Certificate

SecurePay PQC Integration

Merchant integrates with SecurePay using Post-Quantum Cryptographic (PQC) signatures. The objective is to ensure that all API requests sent to SecurePay are cryptographically signed and verified using quantum-resistant keys and certificates.

Key Concepts

Term
Description

KAZ-SIGN Key Pair

The merchant’s Post-Quantum signing key pair. Generated locally by the merchant.

CSR (Certificate Signing Request)

A request generated by the merchant to obtain a signed PQC certificate from SecurePay CA.

SecurePay CA

SecurePay’s Certificate Authority (issues PQC certificates).

PQC Certificate

A cryptographic certificate that binds the merchant’s public key + identity. Used by SecurePay to verify signatures.

Setup & Workflow

Figure1: PQC system flow

1

Generate PQC Key Pair

The merchant generates their KAZ-SIGN Post-Quantum key pair locally.

2

Generate CSR

The system is required to generate a PQC Certificate Signing Request (CSR) using the generated public key. The CSR will subsequently be submitted to the Certificate Authority (CA) to obtain a digital certificate.

3

Submit CSR to SecurePay CA

Merchant sends CSR to SecurePay for validation.

4

Merchant Verifies Certificate Locally (Optional)

The merchant checks:

  • CA signature validity

5

Merchant submit cert to securepay platform

Merchant submit certificate to securepay platform for securepay to verify

API Key Creation Flow Overview

  1. To start using the API, users must create a cryptographic key pair associated with their interface (e.g., version2 interface).

  2. Merchant have two options for adding keys: Generate a new key pair automatically or Import an existing public key.

Key Generation Process

  1. Provide a descriptive name for the key

  2. Choose the cryptographic algorithm. Current options include:

    • RSA (production-ready)

    • PQC (Post-Quantum Cryptography - Experimental)

  3. In the Import Your Own Public Key section, paste your public key in PEM format

  4. Optionally, set an expiration date for the key.

  5. After clicking Create Key, the system will display the private key once—be sure to save it securely.

Upon successful upload, the system redirects you to the key details page showing your key information.

PreviousListNextChange Logs

Last updated