Message-Level Encryption Keys

You must use message-level encryption (MLE) in order for personally identifiable information, such as payment information, to be returned unmasked by
TMS
. You must create an MLE security key for your
Cybersource
merchant account in the
Business Center
before a
TMS
response can return unmasked payment information using MLE.
MLE keys can be created at the portfolio and transacting levels of an organization. You must create an MLE key at the portfolio level of an organization if you want to use a single MLE key for the encryption and decryption of payment information for multiple merchants. To do so, you must log in to the
Business Center
using your portfolio credentials and ensure that the MLE key is generated for your organization.
MLE keys expire after 3 years.
Security keys can be used to make any request, including payments. Treat your security keys as you would any secure password.
You must use separate keys for the test and production environments.

Prerequisite

You must have a tool such as OpenSSL installed on your system.
To create an MLE key, you must first extract a public key. You can use a tool such as OpenSSL to extract the key:
openssl genrsa -out private.pem 2048 && openssl rsa -in private.pem -outform PEM -pubout -out public.pem
For information creating an MLE key, see Creating a Message-Level Encryption Key.

Creating a Message-Level Encryption Key

Follow these steps to create a message-level encryption key:
  1. Log in to the
    Business Center
    .
  2. On the left navigation panel, navigate to
    Payment Configuration > Key Management
    .
  3. Click
    + Generate Key
    .
  4. Select
    Message-Level Encryption
    and click
    Generate Key
    .
  5. Enter the public key value into the text field, and click
    Create Key
    .