---
title: Restoring the symmetric key
framework: passkit
role: article
role_heading: Article
path: passkit/restoring-the-symmetric-key
---

# Restoring the symmetric key

Restore the symmetric key you use to verify payment data.

## Overview

Overview The value of the version key in the payment token structure indicates whether the Apple Pay servers encrypted the payment token using Elliptic Curve Cryptography (ECC) or Rivest–Shamir–Adleman (RSA). Follow the instructions for restoring an ECC key or an RSA key according to the value of the version key. For instructions on using the symmetric key, see Payment token format reference. Restore a symmetric key for ECC To restore the key for ECC (EC_v1), follow these steps: Use the merchant private key and the ephemeral public key to generate the shared secret using Elliptic Curve Diffie-Hellman (id-ecDH 1.3.132.1.12). Use the merchant identifier field (OID 1.2.840.113635.100.6.32) of the public key certificate and the shared secret to derive the symmetric key using the key derivation function described in NIST SP 800-56A, section 5.8.1, with the input values shown in the following table:  |   |   |   |   |   |  Restore a symmetric key for RSA A merchant’s public key encrypts the symmetric key for RSA (RSA_v1) by using the RSA/ECB/OAEPWithSHA256AndMGF1Padding algorithm. Use your RSA private key to decrypt the cipher text in the wrappedKey value. After you decrypt it, the plaintext is the symmetric key material that you use to decrypt the payment token.