Encrypted Website Payments
7
Prerequisites to Using EWP
Prerequisites to Using EWP
Before you can use Encrypted Website Payments, you must:
Generate a private key
Generate a public certificate
Upload your public certificate to the PayPal website at
https://www.paypal.com/us/cgi
bin/webscr?cmd=_profile website cert
Download PayPal s public certificate from
https://www.paypal.com/us/cgi
bin/webscr?cmd=_profile website cert
Keys and Certificates
This section describes how to create your private and public keys for EWP, upload your public
key to PayPal, and download a copy of PayPal's public key.
Public Key Encryption Background
Public key encryption (asymmetric encryption) improves security and convenience by
allowing senders and receivers to have separate public and private encryption keys:
The public key: The public key is the portion of an asymmetric cryptographic key that
receivers give senders who want to send information. Information is encrypted using the
receiver s public key so only the receiver can decrypt it. The receiver can use the sender's
public key to decrypt information that was encrypted with the sender s private key. This
encryption process is used with digital signatures, which are signed using the sender s
private key and later decrypted with the sender's public key by the receiver to verify the
origin of information.
The private key: The private key is the portion of an asymmetric cryptographic key the
receiver keeps secret and is not sent to anyone. It is used by the receiver to decrypt
information encrypted by senders. Private keys are also used to create digital signatures,
which prove the authenticity of a sender.
The public certificate: The public certificate consists of the the public key and identity
information, such as a person s name, all of which could be signed by a certificate authority
(CA). The CA guarantees that the public key belongs to the named entity.
Creating Your Public Certificate
For EWP, PayPal requires that you upload your public certificate to its website, so that the
authenticity of the encrypted code can be verified.
PayPal accepts only X.509 public certificates, not public keys. The difference between a key
and a certificate is that a certificate includes the public key along with information about the
key, such as when the key expires and who the key belongs to. PayPal accepts public
72
August, 2005 Website Payments Standard Checkout Integration Guide
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved