Problems doing direct decryption in server side

42 views

Skip to first unread message

Christian Valencia

unread,

Jan 9, 2025, 10:55:29 AMJan 9

to tink-users

hi, currently I'm facing an error when I'm trying to decrypt a token, I'm using this guide to generate the public and private keys https://developers.google.com/pay/api/web/guides/resources/payment-data-cryptography#public-key-format

I added the public one to the console and implemented the Tink library

but I'm getting this error

java.security.GeneralSecurityException: cannot verify signature
at com.google.crypto.tink.apps.paymentmethodtoken.PaymentMethodTokenRecipient.verify(PaymentMethodTokenRecipient.java:471)
at com.google.crypto.tink.apps.paymentmethodtoken.PaymentMethodTokenRecipient.verifyIntermediateSigningKey(PaymentMethodTokenRecipient.java:545)
at com.google.crypto.tink.apps.paymentmethodtoken.PaymentMethodTokenRecipient.verifyECV2(PaymentMethodTokenRecipient.java:411)
at com.google.crypto.tink.apps.paymentmethodtoken.PaymentMethodTokenRecipient.unsealECV2(PaymentMethodTokenRecipient.java:375)
at com.google.crypto.tink.apps.paymentmethodtoken.PaymentMethodTokenRecipient.unseal(PaymentMethodTokenRecipient.java:352)
at com.test.googlepay.GooglepayApplication.main(GooglepayApplication.java:61)

and this is the implementation:

String decryptedMessage =
new PaymentMethodTokenRecipient.Builder()
.fetchSenderVerifyingKeysWith(GooglePaymentsPublicKeysManager.INSTANCE_TEST)
.recipientId("merchant:MerchantId")
.protocolVersion("ECv2")
.addRecipientPrivateKey(privateKey)
.build()
.unseal(encryptedText);