OVO Partner Integration Documentation
Client Credentials Sharing SOP
Introduction
To ensure the confidentiality and secrecy of the client credentials, OVO expects its OpenAPI partners to follow the SOP mentioned below to receive the client credentials from OVO.
| Step | Responsibility |
|---|---|
| Partner needs to share their public key in .pem format with OVO PIS Team. | Partner OVO PIS Team |
| OVO to generate client credentials. | OVO |
| OVO to generate and share the encrypted .enc files to partner. | OVO |
| Partner needs to decrypt the .enc file to extract the client credentials. | Partner |
Recommended Version
These versions or later are recommended for generating and decrypting credentials:
| Program | Version |
|---|---|
| OpenSSL (often in Windows) | 1.1.0 or later (2016) |
| LibreSSL (often in MacOS) | 2.9.1 or later (2018) |
REFERENCE :
-
How to generate public key
As part of the client credential sharing SOP, the partner needs to share their public key in .pem format. Partner can generate public/private key pair using following command :If they have it in rsa format (e.g., they use it for ssh), then have them do:Command:openssl genrsa -des3 -out id_rsa.pem 2048
openssl rsa -in id_rsa.pem -outform PEM -pubout -out id_rsa.pub.pemCommand:openssl rsa -in id_rsa -outform pem > id_rsa.pem
openssl rsa -in id_rsa -pubout -outform pem > id_rsa.pub.pemPartner need to sendid_rsa.pub.pem
-
How to decrypt the file to extract the client credentials
OVO will share the .enc files to the partner. Partner can execute below mentioned commands to decrypt the .enc file and extract the client credentials.Command:openssl rsautl -decrypt -inkey id_rsa.pem -in key.bin.enc -out key.bin
openssl enc -d -aes-256-cbc -in cred_file.enc -out cred_file.txt -pass file:./key.bin -md sha256