What is MESSAGE ENCRYPTION ?

The API provided for the use of the KONA payment platform service through KONA PLATE provides requests for or responses to personal information and sensitive data.

KONA PLATE is reworking data security services through asymmetric encryption to prevent data reuse due to various sensitive external leaks such as TLS (transmission layer) security, card information, and customer information.

ME is provided when the data below is included.

PII (personally identifiable information)
PAN (primary account number / personal account number)
Personal Account Personal Account Information (PAI)

KONA PLATE's ME uses asymmetric encryption technology (public key encryption) to provide improved security for message meffyloads.

ME was developed with symmetric encryption using either 128-bit or 256-bit Advanced Encryption Standard (AES), Glois Counter Mode (GCM).

Key encryption is supported with 2048-bit RSA Asymmetric Encryption Padding (OAEP).

The ME supports encryption/decryption of Request and Response via SSL using JWE and should be requested by checking the API for Request/Response encryption.

Please check API Document for request/response encryption of API.

Server Certificate : When sending a request to KONA PLATE, the client encrypts the message payload using the server public key, and KONA PLATE decrypts the payload using the server private key.
Client Certificate : When receiving a response from KONA PLATE, KONAPLATE encrypts the payload using the client's public key and the client decrypts it using the server's private key.

How to request MESSAGE ENCRYPTION

Obtain an encryption key from the generated project.
Use the server's public key to encrypt the payload and generate it as a string.
Adds the encryption key ID as the name of the X-KM-Crypto-Key-Id to the header of the request.

Header Value

Accept application/json

X-KM-Crypto-Key-Id x-km-crypto-key-id*
Request API to server with field name of enData. The response is also answered by the field name of the encData if there is an encryption setting.
If the response value is encrypted, decrypts the data with the server public key of the encryption key of the header value of the response value.

Header	Value
Accept	application/json
X-KM-Crypto-Key-Id	x-km-crypto-key-id*

Sample Message Encryption

Type	Message
Request	{ "encData": "eyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.Jr_65BmLWw6lpcbRTWXH6fi04RvoSs6nv6WRh99mletj5vSoFkJf6y JnJrtz3FKw9t2oOLX-_zb-F08dOtt6xVlMlb41HEIvRtINGNpMIKNQnmryiVCmDyPc7NFxLoCTMAcv4cxtL9FX-TpX_sNty5Nm2MsrKNnjln8nVQvoFtt brFpED7vCfFqKmqAp9bDQwyp8PJXBjOxdAe0F0DsdoEp5al7cwY9I7cBEhCI452qR_wXyikrAesaN74a9vEEn6znetrRwcyzc8gLou9agQ8ppdWrS8 VpS5oOBXW5953lR_Br0tkBB7fCL2nB8C_gLCD0P8IlSeDYnQn7je_izyg.TsETXkd6Xa-TGPhI.VFsS2-brNJwYJqdWfqcepmF-u1zhAf3cy0lFMp9k4Yy 739p_P0of1VxrIWeqd5o3DdPuDtEY16coIiZd7m_9GrVb_m_X9w.ksZ2ueGkYovMS9ODX7m1zg" }
Response	{ "encData": "eyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.P0S41dkjgELl7yOf4dM9ld7e4X4IQ3nlhUbBDAV9Mv6AGhdr4KH-HPjOY unEKzf9JrLFngNmTTfxYjMngNGHKShE3h-WMf-Il1PlBNyd7_Rbq1uQre4UOyG7zzKESMdc8yE8hhJwqVHQscIyfGGex3NKpTmHci4i97-JytW-Ubqqx x8qvd0q5b8WJ3ykszh3ZcVbfv2nssCZKhoK0fhVsHx1Ucbd4TTNgIsOBeyKRXbxsLAkcsZbMeVcVdDQFX60qzxTMzBtA22SmgAXqrur5R0byVf27f9p 4DakkvXPXZI9zwCssOPlXE_8nXZ1CrNwiGsLg5iEQ9zI6CcOy8t-w._K98ydHorNTKsSJB.aYpj6ZXT2Ll2S5LOLuigdDeLOQ4FoL9bJbW9waS-KOFow2 VavpvYMy7Ngn_-GIuXD5ghVEx6dJhSbPLDqRehrYrmQlkuSwAOq8upwFJV0CY4AIDX4z1tsNsRS2GsOvc3XHAEZd3iC9ZFSg8JXMHF9n TJkKWKDl2xvLMuC8OEC70g4qnsTMUkvYGcIF62UObeU4h2DqFzk_L0rTlXXyg6o uQiYtmIfVaTbpRPa2IcjWJe0iWswubG4YCmuJKJs-VLG3pid08IcUsETW3MlaqkAVlS1XaRpE8kYHTbfGfbp3Ckw8h7Ur55_iFEZwI19caMleQE6lSkVryimudIaVjQaWrHnLNR1cHR0mWJeUW4xTeGnVrtYeWjH uJ7zsgMhvLQbISaySDRqEu7fEA8Jp7TkC0ywR-0f8ajRYDstFotcTDkP9QI1CadVLCEBIm3ndFkn5BIj-i6xcfZSOFn2rzc0GsezqbY07DcebTtC2CAmQZLdJ-iWTpU-6mdV_nSy1NPlry0eszsQlwItTTB2ktsUTll9oRpdyaucPTMB2r90Lc9bDMy1bipUMgBLoLGyFUNC-1BDgUnmC_X6nYoCDA7QHH_F53xtbNn4lb8a6THCHFFgTMz63rgtwg9r2pAeDMBH7ouTRDzLN4SKlU0OpjmhcQ1Td0WoyjfUHoCse_Cm9-Zbueegfk5XB24YF0ctK.-NN9qbJL-HRd3gfcGBZBfA" }

Type

Message

Request

{
"encData": "eyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.Jr_65BmLWw6lpcbRTWXH6fi04RvoSs6nv6WRh99mletj5vSoFkJf6y
JnJrtz3FKw9t2oOLX-_zb-F08dOtt6xVlMlb41HEIvRtINGNpMIKNQnmryiVCmDyPc7NFxLoCTMAcv4cxtL9FX-TpX_sNty5Nm2MsrKNnjln8nVQvoFtt
brFpED7vCfFqKmqAp9bDQwyp8PJXBjOxdAe0F0DsdoEp5al7cwY9I7cBEhCI452qR_wXyikrAesaN74a9vEEn6znetrRwcyzc8gLou9agQ8ppdWrS8
VpS5oOBXW5953lR_Br0tkBB7fCL2nB8C_gLCD0P8IlSeDYnQn7je_izyg.TsETXkd6Xa-TGPhI.VFsS2-brNJwYJqdWfqcepmF-u1zhAf3cy0lFMp9k4Yy
739p_P0of1VxrIWeqd5o3DdPuDtEY16coIiZd7m_9GrVb_m_X9w.ksZ2ueGkYovMS9ODX7m1zg"
}

Response

{
"encData": "eyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.P0S41dkjgELl7yOf4dM9ld7e4X4IQ3nlhUbBDAV9Mv6AGhdr4KH-HPjOY
unEKzf9JrLFngNmTTfxYjMngNGHKShE3h-WMf-Il1PlBNyd7_Rbq1uQre4UOyG7zzKESMdc8yE8hhJwqVHQscIyfGGex3NKpTmHci4i97-JytW-Ubqqx
x8qvd0q5b8WJ3ykszh3ZcVbfv2nssCZKhoK0fhVsHx1Ucbd4TTNgIsOBeyKRXbxsLAkcsZbMeVcVdDQFX60qzxTMzBtA22SmgAXqrur5R0byVf27f9p
4DakkvXPXZI9zwCssOPlXE_8nXZ1CrNwiGsLg5iEQ9zI6CcOy8t-w._K98ydHorNTKsSJB.aYpj6ZXT2Ll2S5LOLuigdDeLOQ4FoL9bJbW9waS-KOFow2
VavpvYMy7Ngn_-GIuXD5ghVEx6dJhSbPLDqRehrYrmQlkuSwAOq8upwFJV0CY4AIDX4z1tsNsRS2GsOvc3XHAEZd3iC9ZFSg8JXMHF9n
TJkKWKDl2xvLMuC8OEC70g4qnsTMUkvYGcIF62UObeU4h2DqFzk_L0rTlXXyg6o
uQiYtmIfVaTbpRPa2IcjWJe0iWswubG4YCmuJKJs-VLG3pid08IcUsETW3MlaqkAVlS1XaRpE8kYHTbfGfbp3Ckw8h7Ur55_iFEZwI19caMleQE6lSkVryimudIaVjQaWrHnLNR1cHR0mWJeUW4xTeGnVrtYeWjH
uJ7zsgMhvLQbISaySDRqEu7fEA8Jp7TkC0ywR-0f8ajRYDstFotcTDkP9QI1CadVLCEBIm3ndFkn5BIj-i6xcfZSOFn2rzc0GsezqbY07DcebTtC2CAmQZLdJ-iWTpU-6mdV_nSy1NPlry0eszsQlwItTTB2ktsUTll9oRpdyaucPTMB2r90Lc9bDMy1bipUMgBLoLGyFUNC-1BDgUnmC_X6nYoCDA7QHH_F53xtbNn4lb8a6THCHFFgTMz63rgtwg9r2pAeDMBH7ouTRDzLN4SKlU0OpjmhcQ1Td0WoyjfUHoCse_Cm9-Zbueegfk5XB24YF0ctK.-NN9qbJL-HRd3gfcGBZBfA"
}

PEM Sample

The encoding method is UTF-8
The server PEM file does not provide a private key.

File Name Example : 5cd10fa4b92f7b33995360267efc67cf_client.pem

Sample Code - Encryption/Decryption

#Java