> ## Documentation Index
> Fetch the complete documentation index at: https://xaferapi.apacx.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Core Mechanism

To ensure transaction security, the WaaS system adopts an asymmetric RSA encryption mechanism to protect API communication. Each integrated merchant will receive an RSA key pair (1024-bit) generated by WaaS. The public key is used by the merchant for data encryption/decryption, while the private key is securely stored by the WaaS system for server-side encryption/decryption.

<Info>
  <div className="info-item">
    <Icon icon="key" size={15} className="icon" />

    <span> Public Key Acquisition</span>
  </div>

  The WaaS system sends a Base64-encoded RSA public key to merchants via email. (It is recommended that merchants store the public key with secondary AES encryption!!!)
</Info>

<Info>
  <div className="info-item">
    <Icon icon="lock" size={15} className="icon" />

    <span> Private Key Custody</span>
  </div>

  The private key is securely stored by the WaaS system and will not be provided to merchants under any circumstances.
</Info>

<Info>
  <div className="info-item">
    <Icon icon="shield" size={15} className="icon" />

    <span> Key Type</span>
  </div>

  1024-bit RSA key, using RSA/ECB/PKCS1Padding encryption mode (standard PKCS#1 v1.5 padding scheme).
</Info>

<Info>
  <div className="info-item">
    <Icon icon="arrows-rotate" size={15} className="icon" />

    <span> Key Update</span>
  </div>

  If key updates are required, contact WaaS technical support to regenerate them.
</Info>

<Steps>
  <Step title="Request Flow">
    Merchant encrypts request with public key → WaaS decrypts with private key
  </Step>

  <Step title="Response Flow">
    WaaS encrypts response with private key → Merchant decrypts result with public key
  </Step>
</Steps>
