Cybersource Developer Community Cybersource Developer Community

@airman81 @Renaissance @jgoebel

Thanks. I'm now to the point where I'm just building the hash with array element numbers of the response returned to me (based on the order of response fields in the AIM Developer Guide), plus for some, I'm just using the values that I sent in the first place. Regardless, in checking, I am using the right fields according to the the HMAC SHA512 Hash feature from the SIM developer guide.

 

I have that coded and tested and STILL can't match the SHA-512 hash that they're sending back. I've checked and re-checked and I'm hashing the correct fields in the correct order.

The only other thing I can think of is that I'm using the wrong hashing method.

Since the hash they are returning (returned in element 68) is a hex value, I am generating mine as a hex hash.

After I build the SHA hash string which looks like this:

 

^0^TRUE^1^000000^^^P^CC^XXXX0002^39.00^^Sharon^SHAtest^123 Somewhere Street^
 Anywhere^PA^19666^US^6109876543^^sharon.test@test.com^^^^^^^^^8479^

 

I convert the stored signature key from hex to binary:

my $key = pack 'H*', $sig_key;

 

then I hash it using Digest::SHA using the hmac_sha512_hex method (I also uppercase it since that's what is in the hash they send back to me).

my $sha512 = Digest::SHA->new;
my $sent_sha512_hash = uc($sha512->hmac_sha512_hex($sha512_string, $key));

 

I print out the hash I generated and the one they sent to me - and no match.

 

Any other suggestions? I have to stop in a bit, so I may not response to your posts on a timely basis. But I appreciate ANY and ALL help.

 

@smorrow123,

I am interested in talking to your employers about their integration. Message me if you would.

As it relates to this hash, I can solve this for you. Here’s what we need-

-first, prelim just to make sure that we are on the same page. You have went into your merchant interface and generated a signature key, correct? And you are using that to hash? Below is an explanation of how that works.

You have 3 API credentials, transaction key, login, and signature key. The trans key and login you have had to use for everything you’ve ever done. This may be the first time you have had to use a signature key. The signature key has nothing to do with what you used to put in the interface for MD5. It is a key that is generated in you merchant interface.

-assuming you have a signature key, if you are comfortable doing the following I can almost certainly give you the correct delimited string. Disable it immediately in your interface, then send it to me in a private
message. Disabling it will stop it from ever working again, and you will have to generate a new one.

I can use the disabled key you send me in a hash function in php and get it to match what is being returned to you in your post from 1/21. Then I will send you the string.

This assumes this is not against your policy and you feel safe doing it. I’m a volunteer on this forum and obviously mean no one no harm. The reason I offer is I can see you are struggling with this and have been for days. It’s getting painful for you at this point, and I could do this very efficiently if I cut out the middleman. Our process right now is for iteration after iteration to be attempted, followed by feedback on what happened, with successive iterations continuing on. On my end I’m pretty darn good with this and can iterate rapidly and quite possibly have this done very fast.

Totally your choice and it’s an offer.

@Renaissance

Yes, I generated the signature key online and saved it in our database. That part I'm sure I got ok.

Then I use the pack statement to convert it to binary and use it as the $key in my prior code. I'm pretty sure that's ok, too, since the pack was recommended by several different people (on this forum and elsewhere).  

 

I send through the string that I provided and the binary key and hash it using the perl module Digest::SHA.

 

The old MD5 method (still implemented in live version) does it a little differently, and uses Digest::MD5. It started out with a straight ASCII hash value for the md5-hash. It builds a string:

my $md5_string = $md5_hash . $auth_net_login_id . $tranid . $grandtotal;

then:

my $md5 = Digest::MD5->new;
$md5->add($md5_string);
my $sent_md5_hash = uc($md5->hexdigest); #this is what was compared to what they sent.

 

But the SHA method is a little different. I don't know if I'm doing that wrong - but it uses a string and a key so it's a bit different from MD5. 

 

To be honest, I'm not sure that having you do this on your end is going to help. If it's the data, maybe so - but if it's the hashing method, then your PHP code will do it completely differently and I won't be able to correlate it to what I'm using.

So, I guess what I need is someone who is possibly using the Digest::SHA module in their perl program and can tell me if I'm doing this wrong. OR a perl programmer who can share how they calculated the hash value if using something other than Digest::SHA. I'm open to all suggestions.

 

I have to stop for now. My brain is fried after 6 hours of solid coding/testing without a break. Thanks.

 

 

 

 

Okay, forget that entire last bit.

AIM doesn’t use those 30 fields. You need to go to my post “working php hash” and make a Perl parallel to that. You need login, transactionkey, and amount.

The sha2 hash has nothing to do with what language you use. It is based on the sha512 algorithm. It is no more different from one language to the next than numbers are. Just like 2 + 2 will output 4 in Perl an php and java, so with sha512 hashes spit out the exact same thing.

Good news is your life just got easier. You need three variables in your delimited string and they all come from you. Transkey, Login, and Amount. The exact string I put in my post about php will work for you. You can do whatever it is you need to to make it Perl syntax.

Here is the link.

https://support.authorize.net/s/article/MD5-Hash-End-of-Life-Signature-Key-Replacement

@Renaissance

This is getting crazy!!! Everything I read said that the 3 fields that Authorize.net said to use (if you were using the API) would not work - that I needed all 30 fields as is done with SIM!!

I will try it - but it will have to wait until tomorrow at the earliest.

The wheels just keep spinning and spinning and spinning and I'm getting nowhere!! .....

 

 

And transkey was a typo. It’s transid. So it looks like your very first post was correct. Per the new documentation released today. Why that didn’t match after converting the signature key to binary I do not know.

Yeah no one knew what integration method you were using and the AIM documentation says nothing about this. You had said that you were using a post method with LWP and I thought that sounded like maybe direct post. From there everyone took off with the assumption that you were using direct post but we never confirmed if that was in fact the case. The AIM method was just documented today in that link. Up to this point everything involving AIM was a stab in the dark. So even if we knew you were on AIM we would have had to flip a coin on what string we use.

For some mysterious reason your first string didn’t work. It looks exactly correct per the docs.