NHNKCP Server Certificate
Server Certificate
Extraction of data values from NHN KCP issued certificate,
For Merchant authentication, the certificate information issued by KCP must be delivered in text format.
The text value within the certificate must be serialized and delivered as the value of kcp_cert_info.
the parameter kcp_cert_info is needed for requesting Authorization cancel(mod) trade registration inquery
kcp_cert_info
<!-- Example of kcp_cert_info Request -->
1"kcp_cert_info":"-----BEGIN CERTIFICATE-----MIID3DCCAsSgAwIBAgIJAMzLXkRXpY3KMA0GCSqGSIb3DQEBCwU...bpE1aPTjDDQsuUduNaCu1jYuBALO+LelrFA...VNeequGLUZSx1il+tJU=-----END CERTIFICATE-----"Send Signature Data
KCP utilizes hash signature to validate requested data from the merchant using the private key issued by KCP.
KCP Signature (kcp_sign_data) should be generated using the hash string listed below and encoded
with SHA256withRSA algorithm with the given Private Key.
the parameter kcp_sign_data is needed for requesting inquery cancel(mod)
KCP signature for INQUERY API is as follows site_cd + "^" + tno + "^" + pay_type
※ Please request after encoding with SHA256withRSA.
KCP signature for MOD API is as follows
site_cd + "^" + tno + "^" + mod_type
※ Please request after encoding with SHA256withRSA
For Test Private Key, please check the Download
kcp_sign_data
<!-- Example of kcp_sign_data Request -->
1 "kcp_sign_data":"QdwMF6y3GU1JTVkSv7Yn20CCCTeFrKkjvrdZOjShiFibFo...cA0nyX+4HEUZ4Fy3U+htmkZqAfJljeujC1KAL5Flnzqbp5Tst5p5SvZ...0qH7NSq0c6BpedDZb04w=="KCP Server Certificate
kcp_sign_data example
public class MakeSplParam
{
static{ Security.addProvider( new BouncyCastleProvider() ); }
private static final String PRIVATE_KEY = "../splPrikeyPKCS8.pem";
private static final String PRIVATE_KEY_PASSWD = "changeit";
private static final String ORG_SIGN_DATA = "T0000^20210719000000^PACA";
private static final String SIGNATURE_ALGORITHM = "SHA256WithRSA";
public static void main(String[] args)
{
PrivateKey priKey = loadSplMctPrivateKeyPKCS8( PRIVATE_KEY, PRIVATE_KEY_PASSWD );
String signData = makeSignatureData( priKey, ORG_SIGN_DATA );
System.out.println( "\n[signdata(kcp_sign_data)] : " );
System.out.println( signData );
System.out.println( "-----------------------------\n" );
}
public static PrivateKey loadSplMctPrivateKeyPKCS8( String filePath, String privateKeyPassword )
{
PrivateKey priKey = null;
try
{
Path path = Paths.get( filePath );
String strPriKeyData = Files.readAllLines( path )
.stream()
.filter( line -> !line.startsWith( "-----BEGIN" ) && !line.startsWith( "-----END" ) )
.collect( Collectors.joining() );
// Base64 decoding
byte[] btArrPriKey = Base64.getDecoder().decode( strPriKeyData );
ASN1Sequence derSeq = ASN1Sequence.getInstance( btArrPriKey );
PKCS8EncryptedPrivateKeyInfo encPkcs8PriKeyInfo = new PKCS8EncryptedPrivateKeyInfo( org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance( derSeq ) );
JcaPEMKeyConverter pemKeyConverter = new JcaPEMKeyConverter();
InputDecryptorProvider decProvider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build( privateKeyPassword.toCharArray() );
PrivateKeyInfo priKeyInfo = encPkcs8PriKeyInfo.decryptPrivateKeyInfo( decProvider );
priKey = pemKeyConverter.getPrivateKey( priKeyInfo );
}
catch (IOException e)
{
e.printStackTrace();
}
catch (OperatorCreationException e)
{
e.printStackTrace();
}
catch (PKCSException e)
{
e.printStackTrace();
}
return priKey;
}
public static String makeSignatureData(PrivateKey priKey, String targetData)
{
String signData = null;
byte[] btArrTargetData = targetData.getBytes( StandardCharsets.UTF_8 );
try {
Signature sign = Signature.getInstance( SIGNATURE_ALGORITHM );
sign.initSign( priKey );
sign.update( btArrTargetData );
byte[] btArrSignData = sign.sign();
signData = Base64.getEncoder().encodeToString( btArrSignData );
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
return signData;
}
}<?php
$cancel_target_data = "T0000^22284971100001^STSC";
echo "cancel_target_data : ".$cancel_target_data."<br><br>";
$inquery_target_data = "T0000^22284971100001^PACA";
echo "inquery_target_data : ".$inquery_target_data."<br><br>";
$key_data = file_get_contents('../splPrikeyPKCS8.pem');
$pri_key = openssl_pkey_get_private($key_data,'changeit');
openssl_sign($cancel_target_data, $signature, $pri_key, 'sha256WithRSAEncryption');
echo "cancel_signature :".base64_encode($signature)."<br><br>";
openssl_sign($inquery_target_data, $signature, $pri_key, 'sha256WithRSAEncryption');
echo "inquery_signature :".base64_encode($signature)."<br><br>";
?>namespace kcp_sign_data_sample
{
class Program
{
static void Main(string[] args)
{
// PKCS#8 PEM READ
StreamReader sr = new StreamReader("../splPrikeyPKCS8.pem");
String privateKeyText = sr.ReadToEnd();
string privateKeyPass = "changeit";
StringReader stringReader = new StringReader(privateKeyText);
PemReader pemReader = new PemReader(stringReader, new PasswordFinder(privateKeyPass));
RsaPrivateCrtKeyParameters keyParams = (RsaPrivateCrtKeyParameters)pemReader.ReadObject();
var textToSign = "T0000^22671971380028^PACA";
byte[] tmpSource = Encoding.ASCII.GetBytes(textToSign);
ISigner sign = SignerUtilities.GetSigner(PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id);
sign.Init(true, keyParams);
sign.BlockUpdate(tmpSource, 0, tmpSource.Length);
var kcp_sign_data = sign.GenerateSignature();
// Console
Console.WriteLine("kcp_sign_data:" + Convert.ToBase64String(kcp_sign_data));
Console.ReadKey();
}
private class PasswordFinder : IPasswordFinder
{
private string password;
public PasswordFinder(string pwd)
{
password = pwd;
}
public char[] GetPassword()
{
return password.ToCharArray();
}
}
}
}<%
KeyPath = "../splPrikeyPKCS8.pem"
KeyPw = "changeit"
textToSign = "T0000^22671971380028^PACA"
set kcpSign = server.createobject("kcp_sign_data_lib.GenSign")
kcp_sign_data = kcpSign.Sign(KeyPath, KeyPw, textToSign)
response.write "original: " + textToSign + "<br/>"
response.write "kcp_sign_data : " + kcp_sign_data + "<br/>"
%>// Inquery
const data = "T0000^22296971511092^PACA";
console.log('\n>>> Message:\n\n' + data);
// crypto Set
const crypto = require('crypto');
const fs = require('fs');
const ALGORITHM = "RSA-SHA256";
const SIGNATURE_FORMAT = "base64";
const signature = getSignatureToVerify(data);
// READ
function getPrivateKeySomehow()
{
const pKey = fs.readFileSync('../splPrikeyPKCS8.pem', 'utf8' ); // "splPrikeyPKCS8.pem"
const pKeyObj = crypto.createPrivateKey({
key : pKey,
passphrase : "changeit", // "changeit"
format : "pem",
type : "pkcs8"
})
const pKeyStr = pKeyObj.export({
format: 'pem',
type: 'pkcs8'
}).toString();
return pKeyStr;
}
function getSignatureToVerify(data)
{
const privateKey = getPrivateKeySomehow();
const sign = crypto.createSign(ALGORITHM);
sign.update(data);
const signature = sign.sign(privateKey, SIGNATURE_FORMAT);
console.log(">>> Signature:\n\n" + signature);
return signature;
}
import OpenSSL
from OpenSSL import crypto
import base64
data = 'T0000^22671971380028^PACA'
# READ
# "splPrikeyPKCS8.pem"
key_file = open('../splPrikeyPKCS8.pem', 'r')
key = key_file.read()
key_file.close()
# "changeit"
password = 'changeit'.encode('utf-8')
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key, password)
sign = OpenSSL.crypto.sign(pkey, data, 'sha256')
kcp_sign_data = base64.b64encode(sign)
print("kcp_sign_data : ", kcp_sign_data)