Skip to content

Retrieve sensitive card details

For security reasons, sensitive card details, such as cvv, card_number, and card PIN, are encrypted. To securely access the information, use the Rivest-Shamir-Adleman (RSA) encryption algorithm.

Generate RSA key pair

Start by generating an RSA key pair using OpenSSL. The key pair consists of a private key and a public key:

openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -pubout -out public.pem

This creates two files:

File name Instruction
private.pem Keep this secure on your server and never transmit it
public.pem You will encode and send this to Gravv in the API request header

Encode the public key

After generating your RSA key pair, extract the public key and encode it to base64. This encoded value is what you'll send in the API request header.

The public key modulus is the large number that forms part of your RSA public key.

Request encrypted card details

Send the base64-encoded public key modulus in the X-Client-Public-Key header when requesting sensitive card details:

curl --request GET \
     --url https://api.gravv.xyz/v1/cards/<card id>/sensitive-details \
     --header 'Api-Key: <Api Key>' \
     --header 'X-Client-Public-Key: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...' \
     --header 'content-type: application/json' \
     --data '{}'

Replace MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA... with your actual base64-encoded public key modulus.

You will receive encrypted card details in the response:

{
  "data": {
    "ciphertext": "IjBkZlJMWUVXMzJ5MjdySzhWQlp1WHM5N1hzZ0szNGFSb1VScTJrbDhyazkzSmUrM0lTTXNiOCs4bmo2MW9LdDYxdkN0d0w1NSI=",
    "encrypted_key": "IkUxdXhGa2c3ekpVaUJmWFlhcnVhM0dZRyt1amZJczBpMDJsak85QnIvVjkzSGxvWWxDNk1xaVlyYkNGQnJtTHFkVkwybmlFbkxDemliOUoweWI3RTg5YUFvTEZncmFkNFV0Z2cvV1ZUK29HbGZPZWRJVnREU1ZvSmNWaDMrSExnSUMybnBaTWJkelpualB6b21PcThCcGpNN09yWG1FeHUvd3pHblhpYXIyRT0i",
    "nonce": "Img2M29JSVVESTZ2aS90S2si"
  },
  "error": null
}

Decrypt sensitive card details

After receiving the encrypted response, decrypt the sensitive card details using your RSA private key.

The following guides provide complete decryption implementations with sample code for each language:

  • Golang

    Decrypt card details using Go's crypto package with RSA-OAEP and AES-GCM.

  • Python

    Decrypt card details using Python's cryptography library.

  • JavaScript

    Decrypt card details using Node.js crypto module with RSA and AES-GCM..