PGP Best Practices

PGP is a standard set of encryption, decryption, and signing algorithms which provide cryptographic privacy and authentication. In many areas of this spec, communication is either PGP encrypted, PGP signed, or both.

The payment integrator must support:

  • Encrypting and decrypting payloads with multiple PGP keys.
  • Signing payloads with multiple PGP keys.
  • Verifying a payload with multiple signatures, any one of which can be the signature with the key provided by Google.
  • Decryption of Web-safe base64 encoded payloads.

PGP public keys provided to Google must have a subkey used for encryption. The subkey allows for independent rotation from the master key. The master key is used for identity verification. Private keys must be 2048 (or greater) bit RSA keys that expire in one year with a max lifetime of two years.

You can use the following command to create a new keypair.

$ gpg --full-generate-key

Answer the questions based on the guidelines above. We require RSA with at least 2048 bits and expiration of 1-2 years. This should create both a master key (labeled SC, for 'S'igning and 'C'ertificate generation) and a subkey (labeled E, for 'E'ncryption).

JWE Best Practices

JSON Web Encryption (JWE) is a standard defined by rfc7516 for encrypting content at the application level.

If using JWE for application-level encryption, the payment integrator must support the following options:

  • Decrypting payloads from one of multiple JWE keys.
  • Compact Serialization
  • JWE compression (i.e., zip="DEF")
  • The RSAES-PKCS1-V1_5 algorithm for key management.
  • The AES-CBC + HMAC-SHA2 algorithm for content encryption.

Private keys must be RSA keys that expire in one year with a max lifetime of two years.

Private Key Handling

All private key identities must always stay on the payment integrator server and not within the APK. Therefore, all signature values must be calculated on the payment integrator server.