Encrypt card information

Overview

Card credentials are sensitive information. Encrypt them before starting card enrollment with the NFC Wallet SDK.

Card encryption requirements

Card information uses the PKCS#7 encryption format defined in RFC 2315 and RFC 5652 with the following encryption criteria:

Content encryption algorithm: AES256/CBC/PKCS7Padding
Key encryption algorithm: RSA with Issuer Public Key length of 2048 bytes.

The card payload to encrypt must contain the following JSON fields:

JSON field

Description

MOC

Length

fpan

The funding PAN to digitize.

16-20

exp

The card expiry date in the format MMYY.

cvv

The security code is optional. Its presence depends on the card issuer.

3-4

nonce

This ephemeral value is used only for the green enrollment flow. If it is provided, the SHA256 hash of the nonce must also be provided in the authentication token.

1-50

The encryption result must then be encoded in base64.

Last updated 2 months ago

Was this helpful?