Skip to main content

Generate RSA Key

smilepayz teamsAbout 2 min

Tips

API stands for Application Programming Interface. The API key here is the authentication code to be able to access the
smilepayz API. The API key is used to prevent malicious users. Like the merchant code, you can get the API key on every
project that you register on the merchant portal along with the merchant code.

Web


  • RSA Key need you generate
    by Generation RSA Key Pairopen in new window then configuration in
    merchant page.
  • tips: Open Site -> Select RSA Key Size : 2048 -> Generate RSA Key Pair -> Got Them (public_key, private_key).

Shell


Generate Private and Public Key

  • Create Private Key:
    openssl genrsa -out rsa_private_key.pem 2048
  • Generate Public Key:
    openssl rsa -in rsa_private_key.pem -out rsa_public_key.pem -pubout
  • Encode Private Key to PKCS#8:
    openssl pkcs8 -topk8 -in rsa_private_key.pem -out pkcs8_rsa_private_key.pem -nocrypt
  • For creating signature, please use pkcs8_rsa_private_key.pem (result of step 3) and give the public key
    rsa_public_key.pem (result of step 2) to smilepayz. Meanwhile, smilepayz's public keys are follows.

Example


  • Demo for Php [From ChatGPT]

// Load private key file
$privateKey = openssl_get_privatekey(file_get_contents('private_key.pem'));

// Load public key file
$publicKey = openssl_get_publickey(file_get_contents('public_key.pem'));

// Data to be signed
$data = "Hello, World!";

// Sign the data using private key
openssl_sign($data, $signature, $privateKey, OPENSSL_ALGO_SHA256);

// Convert signature to Base64 encoding
$base64Signature = base64_encode($signature);

echo "Signature: ".$base64Signature.PHP_EOL;

// Verify the signature using public key
$verifyResult = openssl_verify($data, base64_decode($base64Signature), $publicKey, OPENSSL_ALGO_SHA256);

if ($verifyResult === 1) {
    echo "Verification successful";
} elseif ($verifyResult === 0) {
    echo "Verification failed";
} else {
    echo "Error occurred during verification";
}

// Free resources
openssl_free_key($privateKey);
openssl_free_key($publicKey);

Tips

In the above code, we first load the private key and public key files. Then we specify the data that needs to be signed.

Next, we use the openssl_sign function to sign the data using the private key, specifying the SHA-256 algorithm.

After that, we convert the signature to Base64 encoding and output the signature.

Then, we use the openssl_verify function to verify the signature using the public key. If the verification result is 1,
it means the signature is valid. If the result is 0, it means the verification failed. If any other value is returned,
an error occurred during verification.

Finally, we free up the resources by releasing the private key and public key.

Warning

Please note that in practice, you need to replace private_key.pem and public_key.pem with your own private key and
public key file paths, and modify the data to be signed according to your specific requirements.


  • Demo for Java [From ChatGPT]

import java.nio.charset.StandardCharsets;
import java.security.*;
import java.util.Base64;

public class RSASignatureExample {
    public static void main(String[] args) throws Exception {
        // Generate key pair
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
        keyGen.initialize(2048); // key size
        KeyPair keyPair = keyGen.generateKeyPair();

        // Get private key and public key
        PrivateKey privateKey = keyPair.getPrivate();
        PublicKey publicKey = keyPair.getPublic();

        // Data to be signed
        String data = "Hello, World!";

        // Sign the data using private key
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(data.getBytes(StandardCharsets.UTF_8));
        byte[] signBytes = signature.sign();

        // Convert signature to Base64 encoding
        String base64Signature = Base64.getEncoder().encodeToString(signBytes);

        System.out.println("Signature: " + base64Signature);

        // Verify the signature using public key
        Signature verifySignature = Signature.getInstance("SHA256withRSA");
        verifySignature.initVerify(publicKey);
        verifySignature.update(data.getBytes(StandardCharsets.UTF_8));
        boolean isVerified = verifySignature.verify(Base64.getDecoder().decode(base64Signature));

        if (isVerified) {
            System.out.println("Verification successful");
        } else {
            System.out.println("Verification failed");
        }
    }
}

Tips

In the above code, we first generate a key pair using KeyPairGenerator with RSA algorithm. Then we retrieve the private
key and public key from the generated key pair.

Next, we define the data that needs to be signed.

Then, we sign the data using the private key. We initialize the Signature object with "SHA256withRSA" algorithm, update
it with the data to be signed, and generate the signature bytes.

After that, we convert the signature bytes to Base64 encoding using Base64.getEncoder().encodeToString().

We output the signature and proceed to verify the signature.

To verify the signature, we initialize another Signature object with the same algorithm and the public key. We update it
with the data to be verified and use the verify method to check if the signature is valid or not.

Finally, we print out whether the verification was successful or failed.

Warning

Please note that this code is for demonstration purposes only. In a real-world scenario, you should securely store and
manage your private key and properly distribute the public key.

Last update:
Copyright © 2025 smilepayz teams