Credential Exchange

This section will explain how merchants prepare to do credential exchange with Midtrans

Midtrans will provide the following during the credential exchange process:

  • ClientID
  • ClientSecret
  • PartnerID
  • ChannelID

The Partner must provide the following:

  • PublicKey (must be in PKCS8 format and PEM encoded)

Example Public Key

\-----BEGIN PUBLIC KEY-----  
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomV+Vm1xlRXanmh108Kusls7SSKec0oCejtc9QG  
Obpd4RnQ+7gihm2k6etnSNP7b+XrpY+fBkiQNaBInii9M10kW9Bhf/M9GH/edL3IqnzDNSi7tcoQgnO7h8x  
mzLNWHTjtR6bkrsdBS5dry6htotaF5KXomuoYgztCdGDOa0W20aeLzYSXIoW7s/Ay5yIXt0xaXTll3/bmez  
leguFPnwQZq5EqZFWlUZvutDi+f2l9rTRY0Fb64y+VAf+mnIbEovGqsPEeF/p97YWxcY7CWm8NsT0lwBVOt  
kmEl967Brz5yvEObF5bJgVodi6mNVsN1ki0MCitIhYO8shcE7eUilQIDAQAB  
-----END PUBLIC KEY-----

Example Public Key Generation

--generate private-public key pair in PKCS8 format and PEM encoded
openssl genpkey -algorithm rsa -out private-key.pem -outform PEM -pkeyopt rsa_keygen_bits:\<minimum 2048>  
openssl rsa -in private-key.pem -outform PEM -pubout -out public-key.pem

--alternatively if partner system can only consume PKCS1 private key, then partner can convert the public key from PKCS1 to PKCS8
openssl rsa -RSAPublicKey_in -in publicKeyPKCS1.pem -pubout -out publicKeyPKCS8.pem

Secured Exchange Method

In order to make sure the credentials are exchanged securely over public networks, the credentials must be encrypted during transit. There are two methods that can be used.


Zip encrypted

Midtrans will provide the credentials in a Password Protected ZIp file. The Password Protected ZIp File and Password to the Zip File will be sent to separate emails.

Merchant must provide the public key in a Password Protected ZIp file. The Password Protected ZIp File and Password to the Zip File must be sent to separate emails.

GPG encrypted

Merchant will provide a Public Key to be used to encrypt the credential file through email.
Midtrans will encrypt the credentials with the public key. The encrypted file will be sent to a different email.

Midtrans will provide a Public key to be used by the merchant to encrypt the Actual Public Key through email.
Merchant will encrypt the actual public key with the provided public key. The encrypted file will be sent to a different email.