Introduction to Cryptographic Requirements - Digital-Platform-Services/My-NS-Account GitHub Wiki
Securing communication between My NS Account and your application involves both digital signing and encryption.
- Signing ensures the messages came from people or systems that we trust.
- Encryption is the process of encoding messages in order to ensure that the message is only accessed by authorized people or systems.
In order to connect your application to My NS Account, cryptographic elements are required. These elements ensure secure communication between My NS Account and your application (also known as a Relying Party (RP)).
Request Signing/Encryption Certificates
-
Download and complete a copy of our My NS Account Certificate Signing Request Form
-
Generate CSR and Private Keys for Signing and Encryption Certificates
-
Return both CSR files and the completed Certificate Signing Request Form to [email protected]
Certificates are typically turned around within 2 business days.
Certificates generated for non-production integrations are not acceptable for use with production integrations. Please request a separate set of cryptographic documents for production integrations.
An IMPORTANT note about Private Keys
It is important that you safeguard your private keys (.key files).
Private keys must remain private. Unless specified, do NOT transmit your private keys to us.
While private keys will be used by your application, they are not required when it comes to generating certificates.
Please take some time to consider the security of your private keys, specifically:
- how private keys will be securely stored
- how will they be securely transmitted
- who will have access to them
NEVER SHARE your private keys. Never. Ever.