Key Exchange

Key exchange mechanisms allow Finexus and MyXaaS Partners to agree on a shared secret key without exposing it to potential eavesdroppers or attackers. This is particularly crucial in secure communication protocols.

The merchant must provide a Certificate Signing Request (CSR) to Finexus.
Finexus will then provide the merchant with the Finexus public key.

Step 1 : Create a keystore using the keytool

Use the keytool utility to create the .jks file, which will initially contain only the private key.

keytool -genkey -alias <aliasname> -keyalg RSA -sigalg SHA256withRSA -keystore keystore.jks -validity 36500 -keysize 2048

Step 2 : Generate a CSR from the keystore

Generate a Certificate Signing Request (CSR) from the created keystore to share with the Certificate Authority (CA) for signing and generating the primary certificate.

keytool -certreq -alias <aliasname> -keystore keystore.jks -file <aliasname>.csr 

Step 3 : Obtain a signed primary certificate from the CA

Submit the generated CSR to Finexus for signing. The signed certificate will then be provided back to the merchant.

Step 4 : Import the primary certificate, root certificate, and intermediate CA certificates into the keystore

Once the certificate is signed, import it into the keystore for the private key entry created earlier. Use the following keytool command to import the signed certificate into the keystore, ensuring that the alias name matches the one used for the private key entry.

keytool -import -alias <aliasname> -keystore keystore.jks -file <aliasname>.cer  

Step 5 : Import a root or intermediate CA certificate into an existing Java keystore

keytool -import -trustcacerts -alias <aliascaname> -file <aliascaname>.crt -keystore keystore.jks

Step 6 : Sign the message with your own private key

The merchant can proceed to write code and sign the response messages using their own private key for messaging purposes.

note

This step will be repeated in the production environment.