Skip to content

Encrypting Account Data

In some circumstances, such as with bill payments to card accounts, the account number must be encrypted. The /transfer-to/bills/initiate endpoint requires that sensitive account numbers (such as with card accounts) be encrypted.

Included below is a code snippet that performs the encryption using the node.js crypto module. This example uses the public key method SHA-256. There are many other implementations for other languages and platforms using the Webcrypto library.

The input arguments required by crypto are the user's public key and the account number. The result is an encrypted string with a length of 344 characters.

Make sure to npm install --save crypto fs if you do not have these dependencies already in your project.

The public keys necessary for account number encryption are available at Public Encryption Keys.

Encryption Example using JSON Web Key (JWK)

const fs = require("fs");
const crypto = require("crypto").webcrypto;
const str = "52187600########"; //some account number for billerId 9000005588, replace #'s with digits
const jwkPublicKey = fs.readFileSync("./src/encryption/public_primary.jwk");
(async () => {
  const encoded = Buffer.from(str, "utf-8");
  const publicKey = await crypto.subtle.importKey("jwk", JSON.parse(jwkPublicKey.toString()), {
    name: "RSA-OAEP",
    hash: "SHA-256"
  }, true, ["encrypt", "wrapKey"]);
  const mess = await crypto.subtle.encrypt({ name: "RSA-OAEP" }, publicKey, encoded);
  const sendStr = Buffer.from(mess).toString("base64");

Encryption Example using Privacy Enhanced Mail (PEM) Certificate

const fs = require("fs");
const crypto = require("crypto");
const str = "52187600########"; // billerId 9000005588
const publicKey = fs.readFileSync("public.key", "utf8");
(async () => {
  const encoded = Buffer.from(str, "utf-8");
  const sendStr = crypto.publicEncrypt({
      key: publicKey,
      padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
      oaepHash: "sha256"
    }, Buffer.from(str))