Convert the resulting bytes into a hexadecimal string.<\/li>\n<\/ol>\nThe decrypted PIN is within the obtained hexadecimal string. Assuming that the initial character of the string is in position 0, you will find the digits of the PIN in positions 2, 3, 4, and 5.<\/p>\n
For example, consider this hexadecimal array: 445454<\/strong><\/span>aaaaaaaaaa4ae8c131f45d1056 <\/p>\nIn this example, the PIN is 5454<\/strong><\/span>.<\/p>\nAfter decrypting the PIN, you can reveal it to the cardholder in your interface.<\/p>","url":"https:\/\/docs.adyen.com\/pt\/issuing\/manage-card-data\/reveal-pin","articleFields":{"description":"Allow your cardholders see their personal identification number (PIN).","parameters":{"directoryPath":"\/issuing"},"page_id":"dbb1ad8c-292d-4037-93a9-9abe02f53ca5","feedback_component":true,"filters_component":false,"decision_tree":"[]"},"algolia":{"url":"https:\/\/docs.adyen.com\/pt\/issuing\/manage-card-data\/reveal-pin","title":"Reveal PIN using standard encryption methods","content":"You can allow your cardholders to access the PIN of their Adyen-issued card within your app or website. This page explains how to implement a feature to securely reveal PINs in your user interface.\nTo reveal a PIN in your user interface, you must first get the PIN data from Adyen. To securely request the data, you use a base64-encoded RSA public key and an Advanced Encryption Standard (AES) key to generate an encrypted session key.\nUse the session key to request a PIN block from Adyen. This PIN block contains the encrypted PIN data assigned to the Adyen-issued card. You must extract the PIN from the decrypted PIN block and then reveal the PIN to the cardholder in your interface.\nThe following sequence diagram illustrates the workflow.\n\nAs shown in the diagram, the steps for revealing a PIN are:\n\nGet a public key from Adyen.\nGenerate an AES key.\nGenerate an encrypted session key.\nRequest the PIN block from Adyen.\nDecrypt the PIN block and reveal it in your user interface.\n\nRequirements\nMake sure that:\n\nYou have API credentials for the Configuration API.\nYour API credential has the Bank Issuing PIN Reveal Webservice role.\n\nGet a public key from Adyen\nYou need a base64-encoded RSA public key to generate an encrypted session key. You must use the Configuration API to get the public key from Adyen.\nTo get a public key:\n\n\nMake a GET \/publicKey request with the query parameter purpose set to pinReveal.\n\n\n\nThe response contains:\n\nThe public key\nThe expiry date of the public key\n\n\n\n\n\n\nPass the publicKey to your front end.\n\n\nGenerate an AES key\nYou need a 256-bit AES encryption key to generate an encrypted session key. You can generate this key by using a random bit generator.\nGenerate an encrypted session key\nYou need an encrypted symmetric session key to securely request the PIN change to Adyen. To generate the encrypted session key, encrypt the AES key you generated in the previous step.\nFor the encryption, use:\n\nThe publicKey that you received from Adyen.\nThe RSA encryption algorithm, version PKCS 1.\n\nRequest the PIN block from Adyen\nRequest from Adyen the PIN block that contains the encrypted PIN data:\n\n\nMake a POST \/pins\/reveal request and specify the following parameters:\n\n\n\nParameter\nDescription\n\n\n\n\n paymentInstrumentId\nThe unique identifier of the card for which you are revealing the PIN.\n\n\n encryptedKey\nThe encrypted symmetric session key.\n\n\n\n\n\n\nThe response contains: \n\nAn encryptedPinBlock: An ISO Format 4 encrypted PIN block\nA token that you need for decrypting the PIN block\n\n\n\n\n\n\nPass encryptedPinBlock and token to your client.\n\n\nDecrypt the PIN block and reveal the PIN\nThe PIN block is encrypted using the ISO format 4 (ISO-4), a standard encryption method. Because the PIN itself is only 4 characters, a token is used as an intermediate step for decryption. Both the token and the PIN block are included in the POST \/pins\/reveal response.\nTo decrypt the PIN, follow these steps:\n\nDecrypt the \n encryptedPinBlock\n using the 256-bit AES key that you previously generated. The decrypted data is an intermediate result.\n\nFormat the \n token\n that you received in the response. To do this:\n\n\nGenerate a hexadecimal string of 32 characters that includes:\n\n\"4\" as the first character\nThe \n token\n\nThe character \"0\" repeated 15 times.\nExample: 4 + 5555341244441115 + 000000000000000\n\n\n\nConvert this hexadecimal string into a 16-byte array.\n\n\n\nCombine the decrypted PIN block and the formatted token data into one 16-byte array by doing an XOR.\nDecrypt the result from the previous step using RSA in ECB mode, with the key that you previously generated. \nConvert the resulting bytes into a hexadecimal string.\n\nThe decrypted PIN is within the obtained hexadecimal string. Assuming that the initial character of the string is in position 0, you will find the digits of the PIN in positions 2, 3, 4, and 5.\nFor example, consider this hexadecimal array: 445454aaaaaaaaaa4ae8c131f45d1056 \nIn this example, the PIN is 5454.\nAfter decrypting the PIN, you can reveal it to the cardholder in your interface.","type":"page","locale":"pt","boost":17,"hierarchy":{"lvl0":"Home","lvl1":"Adyen Issuing","lvl2":"Manage card data","lvl3":"Reveal PIN using standard encryption methods"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/pt","lvl1":"https:\/\/docs.adyen.com\/pt\/issuing","lvl2":"https:\/\/docs.adyen.com\/pt\/issuing\/manage-card-data","lvl3":"\/pt\/issuing\/manage-card-data\/reveal-pin"},"levels":4,"category":"Issuing","category_color":"green","tags":["Reveal","using","standard","encryption","methods"]},"articleFiles":{"pin-reveal.svg":"![\"\"](\"https:\/\/docs.adyen.com\/user\/pages\/docs\/07.issuing\/17.manage-card-data\/05.reveal-pin\/pin-reveal.svg?decoding=auto&fetchpriority=auto\")
","request-pin-block.js":"
request-pin-block.js<\/p>"}}
![\"\"](\"\/user\/pages\/docs\/07.issuing\/17.manage-card-data\/05.reveal-pin\/pin-reveal.svg?decoding=auto&fetchpriority=auto\")
<\/p>\n