On This Page

{#jumplink-list}  
[Markdown](/docs/vas/en-us/tms/developer/ctv/rest/tms/tms-onboarding/tms-mle-setup.md)  
Filter  
FILTER BY TAG

Message-Level Encryption Keys {#tms-mle-setup}
==============================================

You must use message-level encryption (MLE) in order for personally identifiable information, such as payment information, to be returned unmasked by TMS. You must create an MLE security key for your `Visa Acceptance Solutions` merchant account in the `Business Center` before a TMS response can return unmasked payment information using MLE.  
MLE keys can be created at the portfolio and transacting levels of an organization. You must create an MLE key at the portfolio level of an organization if you want to use a single MLE key for the encryption and decryption of payment information for multiple merchants. To do so, you must log in to the `Business Center` using your portfolio credentials and ensure that the MLE key is generated for your organization.  
MLE keys expire after 3 years.  
Security keys can be used to make any request, including payments. Treat your security keys as you would any secure password.  
You must use separate keys for the test and production environments.

Prerequisite
------------

You must have a tool such as OpenSSL installed on your system.  
To create an MLE key, you must first extract a public key. You can use a tool such as OpenSSL to extract the key:

```
openssl genrsa -out private.pem 2048 && openssl rsa -in private.pem -outform PEM -pubout -out public.pem
```

For information creating an MLE key, see [Creating a Message-Level Encryption Key](/docs/vas/en-us/tms/developer/ctv/rest/tms/tms-onboarding/tms-mle-setup/keys-mle-create.md "").  
RELATED TO THIS PAGE