问题
I always get the same error 3045: The Currency field is missing, when posting this form:
<form name="frmPay" action="https://test.sagepay.com/gateway/service/vspform-register.vsp" method="POST">
<input type="text" name="VPSProtocol" value="3.00" />
<input type="text" name="TxType" value="PAYMENT" />
<input type="text" name="Vendor" value="myvendor" />
Crypt:<textarea rows="10" cols="200" name="Crypt"><%=Crypt%></textarea>
<input type="submit" value="Send" />
</form>
I think the error is in the encryption
Could someone send encryption routine for classic ASP?
回答1:
UPDATE (19-Nov-2014): A useful link has come to light through another question on this topic.
https://www.sagepaylabs.com/AES.zip
The file contains Classic ASP example of how to implement AES (128-bit) using a modified version of the AES Rijndael Block Cipher originally written by Phil Fresle (2001) but has been modified by Mat Peck at Sage Pay to run with 128-bit blocks (AES) with CBC and PKCS#5 padding.
The Classic ASP example contains two files
includes.asp rijndael.asp
The Sage Pay Form Integration requirement is very specific.
From Form integration protocol and guidelines
A1.1 The Crypt Field
The Crypt field should contain all the other transaction information (see the next section) in plain text as Name=Value fields separated by ‘&’ characters. Ensure that all mandatory fields are present and that there are no spaces after the ‘&’ character.
This string should then be encrypted using AES(block size 128-bit) in CBC mode with PKCS#5 padding using the provided password as both the key and initialisation vector and encode the result in hex (making sure the letters are in upper case).
Prepend the
@
sign to the beginning of the encoded result.NB : To decrypt use the same procedure in decryption mode, making sure you remove the
@
sign before doing so.Example Crypt Field
Using the key
55a51621a6648525
To encrypt the following request we should get the encrypted result below itKey Value Pairs
VendorTxCode=TxCode-1310917599-223087284&Amount=36.95&Currency=GBP &Description=description&CustomerName=FnameSurname &CustomerEMail=customer@example.com&BillingSurname=Surname &BillingFirstnames=Fname&BillingAddress1=BillAddress Line 1 &BillingCity=BillCity&BillingPostCode=W1A 1BL &BillingCountry=GB&BillingPhone=447933000000&DeliveryFirstnames=Fname &DeliverySurname=Surname&DeliveryAddress1=BillAddress Line 1 &DeliveryCity=BillCity&DeliveryPostCode=W1A 1BL &DeliveryCountry=GB&DeliveryPhone=447933000000 &SuccessURL=https://example.com/success&FailureURL=https://example.co/failure
Encrypted Result
@2DCD27338114D4C39A14A855702FBAB2EF40BCAC2D76A3ABC0F660A07E9C1C921C2C755BA9B59C39F882FBF6DFED114F23141D94E50A01A665B1E3 1A86C07CA1CD1BB8EF5B6CF2C23D495CD79F9C0F678D61773E7A1AA30AA5B23D56503FC0B52AC0694A8C341263D2C5FE1BAD93BDB94726761E155E9 00448F644AF1F67BE1AC77E852B9D90809A44F258EE9478B6D8C1C4ED58759263E7DBF8871C6592287C0358F36F4EEC326CEDDD440DA2FED8AB35F1B 630A5C6FA671E4D78CC8CACECF9DFDC31D6C5EC8270FB21E297E2C2E14F99A04223EFFD4F00062D440E78A3D2C7140EC8F123D247B75E7482AE98858 DA34D37EDE6D7C69AA74391F559305CF675ADB3615244A107ABBB6AF26E29A2FFA059B12688D90FE09E0DE069325BFF3587A695F5DA36E4B809B69C C9A37034F166B63B5A62B986F4DA34E9AC9516AFDE70642EC7DAD1AEBA93A1F347D6AC7046E967DCBFE7ACFCEE5DAFC0B29F1765032B3060EBE565C BD57D092075D15CF12725199C6881605B2E0F105698CE3ADD04361CA9D620C187B90E3F9849445B5C3C0FDF1768BFFD61F97E51316826F4F10E0E3E6 68F0A9F5ED9CCDA6F2C7CC957F12DB48F9041482E3D035E7A91852C404BFA325FED947E71F57B871DFAC6AF4FF29F4513A4A80B2D7ECC9D19D47ED04 FA99CDFC881DFA771E1EA4F3F9B2C5AC673EF3DA2699A309CC8522993A63CB8D45D3CDF09B1DFDC573CD19679B250AD6721450B5042F201670B4645 05DCAEF59E2C67ABACC9AE2EEE793CE191FEBF66B8FAF4204EFFB359246B9C99FB52805C46375FF35140F74707FBC73C7731A28A2C883A
Taking into consideration these requirements means your limited on the options available in a Classic ASP environment.
I would recommend on looking at using AspEncrypt by Persit Software or the only other promising option I can find is (Classic ASP) AES Encryption but as I have not used either of these components I cannot vouch for how good or bad they are.
However I have used Persit components before during web development using Classic ASP and can say that they have always worked for me so my recommendation would be to have a look and see what you think.
It does seem to support the needed requirement, here is an example based on code from the documentation manipulated to suit.
<%
Dim CM, Context, Key, Blob, Crypt
Set CM = Server.CreateObject("Persits.CryptoManager")
'AES requires the Microsoft Enhanced RSA and AES Cryptographic Provider.
'Set Context = CM.OpenContext("", True )
Set Context = CM.OpenContextEx( _
"Microsoft Enhanced RSA and AES Cryptographic Provider", "", True _
)
Set Blob = CM.CreateBlob
Blob.Hex = "Hex Encoded Key given to you by Sage Pay" 'AES-128 Bit Key
'Might need to reverse the bytes which is why the third parameter is set to True.
Set Key = Context.ImportRawKey(Blob, calgAES128, True)
'Make sure padding is set to PKCS#5 and Cipher Mode is set to CBC
'these don't actually need defining because they are the defaults
'according to the documentation, just here for completeness.
Key.Padding = ccpPKCS5
Key.Mode = ccmCBC
Set Blob = Key.EncryptText("your key value pairs")
'Format encrypted field as required by Sage Pay
Crypt = "@" + Blob.Hex
%>
Useful Links
- This question appears to be related but is for PHP not Classic ASP the problem though is similar. PHP and Sage Pay.
- Article PS040625142 - Advanced Encryption Standard (AES) Support
来源:https://stackoverflow.com/questions/25025330/encrypting-crypt-field-using-classic-asp-for-sagepay-form-integration