SNAP (Standar Nasional OPEN API Pembayaran) was submitted by several sub-working groups formed jointly by ASPI and the Bank of Indonesia for encouraging digital transformation in the banking industry. In the document Pedoman Tata Kelola (Bank of Indonesia, n.d.), there is the use cryptographic algorithms that are used as validation for third parties to use the Open API. The algorithms used in the document are HMAC and RSA. The third party will send the signature in the API header along with the sent API payload. The signature describes the body payload, the endpoint URL that was called by the third party, and the time when the API call was made, so the signature will change all the time. However, there are other algorithms that can be used as a form of validation, such as ECC and ZK-SNARK. In this journal, the performance of the four cryptographic algorithms is compared. The performance we compare is overall speed when creating the signature and verifying it. The result is that HMAC is the most efficient algorithm, but for financial data, it is better to use ECC which uses asymmetric keys and is faster than RSA contained in the SNAP document, especially when 256 bits security level that ECC could be 10 times faster then RSA.
Copyrights © 2023