Key management

The menu enables the user to create and manage keys (see Picture No. 26). GP webpay payment gateway uses principles of asymmetric cryptography to ensure security based on private and public keys.

The private key is stored in cache memory of the browser and the public key is stored in the GP webpay server. After that the user can carry out management of payments in the “Payments” menu (it is always required to enter the password to the private key).

After selection of an e-shop from the list, there is displayed a scheme informing about the private key status in the browser and about the public key status on the GP webpay server. Keys are also used to secure the communication between the e-shop and the GP webpay server, and at using Web Services.

Creating a private key

The menu enables the user to generate the private key.

• After pressing the “Create” button a form is displayed, where the customer enters the chosen password to the private key (see Picture No. 27).

The password must be min. 8 characters and contain at least 3 types of the following requested types of characters:

• upper case letter
• lower case letter
• figure
• special character
• After pressing another “Create” button, the private key is created (file “gpwebpay-pvk.key”) and the user is prompted to store it (e.g. on the computer’s local drive).

The private key is created by means of the browser on the user’s computer and it never leaves this computer in the course of the work with the GP webpay. When stored on the computer’s local drive or in the browser memory, the key is encrypted by the password that must be entered every time when the key is used. The password to the key file can later be changed by means of the “GP webpay Keystore Manager” application (menu “Downloads”).

The private key is usable for secure access to the GP webpay payment gateway and it is possible to be created also by other tools, e.g. OpenSSL, KeyManager, apod. Requested parameters of the key are as follows:

• RSA Algorithm
• Key length 2048 bits
• Format for storing PKCS#8 encrypted private key

Insert the private key in the browser memory

The menu enables the user to insert the private key into the browser cache memory and the public key to store on a server side of the GP webpay.

• After pressing the “Insert” button, a form is displayed to enter the path and password for the private key.
• After pressing the “Confirm” button, a form for the verification code entering is displayed; the code is sent to the user’s e-mail address.
• After pressing the “Insert” button, the private key is stored in the browser memory and the public key is stored to a server side of the GP webpay.
• After selection the e-shop in the “Key management” menu, the scheme informing about status of the private key in the browser and of the public key in the GP webpay server is displayed (see Picture No. 28). 

The private key management

Backup

The menu enables the user to backup the private key stored in the cache memory of the browser.

• After pressing the “Backup” button, the user is prompted to store the private key (file “gpwebpay-pvk.key”).

Remove

The menu enables the user to remove the private key from the browser cache memory (e.g. after log out from the GP webpay Portal in case, that the user does not access the GP webpay Portal from his/her own computer).

• After pressing the “Remove” button, the user is prompted to confirm removal of the private key from the browser memory.
• After pressing another “Remove” button, the scheme informing about status of the private key in the browser and of the public key in the GP webpay server is displayed.

Insert

The menu enables the user to insert the private key into the browser memory (e.g. from a portable memory storage medium if the user does not access the GP webpay Portal from his/her own computer).

• After pressing the “Insert” button, a form to enter the path and password to the private key is displayed.
• After pressing another “Insert” button, the private key is stored to the browser memory and the scheme informing about status of the private key in the browser and of the public key in the GP webpay server is displayed.

Change of a key format

In the GP webpay Portal, the user can use the key from the previous version of the GP webpay administration interface; however it is necessary to change its format. This change can be made using the “GP webpay Keystore Manager” application (menu “Downloads”).