---
page_title: Generating the Signature
product: UPI TPAP SDK
platform: React Native
page_source: https://juspay.io/in/docs/upi-tpap-sdk/react-native/resources/generating-the-signature
llms_txt: https://juspay.io/in/docs/llms.txt
product_llms_txt: https://juspay.io/in/docs/upi-tpap-sdk/llms.txt
---


# Generating the Signature




---



## **Generating the RSA Key Pair** 



Merchant must securely generate 2048 bit RSA Public Private Key pair on their servers inside a crypto vault. Merchant must share the Public Key (KeyFormat-PEM) with Juspay during onboardingPrivate key must be securely kept in a crypto vault on the merchant servers. Private key should never flow to the client.

> **Note**
> To simplify integration on sandbox, we have already shared a set of auto-generated keys which need to be configured. Please make sure a new set of keys is generated for production prior to go-live.



The below command would generate a private key file **private-key.pem** 


#### Command Line Code Snippet:

```command line
{"success":false,"message":"Failed to fetch snippet"}
```


The below command would generate a public key file **public-key.pem**  for the private key file generated via above command


#### Command Line Code Snippet:

```command line
$ openssl rsa -in private-key.pem -pubout -out public-key.pem
```



## **Signing the Payload** 




| Algorithm | Format |
|---|---|
| RSA-SHA256 | HEX; base 64 encoded |


JSON payload needs to be signed after converting it to String using the Private key stored on the merchant server. The signature shall be in **Base 64 encoded format.** 

> **Warning**
> The JSON payload converted to a string that is to be signed, which makes a signature, should exactly be the same as the string that is to be passed in the signature payload field.




### **Sample Code Snippet** 




#### Java Code Snippet:

```java
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.json.JSONObject;

import java.io.FileReader;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.*;
import java.util.HashMap;

import javax.xml.bind.DatatypeConverter;

public class SignatureUtil {
    public static void main(String ...args) {
        JSONObject data = new JSONObject("{'order_id': 'venkatesh12','first_name': 'Test','last_name': 'Customer','customer_phone': '9876543210','customer_email': 'test@gmail.com','merchant_id': 'udit_juspay','amount': '1.00','customer_id': '9876543210','return_url': 'https://sandbox.juspay.in/end','currency': 'INR','mandate.start_date': '1638535683287','mandate.end_date': '2134731745451','timestamp': '1576227696'}");
        String filePath = "/<absolute-path-to-folder-containing-pem-file>/private-key.pem";
        HashMap<String,String> response = createSignature(data, filePath);
    }

    public static HashMap<String,String> createSignature(JSONObject payload, String filePath) {
        try {
            PrivateKey privateKey = readPrivateKeyFromFile(filePath);
            Signature privateSignature = Signature.getInstance("SHA256withRSA");
            String[] requiredFields = {"order_id", "merchant_id", "amount", "timestamp", "customer_id"};
            for (String key : requiredFields)
                if(!payload.has(key))
                    throw new Exception(key + " not found in payload");
            String signaturePayload = payload.toString();
            privateSignature.initSign(privateKey);
            privateSignature.update(signaturePayload.getBytes(StandardCharsets.UTF_8));
            byte[] signature = privateSignature.sign();
            String encodedSignature = DatatypeConverter.printBase64Binary(signature);
            HashMap<String,String> response = new HashMap<String,String>();
            response.put("signature",encodedSignature);
            response.put("signaturePayload", signaturePayload);
            return response;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return new HashMap<String, String>();
    }

    private static PrivateKey readPrivateKeyFromFile(String filePath) throws IOException {
        Security.addProvider(new BouncyCastleProvider());
        PEMParser pemParser = new PEMParser(new FileReader(filePath));
        JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
        PEMKeyPair pemKeyPair = (PEMKeyPair) pemParser.readObject();
        KeyPair keyPair = converter.getKeyPair(pemKeyPair);
        return keyPair.getPrivate();
    }
}
```

#### Alternate Java (below JDK 11) Code Snippet:

```alternate java (below jdk 11)
{"success":false,"message":"Failed to fetch snippet"}
```

#### Python Code Snippet:

```python
{"success":false,"message":"Failed to fetch snippet"}
```

#### PHP Code Snippet:

```php
{"success":false,"message":"Failed to fetch snippet"}
```

#### Node.js Code Snippet:

```node.js
{"success":false,"message":"Failed to fetch snippet"}
```

#### C# Code Snippet:

```c#
{"success":false,"message":"Failed to fetch snippet"}
```

#### Ruby Code Snippet:

```ruby
{"success":false,"message":"Failed to fetch snippet"}
```




---

## See Also

- [Additional Parameters](https://juspay.io/in/docs/upi-tpap-sdk/react-native/miscellaneous/additional-parameters)
- [Error Codes](https://juspay.io/in/docs/upi-tpap-sdk/react-native/resources/error-codes)