Showing results for 
Search instead for 
Did you mean: 

Can anyone refer me to developer for MD5Hash update?

I am in quandary as do not have developer. I am using the SIM method and MDHash5 want to upgrade to the accepted host and signature key but not sure how to do. My site is built on php/mysql. If I cannot find someone I am going to have to disable the payment option.


Not sure if will let me post email here or can reply or message me please. Thank you.


Accepted Solutions

@RenaissanceYou are the best! You were the only one who was able to help me update the Hash to Signature key with my website. Thanks!

View solution in original post


Hi @govirtual1


I can refer you to myself. Send me a PM. Click on my name and it will let you send me a message.  

All Star

@RenaissanceYou are the best! You were the only one who was able to help me update the Hash to Signature key with my website. Thanks!

I have this procedural code that has been working fine for years. Its simple, straight forward and works.  Now with the migration to HSA512 I wonder how I can upgrade, or if I need to.  I tried to test it in a sandbox but sandboxes do not generate asignature key.  Well here is the code:


function authorize_cc ($cc,$exp,$cvv,$amount,$first_name,$last_name,$login='',$tranKey='',$signatureKey=''){


$post_string = 'x_login=' . $login;
$post_string .= '&x_tran_key=' . $tranKey;
$post_string .= '&x_delim_data=TRUE';
$post_string .= '&x_url=FALSE';
$post_string .= '&x_type=AUTH_CAPTURE';
$post_string .= '&x_method=CC';
$post_string .= '&x_relay_response=FALSE';
$post_string .= '&x_card_num=' . $cc;
$post_string .= '&x_exp_date=' . $exp;
$post_string .= '&x_amount=' . $amount;
$post_string .= '&x_address=';
$post_string .= '&x_zip=';
$post_string .= '&x_card_code=' . $cvv;
$post_string .= '&x_name=' . $first_name . ' ' . $last_name;


//# New SHA512 hash


if ($signatureKey != '') {
$textToHash="^". $login."^". $tranKey ."^". $amount."^";
$sig = hash_hmac('sha512', $textToHash, hex2bin($signatureKey));

//# Now what do we do with $sig? Do we include the rest of the fields in the hash?


$test_url = '';
$production_url = '';


$curl_request = curl_init( $test_url );

curl_setopt( $curl_request, CURLOPT_POSTFIELDS, $post_string );
curl_setopt( $curl_request, CURLOPT_HEADER, 0 );
curl_setopt( $curl_request, CURLOPT_TIMEOUT, 45 );
curl_setopt( $curl_request, CURLOPT_RETURNTRANSFER, 1 );
curl_setopt( $curl_request, CURLOPT_SSL_VERIFYHOST, 2 );
curl_setopt( $curl_request, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2 );
curl_setopt( $curl_request, CURLOPT_SSL_VERIFYPEER, false );

$response = curl_exec( $curl_request );

curl_close( $curl_request );

$results = explode(',',$response);

return $results;



Could anyone give some point on what to do next?



You're using the wrong string in your fingerprint. More pressing than the fingerprint is the validation of the response. You will need to implement a sha512 response validation or you will have to disable response validation completely once the md5 is gone. 

That is my question.  How can I implement SHA512 in my routine?  I am using a sand box to test it but the sand box does not gives you a way to generate a key, the only thing you get is the id and the transaction id. I have gone through the SDK, which is very cumbersome to follow, and I have not been able to pinpoint where SHA512 is used to connect through CURD.  My function works well in production and also with the sandbox.  All I need if a way to authorize credit cards and capture the transaction.  I wish would give you points without refereing you to a cumbersome SDK.

You can generate a signature key in the sandbox. Just go to your API credentials page and select “generate a new signature key”. That’s the first thing you need. The signature key is not something that is unique to each transaction. It is a credential that is tied to you and only changes when you cancel it and get a new one. It is similar to a transaction key in that way.

Message 58 in that post has 100% tested and working code for SIM/DPM. Go generate a signature key. Copy and paste in that code. There is a fingerprint piece and a separate response verification piece. The code has comments for where each piece is.