Reply
Member
Posts: 3
Registered: ‎02-18-2019

Help (hmac sha512)

Please advice

 

While determining the SHA512 value using the 30 form field values and that is returned from the silent url doesn't match

 

StringValue = "^^60117720851^false^1^H0ENJ3^P^2^Y^CC^XXXX0002^5.00^^Kim^Abunuwara^test, ,^Orem^UT^84097^United States of America^^^gartha@quickmerlin.com^^^^^^^^^1111651-MS-903088832^  "

Signature Key = DC3F79CD0C200E088B3E51EA84BFDC47EED00388F46C014C794D95BF499467EC31FA42AD7AEAFBEE88D9888CE777EF428D3B2C18915DAC2660CA3204A1C53AAB

 

Actual Value from Response

SHA512 = 1B63276C9779170B4C74B261FD742C26939420C2FBFE714410A38B11CB1E9B5972AD37B5ECBC6778CAA388BD89B5D567557C0527CECF4B67482BF2F2CC787444 get from the response

 

Scenario 1

By using the string Value (30 form field values) and by using the .net Code to determine the SHA512 i get a different value

Following is how i determine the textToHash value

 

Dim x_trans_id
    x_trans_id = AssignDefaultValueIfBlank(Request.Form("x_trans_id"))
Dim x_test_request
    x_test_request = AssignDefaultValueIfBlank(Request.Form("x_test_request"))
Dim x_response_code
    x_response_code = AssignDefaultValueIfBlank(Request.Form("x_response_code"))
Dim x_auth_code
    x_auth_code = AssignDefaultValueIfBlank(Request.Form("x_auth_code"))
Dim x_cvv2_resp_code
    x_cvv2_resp_code = AssignDefaultValueIfBlank(Request.Form("x_cvv2_resp_code"))
Dim x_cavv_response
    x_cavv_response = AssignDefaultValueIfBlank(Request.Form("x_cavv_response"))     
Dim x_avs_code
    x_avs_code = AssignDefaultValueIfBlank(Request.Form("x_avs_code"))     
Dim x_method
    x_method = AssignDefaultValueIfBlank(Request.Form("x_method"))
Dim x_account_number
    x_account_number = AssignDefaultValueIfBlank(Request.Form("x_account_number"))   
Dim x_amount
    x_amount = AssignDefaultValueIfBlank(Request.Form("x_amount"))     
Dim x_company
    x_company = AssignDefaultValueIfBlank(Request.Form("x_company"))     
Dim x_first_name
    x_first_name = AssignDefaultValueIfBlank(Request.Form("x_first_name"))   
Dim x_last_name
    x_last_name = AssignDefaultValueIfBlank(Request.Form("x_last_name"))     
Dim x_address
    x_address = AssignDefaultValueIfBlank(Request.Form("x_address")) 
Dim x_city
    x_city = AssignDefaultValueIfBlank(Request.Form("x_city"))          
Dim x_state
    x_state = AssignDefaultValueIfBlank(Request.Form("x_state"))    
Dim x_zip
    x_zip = AssignDefaultValueIfBlank(Request.Form("x_zip"))   
Dim x_country
    x_country = AssignDefaultValueIfBlank(Request.Form("x_country"))     
Dim x_phone
    x_phone = AssignDefaultValueIfBlank(Request.Form("x_phone"))     
Dim x_fax
    x_fax = AssignDefaultValueIfBlank(Request.Form("x_fax")) 
Dim x_email
    x_email = AssignDefaultValueIfBlank(Request.Form("x_email"))           
Dim x_ship_to_company
    x_ship_to_company = AssignDefaultValueIfBlank(Request.Form("x_ship_to_company"))      
Dim x_ship_to_first_name
    x_ship_to_first_name = AssignDefaultValueIfBlank(Request.Form("x_ship_to_first_name"))    
Dim x_ship_to_last_name
    x_ship_to_last_name = AssignDefaultValueIfBlank(Request.Form("x_ship_to_last_name"))    
Dim x_ship_to_address
    x_ship_to_address = AssignDefaultValueIfBlank(Request.Form("x_ship_to_address"))    
Dim x_ship_to_city
    x_ship_to_city = AssignDefaultValueIfBlank(Request.Form("x_ship_to_city"))   
Dim x_ship_to_state
    x_ship_to_state = AssignDefaultValueIfBlank(Request.Form("x_ship_to_state"))       
Dim x_ship_to_zip
    x_ship_to_zip = AssignDefaultValueIfBlank(Request.Form("x_ship_to_zip"))     
Dim x_ship_to_country
    x_ship_to_country = AssignDefaultValueIfBlank(Request.Form("x_ship_to_country"))     
Dim x_invoice_num
    x_invoice_num = AssignDefaultValueIfBlank(Request.Form("x_invoice_num"))  
    
Dim textToHash 
    textToHash = "^" & x_trans_id  & "^" & x_test_request  & "^" & x_response_code  & "^" & x_auth_code  & "^" & x_cvv2_resp_code  & "^" & x_cavv_response  & "^" & x_avs_code  & "^" & x_method  & "^" & x_account_number  & "^" & x_amount  & "^" & x_company  & "^" & x_first_name  & "^" & x_last_name  & "^" & x_address  & "^" & x_city  & "^"
    textToHash = textToHash & x_state & "^" & x_zip & "^" & x_country & "^" & x_phone & "^" & x_fax & "^" & x_email & "^" & x_ship_to_company & "^" & x_ship_to_first_name & "^" & x_ship_to_last_name & "^" & x_ship_to_address & "^" & x_ship_to_city & "^" & x_ship_to_state & "^" & x_ship_to_zip & "^" & x_ship_to_country & "^" & x_invoice_num & "^"        

 

StringValue = "^^60117720851^false^1^H0ENJ3^P^2^Y^CC^XXXX0002^5.00^^Kim^Abunuwara^test, ,^Orem^UT^84097^United States of America^^^gartha@quickmerlin.com^^^^^^^^^1111651-MS-903088832^  "

Signature Key = DC3F79CD0C200E088B3E51EA84BFDC47EED00388F46C014C794D95BF499467EC31FA42AD7AEAFBEE88D9888CE777EF428D3B2C18915DAC2660CA3204A1C53AAB 

SHA512 = FD5AEB8713300C38B7D6A6E25624DE553832A62D56C58C9D5BA15A452863E521E215D16BA06CED8E040B37AA828DAE63470DE2870E4D446CC15A8004EA21ED50

 

Scenario 2

By using the string value (3 form fields)

apiLogin  = "3stJ86Ef"
transId  = "60117720851"
amount  = "5.00"

textToHash = "^" + apiLogin + "^" + transId + "^" + amount + "^"

                     = "^3stJ86Ef^60117720851^5.00^"

 

SHA512 = "7D2C2C0D1A98B4E6F67A7EAD80E019CAA8212D9139785BC7483BBF82A5B22CAC973D10EFD774EA93DE9D24D27B0CF56F477750220F02A95881D80AD8C7BCF6FD"

 

Both doesn't match the SHA512 value that was captured from the response.

 

Would really appreciate if you could advice which fields were used to determine the sHA512 value and whether the information is correct or if am missing something.

 

This is back and forth and amn't getting any were with this.

 

Please advice what am i missing?

 

Following is the .net code that was provided by you guys to calculate the SHA512 value

 

Looking forward to hear from you.

 

As this is delaying our full process and we have passed our deadline.

Member
Posts: 3
Registered: ‎02-18-2019

Re: Help (hmac sha512)

This is the function used to generate the hash value for scenario1 and scenario 2

 

Public Shared Function GetAuthorizeNetHMACSHA512(ByVal key As String, ByVal textToHash As String)

If String.IsNullOrEmpty(key) Then Return ""
If String.IsNullOrEmpty(textToHash) Then Return ""

If Key.Length Mod 2 <> 0 OrElse Key.Trim().Length < 2 Then
Return ""
End If

Try
Dim k As Byte() = Enumerable.Range(0, Key.Length).Where(Function(x) x Mod 2 = 0).[Select](Function(x) Convert.ToByte(Key.Substring(x, 2), 16)).ToArray()
Dim hmac As System.Security.Cryptography.HMACSHA512 = New System.Security.Cryptography.HMACSHA512(k)
Dim HashedValue As Byte() = hmac.ComputeHash((New System.Text.ASCIIEncoding()).GetBytes(textToHash))
Return BitConverter.ToString(HashedValue).Replace("-", String.Empty)
Catch ex As Exception
Return ""
End Try

End Function

All Star
Posts: 661
Registered: ‎11-05-2018

Re: Help (hmac sha512)

Your scenario 2 is totally out of the picture. I am unfortunately slammed or I would run a test in your string for scenario 1 and see what I get. If you have the ability to convert php code to .net code see my thread “Working php hash verification”. On the very last page of that post I put some 100% tested and working SIM code. The step that .net has that php does not is converting the signature key to a byte array.

But the 30 fields in that post are the right 30 fields to use and the string for the fingerprint is also 100% tested and working. Your scenario one looks like you’re on the right track for the response. Needs tweaked if you are not matching but it looks close to right just glancing at it.
All Star
Posts: 661
Registered: ‎11-05-2018

Re: Help (hmac sha512)

@Ssooption11 

 

So I just copied and pasted your string. A few things stick out- 1: you have test, , as the address. Not sure if that's how you entered it on the form. 2: You have a space at the end of your string. That will throw off your hash. 3: You have x_test_request set to false, but do not have x_trans_id in your string, or a value for it rather.  You may know something that I do not but it would seem you would get some sort of trans_id. If you're using test mode on a production account I would get out of there bc that will cause all sorts of issues when doing hash verifications. 

All Star
Posts: 661
Registered: ‎11-05-2018

Re: Help (hmac sha512)

@Ssooption11 

 

I just ran your string. You do have a value for x_trans_id, you just have an extra caret in front of it.  If you axe the space at the end and remove the extra caret you will get a validated hash. 

 

Here is your string:

 

"^60117720851^false^1^H0ENJ3^P^2^Y^CC^XXXX0002^5.00^^Kim^Abunuwara^test, ,^Orem^UT^84097^United States of America^^^gartha@quickmerlin.com^^^^^^^^^1111651-MS-903088832^";

Highlighted
Member
Posts: 3
Registered: ‎02-18-2019

Re: Help (hmac sha512)

Thanks Renaissance.

 

that really helped in generating the hash value and it matched the SHA512 hash value that was provided from the response url.

 

Thank you.