Reputation: 161
Implementing SagePay Form Integration with Ruby on Rails
I'm using SagePay's form integration method with a Ruby on Rails/EmberJS app. I'm handling all the complex payment construction in Rails.
In short, SagePay needs an encrypted, encoded 'crypt' string, which contains data such as the user's billing address, the amount, post-payment redirects, and other transaction data.
SagePay gives an encryption password in the test environment. The form integration guide says to build the crypt as a string, then encrypt it using AES-256 and the encryption password, then Base64 encode the string for POSTing to the Sage test payments server.
Here's how I've implemented this (using the Encryptor gem):
def encryptandencode(string)
salt = Time.now.to_i.to_s
secret_key = 'test-server-secret-key-from-sage'
iv = OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_iv
encrypted_value = Encryptor.encrypt(string, :key => secret_key, :iv => iv, :salt => salt)
encoded = Base64.encode64(encrypted_value).encode('utf-8')
return encoded
end
where string is the unencoded, unencrypted Crypt string containing transaction data.
The problem
Encryptor refuses to use the given secret key. It says the key is too short.
What am I missing here?
Upvotes: 1
Views: 916
Answers (3)
Reputation: 395
I was struggling with this too, and receiving the same error message.
I finally decided to try each line from the Encryptor gem directly and no longer received that error message. Therefore I have ditched that gem from my Gemfile.
BTW, you have a few things wrong in your example:
- you need to use 128 bit encryption, not the default 256:
:algorithm => 'aes-128-cbc' - the initialisation vector needs to be the same as the key:
:iv => secret_key - you mustn't use a salt
- the result needs to be hex encoded not Base64
result = encrypted_value.split('').map { |c| "%02X" % c.ord }.join
Upvotes: 1
Reputation: 520
The Test and Live Encryption password differ also check your encryption password is 16 characters in length.
Sage Pay Support
Upvotes: 0
Reputation: 4753
I'm struggling to do the same thing in ASP.NET. I don't know why the example 'Integration Kits' they give you on the website are so complicated. They may represent elegant pieces of code in themselves, but they obfuscate how things are working by having functions call functions call methods using settings in the web.config file. For developers new to this API a simple example with all the code in one place would be helpful.
ANYWAY, I still haven't got it working but I have managed to overcome the problem you're having, though my method may not help you since I'm working in ASP.NET. I added a reference to the SagePay.IntegrationKit.DotNet.dll to my project, after which I was able to call the function
SagePay.IntegrationKit.Cryptography.EncryptAndEncode(<name=value collection>, <Encryption Password>)
I now appear to get a valid encrypted string to send to SagePay, my problem is that their website says the encryption is wrong, so this is still a work in progress.
Upvotes: 1
Related Questions
- SagePay AES form integration
- Sagepay integration without mcrypt
- Sage Pay Integration with a simple html form
- Using Sagepay PHP Integration Toolkit
- Ruby hash encrypting
- SagePay V3 Form Integration using CFML - AES Encryption
- Does anyone know how to integrate sagepay inFrame payments?
- SagePay Server Integration Verify Signature
- Encrypt for SagePay forms using ColdFusion
- Secure sensitive data (credit card) on RoR