Message hashing, signing and verification

The Modernised API uses SHA-256 for hashing and supporting RSA-256 for digital signing and verification through Public Key Infrastructure (PKI).

Here’s how certificate management works across different environments:

Certification Centre (CC / SIT Environment)

Participants do not need to generate their own certificates. PayNet will provision and share the following:

Participant’s Certificate Private Key – Used to generate message signatures.
Participant’s Public Certificate – Matches the private key above.
PayNet’s Public Certificate – Used to verify incoming message signatures from PayNet.

System Verification (SyVe / UAT Environment)

Participants must prepare a Certificate Signing Request (CSR) and upload it to the Global Certificate Management Centre to receive a PayNet-signed certificate.

Production Environment

Participants must upload a certificate signed by a supported licensed Certificate Authority (CA) to the Global Certificate Management Centre.

Alternatively, if you already have a valid production certificate from an existing connection (e.g., API Direct or TCP/IP), you may reuse it for the Modernised API provided it’s still supported.

Supported Licensed Certificate Authorities (CAs):

MSC Trustgate.Com Sdn Bhd
Pos Digicert Sdn Bhd
Raffcomm Technologies Sdn Bhd
TM Technology Services Sdn Bhd

How can we help you?

Certification Centre (CC / SIT Environment)

System Verification (SyVe / UAT Environment)

Production Environment

Supported Licensed Certificate Authorities (CAs):