加密使用的是经典的ASP为SagePay形式集成地穴场 [英] Encrypting Crypt field using Classic ASP for SagePay Form Integration

查看:270
本文介绍了加密使用的是经典的ASP为SagePay形式集成地穴场的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我总是得到同样的错误3045:货币发行领域的缺失,张贴这种形式时:

 <表格名称=frmPay行动=htt​​ps://test.sagepay.com/gateway/service/vspform-register.vsp方法=POST>
<输入类型=文本名称=VPSProtocol值=3.00/>
<输入类型=文本名称=TxTypeVALUE =PAYMENT/>
<输入类型=文本名称=供应商值=的Myvendor/>
隐窝:或其可textarea的行=10COLS =200名称=隐窝>&下;%=隐窝%GT;&下; / textarea的>
<输入类型=提交值=发送/>
< /表及GT;

我认为错误是在加密

有人能发送加密例程传统的ASP?


解决方案

  

UPDATE(19 - 11月 - 2014年)::一种有益的联系已经通过另一个问题关于这个话题。


  
  

https://www.sagepaylabs.com/AES.zip


  
  

该文件包含了如何实现使用AES的Rijndael分组密码最初由菲尔Fresle(2001)写的修改版本AES(128位)经典ASP的例子,但已被垫派克在贤者收费修改为与运行与CBC和PKCS#128位数据块(AES)5填充。


  
  

经典ASP示例包含两个文件


  includes.asp
  rijndael.asp



圣人收费形式整合的要求是非常具体的。


  

从<一个href=\"http://www.sagepay.co.uk/file/6941/download-document/FORM_Protocol_and_Integration_Guidelines_300114.pdf?token=SYAK3maL_Ite0jxNhVK2CpjZ9fcAe1O6t7KgnoJGAuk\"相对=nofollow>表单集成协议和准则


  
  

A1.1地穴字段


  
  

      
  1. 地穴字段应该包含所有的纯文本名称=值字段中的其他交易信息(见下一节)
      分隔'和;'字符。确保所有必填字段是present并有后没有空格'和;'字


  2.   
  3. 此字符串然后应使用加密AES(块大小128位)使用提供CBC模式与PKCS#5填充
      密码既密钥和初始化向量和连接code,结果以十六进制(确保字母都大写)。


  4.   
  5. prePEND的 @ 标志的EN codeD结果的开始。


  6.   

  
  

注:要解密使用解密模式相同的步骤,确保你这样做之前删除 @ 标志


  
  

  
  

例地穴字段


  
  

使用键 55a51621a664​​8525 结果
  要加密以下要求,我们应该得到它下面

加密结果
  
  

键值对


  
  

<$c$c>VendorTx$c$c=Tx$c$c-1310917599-223087284&Amount=36.95&Currency=GBP
&安培;说明=描述&安培;客户名称= FnameSurname
&安培; CustomerEMail=customer@example.com& BillingSurname =姓氏
&安培; BillingFirstnames = FNAME和放大器; BillingAddress1 = BillAddress 1号线
&安培;结算城市= BillCity&放大器; BillingPost code = W1A 1BL
&安培;结算国家GB =&安培; BillingPhone = 4479.33亿和放大器; DeliveryFirstnames = FNAME
&安培; DeliverySurname =姓和放大器; DeliveryAddress1 = BillAddress 1号线
&安培; DeliveryCity = BillCity&放大器; DeliveryPost code = W1A 1BL
&安培; DeliveryCountry = GB&安培; DeliveryPhone = 4479.33亿
&安培; SuccessURL = HTTPS://example.com/success& FailureURL = HTTPS://example.co/failure


  
  

加密结果

<$p$p>@2DCD27338114D4C39A14A855702FBAB2EF40BCAC2D76A3ABC0F660A07E9C1C921C2C755BA9B59C39F882FBF6DFED114F23141D94E50A01A665B1E3
1A86C07CA1CD1BB8EF5B6CF2C23D495CD79F9C0F678D61773E7A1AA30AA5B23D56503FC0B52AC0694A8C341263D2C5FE1BAD93BDB94726761E155E9
00448F644AF1F67BE1AC77E852B9D90809A44F258EE9478B6D8C1C4ED58759263E7DBF8871C6592287C0358F36F4EEC326CEDDD440DA2FED8AB35F1B
630A5C6FA671E4D78CC8CACECF9DFDC31D6C5EC8270FB21E297E2C2E14F99A04223EFFD4F00062D440E78A3D2C7140EC8F123D247B75E7482AE98858
DA34D37EDE6D7C69AA74391F559305CF675ADB3615244A107ABBB6AF26E29A2FFA059B12688D90FE09E0DE069325BFF3587A695F5DA36E4B809B69C
C9A37034F166B63B5A62B986F4DA34E9AC9516AFDE70642EC7DAD1AEBA93A1F347D6AC7046E967DCBFE7ACFCEE5DAFC0B29F1765032B3060EBE565C
BD57D092075D15CF12725199C6881605B2E0F105698CE3ADD04361CA9D620C187B90E3F9849445B5C3C0FDF1768BFFD61F97E51316826F4F10E0E3E6
68F0A9F5ED9CCDA6F2C7CC957F12DB48F9041482E3D035E7A91852C404BFA325FED947E71F57B871DFAC6AF4FF29F4513A4A80B2D7ECC9D19D47ED04
FA99CDFC881DFA771E1EA4F3F9B2C5AC673EF3DA2699A309CC8522993A63CB8D45D3CDF09B1DFDC573CD19679B250AD6721450B5042F201670B4645
05DCAEF59E2C67ABACC9AE2EEE793CE191FEBF66B8FAF4204EFFB359246B9C99FB52805C46375FF35140F74707FBC73C7731A28A2C883A

<击>考虑到这些要求意味着你仅限于传统的ASP环境中可用的选项。

我会建议在寻找通过Persit软件或其他唯一可行的选择我能找到的是使用 AspEncrypt (经典ASP)AES加密但我没用过任这些组件我不能保证他们有多么好或坏。


使用传统的ASP,可以说他们一直为我工作之前,web开发中可是我已经使用Persit组件,所以我的建议是去看看,看看你的想法。

它似乎支持所需的要求,下面是一个例子基于从文档code 操纵,以适应。

&LT;%
暗淡CM,语境,重点,斑点,地穴设置CM =的Server.CreateObject(Persits.CryptoManager)
AES需要Microsoft增强RSA和AES加密提供。
设置上下文= CM.OpenContext(,真)
设置上下文= CM.OpenContextEx(_
  Microsoft增强RSA和AES加密提供程序,,真_

将一滴= CM.CreateBlob
Blob.Hex ='AES-128位密钥六角恩codeD贤者支付给你钥匙
可能需要扭转这就是为什么第三个参数设置为True字节。
设置关键点= Context.ImportRawKey(BLOB,calgAES128,真)确保填充设置为PKCS#5加密模式设置为CBC
这些实际上并不需要定义,因为他们是默认值
根据文档,只是在这里的完整性。
Key.Padding = ccpPKCS5
Key.Mode = ccmCBC
将一滴= Key.EncryptText(你的键值对)所要求的贤者收费格式加密领域
地穴=@+ Blob.Hex
%GT;


相关链接

I always get the same error 3045: The Currency field is missing, when posting this form:

<form name="frmPay" action="https://test.sagepay.com/gateway/service/vspform-register.vsp" method="POST">
<input type="text" name="VPSProtocol" value="3.00" />
<input type="text" name="TxType" value="PAYMENT" />
<input type="text" name="Vendor" value="myvendor" />    
Crypt:<textarea rows="10" cols="200" name="Crypt"><%=Crypt%></textarea>
<input type="submit" value="Send" />
</form>

I think the error is in the encryption

Could someone send encryption routine for classic ASP?

解决方案

UPDATE (19-Nov-2014): A useful link has come to light through another question on this topic.

https://www.sagepaylabs.com/AES.zip

The file contains Classic ASP example of how to implement AES (128-bit) using a modified version of the AES Rijndael Block Cipher originally written by Phil Fresle (2001) but has been modified by Mat Peck at Sage Pay to run with 128-bit blocks (AES) with CBC and PKCS#5 padding.

The Classic ASP example contains two files

  includes.asp
  rijndael.asp


The Sage Pay Form Integration requirement is very specific.

From Form integration protocol and guidelines

A1.1 The Crypt Field

  1. The Crypt field should contain all the other transaction information (see the next section) in plain text as Name=Value fields separated by ‘&’ characters. Ensure that all mandatory fields are present and that there are no spaces after the ‘&’ character.

  2. This string should then be encrypted using AES(block size 128-bit) in CBC mode with PKCS#5 padding using the provided password as both the key and initialisation vector and encode the result in hex (making sure the letters are in upper case).

  3. Prepend the @ sign to the beginning of the encoded result.

NB : To decrypt use the same procedure in decryption mode, making sure you remove the @ sign before doing so.


Example Crypt Field

Using the key 55a51621a6648525
To encrypt the following request we should get the encrypted result below it

Key Value Pairs

VendorTxCode=TxCode-1310917599-223087284&Amount=36.95&Currency=GBP
&Description=description&CustomerName=FnameSurname
&CustomerEMail=customer@example.com&BillingSurname=Surname
&BillingFirstnames=Fname&BillingAddress1=BillAddress Line 1
&BillingCity=BillCity&BillingPostCode=W1A 1BL
&BillingCountry=GB&BillingPhone=447933000000&DeliveryFirstnames=Fname
&DeliverySurname=Surname&DeliveryAddress1=BillAddress Line 1
&DeliveryCity=BillCity&DeliveryPostCode=W1A 1BL
&DeliveryCountry=GB&DeliveryPhone=447933000000
&SuccessURL=https://example.com/success&FailureURL=https://example.co/failure

Encrypted Result

@2DCD27338114D4C39A14A855702FBAB2EF40BCAC2D76A3ABC0F660A07E9C1C921C2C755BA9B59C39F882FBF6DFED114F23141D94E50A01A665B1E3
1A86C07CA1CD1BB8EF5B6CF2C23D495CD79F9C0F678D61773E7A1AA30AA5B23D56503FC0B52AC0694A8C341263D2C5FE1BAD93BDB94726761E155E9
00448F644AF1F67BE1AC77E852B9D90809A44F258EE9478B6D8C1C4ED58759263E7DBF8871C6592287C0358F36F4EEC326CEDDD440DA2FED8AB35F1B
630A5C6FA671E4D78CC8CACECF9DFDC31D6C5EC8270FB21E297E2C2E14F99A04223EFFD4F00062D440E78A3D2C7140EC8F123D247B75E7482AE98858
DA34D37EDE6D7C69AA74391F559305CF675ADB3615244A107ABBB6AF26E29A2FFA059B12688D90FE09E0DE069325BFF3587A695F5DA36E4B809B69C
C9A37034F166B63B5A62B986F4DA34E9AC9516AFDE70642EC7DAD1AEBA93A1F347D6AC7046E967DCBFE7ACFCEE5DAFC0B29F1765032B3060EBE565C
BD57D092075D15CF12725199C6881605B2E0F105698CE3ADD04361CA9D620C187B90E3F9849445B5C3C0FDF1768BFFD61F97E51316826F4F10E0E3E6
68F0A9F5ED9CCDA6F2C7CC957F12DB48F9041482E3D035E7A91852C404BFA325FED947E71F57B871DFAC6AF4FF29F4513A4A80B2D7ECC9D19D47ED04
FA99CDFC881DFA771E1EA4F3F9B2C5AC673EF3DA2699A309CC8522993A63CB8D45D3CDF09B1DFDC573CD19679B250AD6721450B5042F201670B4645
05DCAEF59E2C67ABACC9AE2EEE793CE191FEBF66B8FAF4204EFFB359246B9C99FB52805C46375FF35140F74707FBC73C7731A28A2C883A

Taking into consideration these requirements means your limited on the options available in a Classic ASP environment.

I would recommend on looking at using AspEncrypt by Persit Software or the only other promising option I can find is (Classic ASP) AES Encryption but as I have not used either of these components I cannot vouch for how good or bad they are.


However I have used Persit components before during web development using Classic ASP and can say that they have always worked for me so my recommendation would be to have a look and see what you think.

It does seem to support the needed requirement, here is an example based on code from the documentation manipulated to suit.

<%
Dim CM, Context, Key, Blob, Crypt

Set CM = Server.CreateObject("Persits.CryptoManager")
'AES requires the Microsoft Enhanced RSA and AES Cryptographic Provider.
'Set Context = CM.OpenContext("", True )
Set Context = CM.OpenContextEx( _
  "Microsoft Enhanced RSA and AES Cryptographic Provider", "", True _
)
Set Blob = CM.CreateBlob
Blob.Hex = "Hex Encoded Key given to you by Sage Pay" 'AES-128 Bit Key
'Might need to reverse the bytes which is why the third parameter is set to True.
Set Key = Context.ImportRawKey(Blob, calgAES128, True)

'Make sure padding is set to PKCS#5 and Cipher Mode is set to CBC
'these don't actually need defining because they are the defaults
'according to the documentation, just here for completeness.
Key.Padding = ccpPKCS5
Key.Mode = ccmCBC
Set Blob = Key.EncryptText("your key value pairs")

'Format encrypted field as required by Sage Pay
Crypt = "@" + Blob.Hex
%>


Useful Links

这篇关于加密使用的是经典的ASP为SagePay形式集成地穴场的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆