Here is how the Encryption Process works as a prerequisite for the connex/pin-change endpoint.
Keys: There are two keys. 1) CO-OP has a key. AND 2) Each client has a key.
- Step 1: Each client will need to create a 256 bit key for use with the connex/pin-change endpoint.
- The key will be used to encrypt the PIN value for the “newPIN” input parameter.
- An example for creating a 256 bit key can be found here: Create256bitkey.
- Step 2: Each client will then need to create a Base-64 encoded value of the 256 bit key created in Step 1.
- The Base-64 encoded value will be used as the input value for the encryptionKey field in the key-wrap.get endpoint.
- This is a shared value between CO-OP and our clients.
- An example for creating a Base-64 encoded value can be found here: Base64Encode.
- Step 3: CO-OP will wrap the Base-64 key created in Step 2 with our client unique RSA key 2048 bit.
- Step 4: CO-OP will return the wrapped key from Step 3 in the data.wrappedkey field of the key-wrap.get API Response object.
- Step 5: The last step is for each client to send the value from the data.wrappedkey field as the input parameter for the wrappedKey field in the connex/pin-change endpoint.