWE Encryption : A256GCM

2 . Signing an encrypted payload

Generate signature using Merchant Private Key.
JWS Algorithm : PS256

13661366

👍

Provided Sample Code

How to Generate JWE + JWS with Key

 

Process a response

To prepare a request, refer to the steps and flow below.

Step

Description

1 . Verifying a signature

Verify using 2C2P Public Key.
JWS Algorithm : PS256

2 . Decrypting a payload

Decrypt using Merchant Private Key.
JWE Algorithm : RSA_OAEP
JWE Encryption : A256GCM

13661366

👍

Provided Sample Code

How to Process JWE + JWS with Key