Skip to content

Retrieve sensitive card details

For security reasons, sensitive card details, such as cvv, card_number, and card PIN, are encrypted. To securely access the information, use the Rivest-Shamir-Adleman (RSA) encryption algorithm.

Generate RSA key pair

Start by generating an RSA key pair using OpenSSL. The key pair consists of a private key and a public key:

openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -pubout -out public.pem

This creates two files:

File name Instruction
private.pem Keep this secure on your server and never transmit it
public.pem You will encode and send this to Gravv in the API request header

Encode the public key

Base64-encode the entire public.pem file, including the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- markers and the newlines between them. The resulting single-line base64 string is the value you'll send in the API request header.

# Linux
base64 -w 0 public.pem > public.pem.b64

# macOS
base64 -i public.pem -o public.pem.b64

When the server base64-decodes the header value, it must obtain the original PEM text. Encoding only the modulus, the DER bytes, or any other partial representation will fail.

Request encrypted card details

Send the base64-encoded public key modulus in the X-Client-Public-Key header when requesting sensitive card details:

curl --request GET \
     --url https://api.gravv.xyz/v1/cards/<card id>/sensitive-details \
     --header 'Api-Key: <Api Key>' \
     --header 'X-Client-Public-Key: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUEuLi4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0=' \
     --header 'content-type: application/json

Replace the header value with the full base64-encoded contents of your public.pem.

You will receive encrypted card details in the response:

{
  "data": {
    "ciphertext": "IjBkZlJMWUVXMzJ5MjdySzhWQlp1WHM5N1hzZ0szNGFSb1VScTJrbDhyazkzSmUrM0lTTXNiOCs4bmo2MW9LdDYxdkN0d0w1NSI=",
    "encrypted_key": "IkUxdXhGa2c3ekpVaUJmWFlhcnVhM0dZRyt1amZJczBpMDJsak85QnIvVjkzSGxvWWxDNk1xaVlyYkNGQnJtTHFkVkwybmlFbkxDemliOUoweWI3RTg5YUFvTEZncmFkNFV0Z2cvV1ZUK29HbGZPZWRJVnREU1ZvSmNWaDMrSExnSUMybnBaTWJkelpualB6b21PcThCcGpNN09yWG1FeHUvd3pHblhpYXIyRT0i",
    "nonce": "Img2M29JSVVESTZ2aS90S2si"
  },
  "error": null
}

Decrypt sensitive card details

After receiving the encrypted response, decrypt the sensitive card details using your RSA private key.

The following guides provide complete decryption implementations with sample code for each language:

  • Golang

    Decrypt card details using Go's crypto package with RSA-OAEP and AES-GCM.

  • Python

    Decrypt card details using Python's cryptography library.

  • JavaScript

    Decrypt card details using Node.js crypto module with RSA and AES-GCM..