Encrypting Crypt field using Classic ASP for SagePay Form Integration

丶灬走出姿态 提交于 2019-11-29 12:04:50
Lankymart

UPDATE (19-Nov-2014): A useful link has come to light through another question on this topic.

https://www.sagepaylabs.com/AES.zip

The file contains Classic ASP example of how to implement AES (128-bit) using a modified version of the AES Rijndael Block Cipher originally written by Phil Fresle (2001) but has been modified by Mat Peck at Sage Pay to run with 128-bit blocks (AES) with CBC and PKCS#5 padding.

The Classic ASP example contains two files

  includes.asp
  rijndael.asp

The Sage Pay Form Integration requirement is very specific.

From Form integration protocol and guidelines

A1.1 The Crypt Field

  1. The Crypt field should contain all the other transaction information (see the next section) in plain text as Name=Value fields separated by ‘&’ characters. Ensure that all mandatory fields are present and that there are no spaces after the ‘&’ character.

  2. This string should then be encrypted using AES(block size 128-bit) in CBC mode with PKCS#5 padding using the provided password as both the key and initialisation vector and encode the result in hex (making sure the letters are in upper case).

  3. Prepend the @ sign to the beginning of the encoded result.

NB : To decrypt use the same procedure in decryption mode, making sure you remove the @ sign before doing so.


Example Crypt Field

Using the key 55a51621a6648525
To encrypt the following request we should get the encrypted result below it

Key Value Pairs

VendorTxCode=TxCode-1310917599-223087284&Amount=36.95&Currency=GBP
&Description=description&CustomerName=FnameSurname
&CustomerEMail=customer@example.com&BillingSurname=Surname
&BillingFirstnames=Fname&BillingAddress1=BillAddress Line 1
&BillingCity=BillCity&BillingPostCode=W1A 1BL
&BillingCountry=GB&BillingPhone=447933000000&DeliveryFirstnames=Fname
&DeliverySurname=Surname&DeliveryAddress1=BillAddress Line 1
&DeliveryCity=BillCity&DeliveryPostCode=W1A 1BL
&DeliveryCountry=GB&DeliveryPhone=447933000000
&SuccessURL=https://example.com/success&FailureURL=https://example.co/failure

Encrypted Result

@2DCD27338114D4C39A14A855702FBAB2EF40BCAC2D76A3ABC0F660A07E9C1C921C2C755BA9B59C39F882FBF6DFED114F23141D94E50A01A665B1E3
1A86C07CA1CD1BB8EF5B6CF2C23D495CD79F9C0F678D61773E7A1AA30AA5B23D56503FC0B52AC0694A8C341263D2C5FE1BAD93BDB94726761E155E9
00448F644AF1F67BE1AC77E852B9D90809A44F258EE9478B6D8C1C4ED58759263E7DBF8871C6592287C0358F36F4EEC326CEDDD440DA2FED8AB35F1B
630A5C6FA671E4D78CC8CACECF9DFDC31D6C5EC8270FB21E297E2C2E14F99A04223EFFD4F00062D440E78A3D2C7140EC8F123D247B75E7482AE98858
DA34D37EDE6D7C69AA74391F559305CF675ADB3615244A107ABBB6AF26E29A2FFA059B12688D90FE09E0DE069325BFF3587A695F5DA36E4B809B69C
C9A37034F166B63B5A62B986F4DA34E9AC9516AFDE70642EC7DAD1AEBA93A1F347D6AC7046E967DCBFE7ACFCEE5DAFC0B29F1765032B3060EBE565C
BD57D092075D15CF12725199C6881605B2E0F105698CE3ADD04361CA9D620C187B90E3F9849445B5C3C0FDF1768BFFD61F97E51316826F4F10E0E3E6
68F0A9F5ED9CCDA6F2C7CC957F12DB48F9041482E3D035E7A91852C404BFA325FED947E71F57B871DFAC6AF4FF29F4513A4A80B2D7ECC9D19D47ED04
FA99CDFC881DFA771E1EA4F3F9B2C5AC673EF3DA2699A309CC8522993A63CB8D45D3CDF09B1DFDC573CD19679B250AD6721450B5042F201670B4645
05DCAEF59E2C67ABACC9AE2EEE793CE191FEBF66B8FAF4204EFFB359246B9C99FB52805C46375FF35140F74707FBC73C7731A28A2C883A

Taking into consideration these requirements means your limited on the options available in a Classic ASP environment.

I would recommend on looking at using AspEncrypt by Persit Software or the only other promising option I can find is (Classic ASP) AES Encryption but as I have not used either of these components I cannot vouch for how good or bad they are.


However I have used Persit components before during web development using Classic ASP and can say that they have always worked for me so my recommendation would be to have a look and see what you think.

It does seem to support the needed requirement, here is an example based on code from the documentation manipulated to suit.

<%
Dim CM, Context, Key, Blob, Crypt

Set CM = Server.CreateObject("Persits.CryptoManager")
'AES requires the Microsoft Enhanced RSA and AES Cryptographic Provider.
'Set Context = CM.OpenContext("", True )
Set Context = CM.OpenContextEx( _
  "Microsoft Enhanced RSA and AES Cryptographic Provider", "", True _
)
Set Blob = CM.CreateBlob
Blob.Hex = "Hex Encoded Key given to you by Sage Pay" 'AES-128 Bit Key
'Might need to reverse the bytes which is why the third parameter is set to True.
Set Key = Context.ImportRawKey(Blob, calgAES128, True)

'Make sure padding is set to PKCS#5 and Cipher Mode is set to CBC
'these don't actually need defining because they are the defaults
'according to the documentation, just here for completeness.
Key.Padding = ccpPKCS5
Key.Mode = ccmCBC
Set Blob = Key.EncryptText("your key value pairs")

'Format encrypted field as required by Sage Pay
Crypt = "@" + Blob.Hex
%>

Useful Links

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!