使用经典 ASP 为 SagePay 表单集成加密 Crypt 字段 [英] Encrypting Crypt field using Classic ASP for SagePay Form Integration
问题描述
发布此表单时,我总是收到相同的错误 3045:缺少货币字段:
我认为错误在于加密
有人可以发送经典 ASP 的加密例程吗?
更新(2014 年 11 月 19 日):通过 另一个问题 关于这个话题.
https://www.sagepaylabs.com/AES.zip
该文件包含如何使用 AES Rijndael 分组密码的修改版本来实现 AES(128 位)的经典 ASP 示例,该密码最初由 Phil Fresle (2001) 编写,但已由 Sage Pay 的 Mat Peck 修改以运行具有 CBC 和 PKCS#5 填充的 128 位块 (AES).
Classic ASP 示例包含两个文件
<上一页>包括.asprijndael.asp
<小时>
Sage Pay Form 集成要求非常具体.
<块引用>来自 表单集成协议和指南
A1.1 地穴领域
Crypt 字段应包含所有其他交易信息(请参阅下一节),以纯文本形式作为 Name=Value 字段用&"字符分隔.确保所有必填字段都存在,并且&"字符后没有空格.
然后应该在 CBC 模式下使用 AES(块大小 128 位)加密此字符串,并使用提供的 PKCS#5 填充密码作为密钥和初始化向量,并将结果编码为十六进制(确保字母为大写).
将
@
符号添加到编码结果的开头.
注意:要在解密模式下使用相同的程序进行解密,请确保在这样做之前删除 @
符号.
地穴字段示例
使用密钥 55a51621a6648525
为了加密下面的请求,我们应该得到下面的加密结果
键值对
VendorTxCode=TxCode-1310917599-223087284&Amount=36.95&Currency=GBP&Description=description&CustomerName=FnameSurname&CustomerEMail=customer@example.com&BillingSurname=姓氏&BillingFirstnames=Fname&BillingAddress1=BillAddress 第 1 行&BillingCity=BillCity&BillingPostCode=W1A 1BL&BillingCountry=GB&BillingPhone=447933000000&DeliveryFirstnames=Fname&DeliverySurname=姓&DeliveryAddress1=BillAddress 第 1 行&DeliveryCity=BillCity&DeliveryPostCode=W1A 1BL&DeliveryCountry=GB&DeliveryPhone=447933000000&SuccessURL=https://example.com/success&FailureURL=https://example.co/failure
加密结果
@2DCD27338114D4C39A14A855702FBAB2EF40BCAC2D76A3ABC0F660A07E9C1C921C2C755BA9B59C39F882FBF6DFED114F23141D94E50A01A665B1E31A86C07CA1CD1BB8EF5B6CF2C23D495CD79F9C0F678D61773E7A1AA30AA5B23D56503FC0B52AC0694A8C341263D2C5FE1BAD93BDB94726761E155E900448F644AF1F67BE1AC77E852B9D90809A44F258EE9478B6D8C1C4ED58759263E7DBF8871C6592287C0358F36F4EEC326CEDDD440DA2FED8AB35F1B630A5C6FA671E4D78CC8CACECF9DFDC31D6C5EC8270FB21E297E2C2E14F99A04223EFFD4F00062D440E78A3D2C7140EC8F123D247B75E7482AE98858DA34D37EDE6D7C69AA74391F559305CF675ADB3615244A107ABBB6AF26E29A2FFA059B12688D90FE09E0DE069325BFF3587A695F5DA36E4B809B69CC9A37034F166B63B5A62B986F4DA34E9AC9516AFDE70642EC7DAD1AEBA93A1F347D6AC7046E967DCBFE7ACFCEE5DAFC0B29F1765032B3060EBE565CBD57D092075D15CF12725199C6881605B2E0F105698CE3ADD04361CA9D620C187B90E3F9849445B5C3C0FDF1768BFFD61F97E51316826F4F10E0E3E668F0A9F5ED9CCDA6F2C7CC957F12DB48F9041482E3D035E7A91852C404BFA325FED947E71F57B871DFAC6AF4FF29F4513A4A80B2D7ECC9D19D47ED04FA99CDFC881DFA771E1EA4F3F9B2C5AC673EF3DA2699A309CC8522993A63CB8D45D3CDF09B1DFDC573CD19679B250AD6721450B5042F201670B464505DCAEF59E2C67ABACC9AE2EEE793CE191FEBF66B8FAF4204EFFB359246B9C99FB52805C46375FF35140F74707FBC73C7731A28A2C883A
考虑到这些要求意味着您在经典 ASP 环境中可用的选项受到限制.
我建议使用 AspEncrypt by Persit Software 或我能找到的唯一其他有希望的选项是 (Classic ASP) AES Encryption 但因为我没有使用过这些我无法保证它们的好坏.
<小时>但是,我之前在使用 Classic ASP 进行 Web 开发期间使用过 Persit 组件,并且可以说它们一直对我有用,所以我的建议是看看你的想法.
它似乎确实支持所需的要求,这是一个示例 基于文档中的代码 被操纵以适应.
<%暗色 CM、上下文、键、Blob、地穴设置 CM = Server.CreateObject("Persits.CryptoManager")'AES 需要 Microsoft 增强的 RSA 和 AES 加密提供程序.'设置上下文 = CM.OpenContext("", True )设置上下文 = CM.OpenContextEx(_"Microsoft 增强的 RSA 和 AES 加密提供程序", "", True _)设置 Blob = CM.CreateBlobBlob.Hex = "Sage Pay 提供给您的十六进制编码密钥" 'AES-128 位密钥'可能需要反转字节,这就是第三个参数设置为 True 的原因.设置密钥 = Context.ImportRawKey(Blob, calgAES128, True)'确保填充设置为 PKCS#5 并且密码模式设置为 CBC'这些实际上不需要定义,因为它们是默认值'根据文档,这里只是为了完整性.Key.Padding = ccpPKCS5Key.Mode = ccmCBCSet Blob = Key.EncryptText("你的键值对")'按照 Sage Pay 的要求格式化加密字段地穴 = "@" + Blob.Hex%>
<小时>
有用的链接
- 这个问题似乎是相关的,但对于 PHP 而不是 Classic ASP,问题虽然相似.PHP 和 Sage Pay.
- 文章 PS040625142 - 高级加密标准 (AES) 支持
I always get the same error 3045: The Currency field is missing, when posting this form:
<form name="frmPay" action="https://test.sagepay.com/gateway/service/vspform-register.vsp" method="POST">
<input type="text" name="VPSProtocol" value="3.00" />
<input type="text" name="TxType" value="PAYMENT" />
<input type="text" name="Vendor" value="myvendor" />
Crypt:<textarea rows="10" cols="200" name="Crypt"><%=Crypt%></textarea>
<input type="submit" value="Send" />
</form>
I think the error is in the encryption
Could someone send encryption routine for classic ASP?
UPDATE (19-Nov-2014): A useful link has come to light through another question on this topic.
https://www.sagepaylabs.com/AES.zip
The file contains Classic ASP example of how to implement AES (128-bit) using a modified version of the AES Rijndael Block Cipher originally written by Phil Fresle (2001) but has been modified by Mat Peck at Sage Pay to run with 128-bit blocks (AES) with CBC and PKCS#5 padding.
The Classic ASP example contains two files
includes.asp rijndael.asp
The Sage Pay Form Integration requirement is very specific.
From Form integration protocol and guidelines
A1.1 The Crypt Field
The Crypt field should contain all the other transaction information (see the next section) in plain text as Name=Value fields separated by ‘&’ characters. Ensure that all mandatory fields are present and that there are no spaces after the ‘&’ character.
This string should then be encrypted using AES(block size 128-bit) in CBC mode with PKCS#5 padding using the provided password as both the key and initialisation vector and encode the result in hex (making sure the letters are in upper case).
Prepend the
@
sign to the beginning of the encoded result.NB : To decrypt use the same procedure in decryption mode, making sure you remove the
@
sign before doing so.
Example Crypt Field
Using the key
55a51621a6648525
To encrypt the following request we should get the encrypted result below itKey Value Pairs
VendorTxCode=TxCode-1310917599-223087284&Amount=36.95&Currency=GBP &Description=description&CustomerName=FnameSurname &CustomerEMail=customer@example.com&BillingSurname=Surname &BillingFirstnames=Fname&BillingAddress1=BillAddress Line 1 &BillingCity=BillCity&BillingPostCode=W1A 1BL &BillingCountry=GB&BillingPhone=447933000000&DeliveryFirstnames=Fname &DeliverySurname=Surname&DeliveryAddress1=BillAddress Line 1 &DeliveryCity=BillCity&DeliveryPostCode=W1A 1BL &DeliveryCountry=GB&DeliveryPhone=447933000000 &SuccessURL=https://example.com/success&FailureURL=https://example.co/failure
Encrypted Result
@2DCD27338114D4C39A14A855702FBAB2EF40BCAC2D76A3ABC0F660A07E9C1C921C2C755BA9B59C39F882FBF6DFED114F23141D94E50A01A665B1E3 1A86C07CA1CD1BB8EF5B6CF2C23D495CD79F9C0F678D61773E7A1AA30AA5B23D56503FC0B52AC0694A8C341263D2C5FE1BAD93BDB94726761E155E9 00448F644AF1F67BE1AC77E852B9D90809A44F258EE9478B6D8C1C4ED58759263E7DBF8871C6592287C0358F36F4EEC326CEDDD440DA2FED8AB35F1B 630A5C6FA671E4D78CC8CACECF9DFDC31D6C5EC8270FB21E297E2C2E14F99A04223EFFD4F00062D440E78A3D2C7140EC8F123D247B75E7482AE98858 DA34D37EDE6D7C69AA74391F559305CF675ADB3615244A107ABBB6AF26E29A2FFA059B12688D90FE09E0DE069325BFF3587A695F5DA36E4B809B69C C9A37034F166B63B5A62B986F4DA34E9AC9516AFDE70642EC7DAD1AEBA93A1F347D6AC7046E967DCBFE7ACFCEE5DAFC0B29F1765032B3060EBE565C BD57D092075D15CF12725199C6881605B2E0F105698CE3ADD04361CA9D620C187B90E3F9849445B5C3C0FDF1768BFFD61F97E51316826F4F10E0E3E6 68F0A9F5ED9CCDA6F2C7CC957F12DB48F9041482E3D035E7A91852C404BFA325FED947E71F57B871DFAC6AF4FF29F4513A4A80B2D7ECC9D19D47ED04 FA99CDFC881DFA771E1EA4F3F9B2C5AC673EF3DA2699A309CC8522993A63CB8D45D3CDF09B1DFDC573CD19679B250AD6721450B5042F201670B4645 05DCAEF59E2C67ABACC9AE2EEE793CE191FEBF66B8FAF4204EFFB359246B9C99FB52805C46375FF35140F74707FBC73C7731A28A2C883A
Taking into consideration these requirements means your limited on the options available in a Classic ASP environment.
I would recommend on looking at using AspEncrypt by Persit Software or the only other promising option I can find is (Classic ASP) AES Encryption but as I have not used either of these components I cannot vouch for how good or bad they are.
However I have used Persit components before during web development using Classic ASP and can say that they have always worked for me so my recommendation would be to have a look and see what you think.
It does seem to support the needed requirement, here is an example based on code from the documentation manipulated to suit.
<%
Dim CM, Context, Key, Blob, Crypt
Set CM = Server.CreateObject("Persits.CryptoManager")
'AES requires the Microsoft Enhanced RSA and AES Cryptographic Provider.
'Set Context = CM.OpenContext("", True )
Set Context = CM.OpenContextEx( _
"Microsoft Enhanced RSA and AES Cryptographic Provider", "", True _
)
Set Blob = CM.CreateBlob
Blob.Hex = "Hex Encoded Key given to you by Sage Pay" 'AES-128 Bit Key
'Might need to reverse the bytes which is why the third parameter is set to True.
Set Key = Context.ImportRawKey(Blob, calgAES128, True)
'Make sure padding is set to PKCS#5 and Cipher Mode is set to CBC
'these don't actually need defining because they are the defaults
'according to the documentation, just here for completeness.
Key.Padding = ccpPKCS5
Key.Mode = ccmCBC
Set Blob = Key.EncryptText("your key value pairs")
'Format encrypted field as required by Sage Pay
Crypt = "@" + Blob.Hex
%>
Useful Links
- This question appears to be related but is for PHP not Classic ASP the problem though is similar. PHP and Sage Pay.
- Article PS040625142 - Advanced Encryption Standard (AES) Support
这篇关于使用经典 ASP 为 SagePay 表单集成加密 Crypt 字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!