加密使用的是经典的ASP为SagePay形式集成地穴场 [英] Encrypting Crypt field using Classic ASP for SagePay Form Integration

问题描述

我总是得到同样的错误3045：货币发行领域的缺失，张贴这种形式时：

 ＆LT;表格名称=frmPay行动=htt​​ps://test.sagepay.com/gateway/service/vspform-register.vsp方法=POST＆GT;
＆LT;输入类型=文本名称=VPSProtocol值=3.00/＆GT;
＆LT;输入类型=文本名称=TxTypeVALUE =PAYMENT/＆GT;
＆LT;输入类型=文本名称=供应商值=的Myvendor/＆GT;
隐窝：或其可textarea的行=10COLS =200名称=隐窝＆GT;＆下;％=隐窝％GT;＆下; / textarea的＆GT;
＆LT;输入类型=提交值=发送/＆GT;
＆LT; /表及GT;
 

我认为错误是在加密

有人能发送加密例程传统的ASP？

解决方案

  

UPDATE（19 - 11月 - 2014年）：：一种有益的联系已经通过另一个问题关于这个话题。

  
  

https://www.sagepaylabs.com/AES.zip

  
  

该文件包含了如何实现使用AES的Rijndael分组密码最初由菲尔Fresle（2001）写的修改版本AES（128位）经典ASP的例子，但已被垫派克在贤者收费修改为与运行与CBC和PKCS＃128位数据块（AES）5填充。

  
  

经典ASP示例包含两个文件

  includes.asp
  rijndael.asp

---

圣人收费形式整合的要求是非常具体的。

  

从<一个href=\"http://www.sagepay.co.uk/file/6941/download-document/FORM_Protocol_and_Integration_Guidelines_300114.pdf?token=SYAK3maL_Ite0jxNhVK2CpjZ9fcAe1O6t7KgnoJGAuk\"相对=nofollow>表单集成协议和准则

  
  

A1.1地穴字段的

  
  

  

1. 的地穴字段应该包含所有的纯文本名称=值字段中的其他交易信息（见下一节）
     分隔'和;'字符。确保所有必填字段是present并有后没有空格'和;'字的


  

2. 的此字符串然后应使用加密AES（块大小128位）使用提供CBC模式与PKCS＃5填充
     密码既密钥和初始化向量和连接code，结果以十六进制（确保字母都大写）。的


  

3. 的 prePEND的 @ 标志的EN codeD结果的开始。的


  

  
  

注：要解密使用解密模式相同的步骤，确保你这样做之前删除 @ 标志的

  
  

---

  
  

例地穴字段的

  
  

的使用键 55a51621a664​​8525 结果
  要加密以下要求，我们应该得到它下面的

加密结果
  
  

键值对的

  
  

<$c$c>VendorTx$c$c=Tx$c$c-1310917599-223087284&Amount=36.95&Currency=GBP
＆安培;说明=描述＆安培;客户名称= FnameSurname
＆安培; CustomerEMail=customer@example.com& BillingSurname =姓氏
＆安培; BillingFirstnames = FNAME和放大器; BillingAddress1 = BillAddress 1号线
＆安培;结算城市= BillCity＆放大器; BillingPost code = W1A 1BL
＆安培;结算国家GB =＆安培; BillingPhone = 4479.33亿和放大器; DeliveryFirstnames = FNAME
＆安培; DeliverySurname =姓和放大器; DeliveryAddress1 = BillAddress 1号线
＆安培; DeliveryCity = BillCity＆放大器; DeliveryPost code = W1A 1BL
＆安培; DeliveryCountry = GB＆安培; DeliveryPhone = 4479.33亿
＆安培; SuccessURL = HTTPS：//example.com/success& FailureURL = HTTPS：//example.co/failure

  
  

加密结果的

<$p$p>@2DCD27338114D4C39A14A855702FBAB2EF40BCAC2D76A3ABC0F660A07E9C1C921C2C755BA9B59C39F882FBF6DFED114F23141D94E50A01A665B1E3
1A86C07CA1CD1BB8EF5B6CF2C23D495CD79F9C0F678D61773E7A1AA30AA5B23D56503FC0B52AC0694A8C341263D2C5FE1BAD93BDB94726761E155E9
00448F644AF1F67BE1AC77E852B9D90809A44F258EE9478B6D8C1C4ED58759263E7DBF8871C6592287C0358F36F4EEC326CEDDD440DA2FED8AB35F1B
630A5C6FA671E4D78CC8CACECF9DFDC31D6C5EC8270FB21E297E2C2E14F99A04223EFFD4F00062D440E78A3D2C7140EC8F123D247B75E7482AE98858
DA34D37EDE6D7C69AA74391F559305CF675ADB3615244A107ABBB6AF26E29A2FFA059B12688D90FE09E0DE069325BFF3587A695F5DA36E4B809B69C
C9A37034F166B63B5A62B986F4DA34E9AC9516AFDE70642EC7DAD1AEBA93A1F347D6AC7046E967DCBFE7ACFCEE5DAFC0B29F1765032B3060EBE565C
BD57D092075D15CF12725199C6881605B2E0F105698CE3ADD04361CA9D620C187B90E3F9849445B5C3C0FDF1768BFFD61F97E51316826F4F10E0E3E6
68F0A9F5ED9CCDA6F2C7CC957F12DB48F9041482E3D035E7A91852C404BFA325FED947E71F57B871DFAC6AF4FF29F4513A4A80B2D7ECC9D19D47ED04
FA99CDFC881DFA771E1EA4F3F9B2C5AC673EF3DA2699A309CC8522993A63CB8D45D3CDF09B1DFDC573CD19679B250AD6721450B5042F201670B4645
05DCAEF59E2C67ABACC9AE2EEE793CE191FEBF66B8FAF4204EFFB359246B9C99FB52805C46375FF35140F74707FBC73C7731A28A2C883A

<击>考虑到这些要求意味着你仅限于传统的ASP环境中可用的选项。

我会建议在寻找通过Persit软件或其他唯一可行的选择我能找到的是使用 AspEncrypt （经典ASP）AES加密但我没用过任这些组件我不能保证他们有多么好或坏。

---

使用传统的ASP，可以说他们一直为我工作之前，web开发中可是我已经使用Persit组件，所以我的建议是去看看，看看你的想法。

它似乎支持所需的要求，下面是一个例子基于从文档code 操纵，以适应。

＆LT;％
暗淡CM，语境，重点，斑点，地穴设置CM =的Server.CreateObject（Persits.CryptoManager）
AES需要Microsoft增强RSA和AES加密提供。
设置上下文= CM.OpenContext（，真）
设置上下文= CM.OpenContextEx（_
  Microsoft增强RSA和AES加密提供程序，，真_
）
将一滴= CM.CreateBlob
Blob.Hex ='AES-128位密钥六角恩codeD贤者支付给你钥匙
可能需要扭转这就是为什么第三个参数设置为True字节。
设置关键点= Context.ImportRawKey（BLOB，calgAES128，真）确保填充设置为PKCS＃5加密模式设置为CBC
这些实际上并不需要定义，因为他们是默认值
根据文档，只是在这里的完整性。
Key.Padding = ccpPKCS5
Key.Mode = ccmCBC
将一滴= Key.EncryptText（你的键值对）所要求的贤者收费格式加密领域
地穴=@+ Blob.Hex
％GT;


---

相关链接

• 这个问题似乎相关，但对于PHP不经典ASP的问题，虽然是相似的。 PHP和Sage工资。


• 条PS040625142 - 高级加密标准（AES），支持

I always get the same error 3045: The Currency field is missing, when posting this form:

<form name="frmPay" action="https://test.sagepay.com/gateway/service/vspform-register.vsp" method="POST">
<input type="text" name="VPSProtocol" value="3.00" />
<input type="text" name="TxType" value="PAYMENT" />
<input type="text" name="Vendor" value="myvendor" />    
Crypt:<textarea rows="10" cols="200" name="Crypt"><%=Crypt%></textarea>
<input type="submit" value="Send" />
</form>

I think the error is in the encryption

Could someone send encryption routine for classic ASP?

解决方案

UPDATE (19-Nov-2014): A useful link has come to light through another question on this topic.

https://www.sagepaylabs.com/AES.zip

The file contains Classic ASP example of how to implement AES (128-bit) using a modified version of the AES Rijndael Block Cipher originally written by Phil Fresle (2001) but has been modified by Mat Peck at Sage Pay to run with 128-bit blocks (AES) with CBC and PKCS#5 padding.

The Classic ASP example contains two files

  includes.asp
  rijndael.asp

---

The Sage Pay Form Integration requirement is very specific.

From Form integration protocol and guidelines

A1.1 The Crypt Field

1. The Crypt field should contain all the other transaction information (see the next section) in plain text as Name=Value fields separated by ‘&’ characters. Ensure that all mandatory fields are present and that there are no spaces after the ‘&’ character.

2. This string should then be encrypted using AES(block size 128-bit) in CBC mode with PKCS#5 padding using the provided password as both the key and initialisation vector and encode the result in hex (making sure the letters are in upper case).

3. Prepend the @ sign to the beginning of the encoded result.

NB : To decrypt use the same procedure in decryption mode, making sure you remove the @ sign before doing so.

---

Example Crypt Field

Using the key 55a51621a6648525
To encrypt the following request we should get the encrypted result below it

Key Value Pairs

VendorTxCode=TxCode-1310917599-223087284&Amount=36.95&Currency=GBP
&Description=description&CustomerName=FnameSurname
&CustomerEMail=customer@example.com&BillingSurname=Surname
&BillingFirstnames=Fname&BillingAddress1=BillAddress Line 1
&BillingCity=BillCity&BillingPostCode=W1A 1BL
&BillingCountry=GB&BillingPhone=447933000000&DeliveryFirstnames=Fname
&DeliverySurname=Surname&DeliveryAddress1=BillAddress Line 1
&DeliveryCity=BillCity&DeliveryPostCode=W1A 1BL
&DeliveryCountry=GB&DeliveryPhone=447933000000
&SuccessURL=https://example.com/success&FailureURL=https://example.co/failure

Encrypted Result

@2DCD27338114D4C39A14A855702FBAB2EF40BCAC2D76A3ABC0F660A07E9C1C921C2C755BA9B59C39F882FBF6DFED114F23141D94E50A01A665B1E3
1A86C07CA1CD1BB8EF5B6CF2C23D495CD79F9C0F678D61773E7A1AA30AA5B23D56503FC0B52AC0694A8C341263D2C5FE1BAD93BDB94726761E155E9
00448F644AF1F67BE1AC77E852B9D90809A44F258EE9478B6D8C1C4ED58759263E7DBF8871C6592287C0358F36F4EEC326CEDDD440DA2FED8AB35F1B
630A5C6FA671E4D78CC8CACECF9DFDC31D6C5EC8270FB21E297E2C2E14F99A04223EFFD4F00062D440E78A3D2C7140EC8F123D247B75E7482AE98858
DA34D37EDE6D7C69AA74391F559305CF675ADB3615244A107ABBB6AF26E29A2FFA059B12688D90FE09E0DE069325BFF3587A695F5DA36E4B809B69C
C9A37034F166B63B5A62B986F4DA34E9AC9516AFDE70642EC7DAD1AEBA93A1F347D6AC7046E967DCBFE7ACFCEE5DAFC0B29F1765032B3060EBE565C
BD57D092075D15CF12725199C6881605B2E0F105698CE3ADD04361CA9D620C187B90E3F9849445B5C3C0FDF1768BFFD61F97E51316826F4F10E0E3E6
68F0A9F5ED9CCDA6F2C7CC957F12DB48F9041482E3D035E7A91852C404BFA325FED947E71F57B871DFAC6AF4FF29F4513A4A80B2D7ECC9D19D47ED04
FA99CDFC881DFA771E1EA4F3F9B2C5AC673EF3DA2699A309CC8522993A63CB8D45D3CDF09B1DFDC573CD19679B250AD6721450B5042F201670B4645
05DCAEF59E2C67ABACC9AE2EEE793CE191FEBF66B8FAF4204EFFB359246B9C99FB52805C46375FF35140F74707FBC73C7731A28A2C883A

Taking into consideration these requirements means your limited on the options available in a Classic ASP environment.

I would recommend on looking at using AspEncrypt by Persit Software or the only other promising option I can find is (Classic ASP) AES Encryption but as I have not used either of these components I cannot vouch for how good or bad they are.

---

However I have used Persit components before during web development using Classic ASP and can say that they have always worked for me so my recommendation would be to have a look and see what you think.

It does seem to support the needed requirement, here is an example based on code from the documentation manipulated to suit.

<%
Dim CM, Context, Key, Blob, Crypt

Set CM = Server.CreateObject("Persits.CryptoManager")
'AES requires the Microsoft Enhanced RSA and AES Cryptographic Provider.
'Set Context = CM.OpenContext("", True )
Set Context = CM.OpenContextEx( _
  "Microsoft Enhanced RSA and AES Cryptographic Provider", "", True _
)
Set Blob = CM.CreateBlob
Blob.Hex = "Hex Encoded Key given to you by Sage Pay" 'AES-128 Bit Key
'Might need to reverse the bytes which is why the third parameter is set to True.
Set Key = Context.ImportRawKey(Blob, calgAES128, True)

'Make sure padding is set to PKCS#5 and Cipher Mode is set to CBC
'these don't actually need defining because they are the defaults
'according to the documentation, just here for completeness.
Key.Padding = ccpPKCS5
Key.Mode = ccmCBC
Set Blob = Key.EncryptText("your key value pairs")

'Format encrypted field as required by Sage Pay
Crypt = "@" + Blob.Hex
%>

---

Useful Links

• This question appears to be related but is for PHP not Classic ASP the problem though is similar. PHP and Sage Pay.
• Article PS040625142 - Advanced Encryption Standard (AES) Support

这篇关于加密使用的是经典的ASP为SagePay形式集成地穴场的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！