Updating md5 to sha512 authorizenet

I am updating the md5 to sha512 for DPM authorizenet-
Please help me out -

I am not getting it work.

see code change -

while generating fingerprint for x_hp_hash -

from md5 -

if (function_exists('hash_hmac')) {



return hash_hmac("md5", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $transaction_key); 

}



return bin2hex(mhash(MHASH_MD5, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key));

to sha512 -

$signature_key = hex2bin($signature_key);



if (function_exists('hash_hmac')) {



return hash_hmac("sha512", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $signature_key); 



}



return bin2hex(mhash(MHASH_SHA512, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $signature_key));

While getting reponse and comparing the x_sha_hash value
from md5 -

if(strtoupper(md5($this->md5_setting . $this->api_login_id . $this



->transaction_id . $amount)) == $this->md5_hash){

        //valid

 } else{

        //not valid

 }

Changed to sha512 -

$this->signature_key = hex2bin($this->signature_key);



$string = '^'.$this->api_login_id.'^'.$this->transaction_id.'^'.$amount.'^';



if(strtoupper(HASH_HMAC('sha512', $string, $this->signature_key)) == $this->SHA2_Hash){

  //valid



} else{

  //not valid



}

What I am doing wrong?
When validating the transaction at my end it is saying please check your md5 setting. It validates on the basis of last code shown in the snippet.

my signature Key = E284BDC12A45A7F5B0933A352EB1C3F25E91A3B92360693D94E4366190EF12E78F6CFE8601751F719DA7A72ABBA117BF0161F8A1DD894DADE3C56A838D8355AD

x_hp_hash submitting using the second code snippet (i.e sha512 fingerprint)
x_hp_hash = b4c9e1878f88aa9c4f808761ed8ceee71ab117cc0f1297b2d850e28351f08fc52bd528a7538c832568c674a1d5095ead1a5383a626c9797587ab16bae76e45fb

after submitting getting in reponse -

X_SHA2_Hash - 19AB7947709CF6CB2B8415784EBD7669FCDE5D83B69EC8C716203806A3235308187668F5783F9CA0F1AE8A47808EDAB241025A8AF61A2FABC27FA6AAAEA8FFD8

generated hash code -
3E6427E67271B1F0732D3D95217D25EE4D7C4103C906A6CB70943498698157F48F7BECD5C7E5393CF2A489B464070A7778F15757385E8F29029CFC3F66256F05

using last snippet above.

so these are not equal so not a valid transaction.

edited Jan 21 at 6:13

asked Jan 18 at 14:37

Vikas Chauhan

1339

2

What errors are you seeing? What is the question here? Edit the question and make sure it is clear what you are trying to do, and what results you get. Hint: if you make unit tests before your change you will have some baseline for the parts that break later.

– jdv
Jan 18 at 15:50

@jdv I have updated my question. Please have a look

– Vikas Chauhan
Jan 21 at 10:06

add a comment |

I am updating the md5 to sha512 for DPM authorizenet-
Please help me out -

I am not getting it work.

see code change -

while generating fingerprint for x_hp_hash -

from md5 -

if (function_exists('hash_hmac')) {



return hash_hmac("md5", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $transaction_key); 

}



return bin2hex(mhash(MHASH_MD5, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key));

to sha512 -

$signature_key = hex2bin($signature_key);



if (function_exists('hash_hmac')) {



return hash_hmac("sha512", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $signature_key); 



}



return bin2hex(mhash(MHASH_SHA512, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $signature_key));

While getting reponse and comparing the x_sha_hash value
from md5 -

if(strtoupper(md5($this->md5_setting . $this->api_login_id . $this



->transaction_id . $amount)) == $this->md5_hash){

        //valid

 } else{

        //not valid

 }

Changed to sha512 -

$this->signature_key = hex2bin($this->signature_key);



$string = '^'.$this->api_login_id.'^'.$this->transaction_id.'^'.$amount.'^';



if(strtoupper(HASH_HMAC('sha512', $string, $this->signature_key)) == $this->SHA2_Hash){

  //valid



} else{

  //not valid



}

What I am doing wrong?
When validating the transaction at my end it is saying please check your md5 setting. It validates on the basis of last code shown in the snippet.

my signature Key = E284BDC12A45A7F5B0933A352EB1C3F25E91A3B92360693D94E4366190EF12E78F6CFE8601751F719DA7A72ABBA117BF0161F8A1DD894DADE3C56A838D8355AD

after submitting getting in reponse -

X_SHA2_Hash - 19AB7947709CF6CB2B8415784EBD7669FCDE5D83B69EC8C716203806A3235308187668F5783F9CA0F1AE8A47808EDAB241025A8AF61A2FABC27FA6AAAEA8FFD8

generated hash code -
3E6427E67271B1F0732D3D95217D25EE4D7C4103C906A6CB70943498698157F48F7BECD5C7E5393CF2A489B464070A7778F15757385E8F29029CFC3F66256F05

using last snippet above.

so these are not equal so not a valid transaction.

edited Jan 21 at 6:13

asked Jan 18 at 14:37

Vikas Chauhan

1339

2

What errors are you seeing? What is the question here? Edit the question and make sure it is clear what you are trying to do, and what results you get. Hint: if you make unit tests before your change you will have some baseline for the parts that break later.

– jdv
Jan 18 at 15:50

@jdv I have updated my question. Please have a look

– Vikas Chauhan
Jan 21 at 10:06

add a comment |

I am updating the md5 to sha512 for DPM authorizenet-
Please help me out -

I am not getting it work.

see code change -

while generating fingerprint for x_hp_hash -

from md5 -

if (function_exists('hash_hmac')) {



return hash_hmac("md5", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $transaction_key); 

}



return bin2hex(mhash(MHASH_MD5, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key));

to sha512 -

$signature_key = hex2bin($signature_key);



if (function_exists('hash_hmac')) {



return hash_hmac("sha512", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $signature_key); 



}



return bin2hex(mhash(MHASH_SHA512, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $signature_key));

While getting reponse and comparing the x_sha_hash value
from md5 -

if(strtoupper(md5($this->md5_setting . $this->api_login_id . $this



->transaction_id . $amount)) == $this->md5_hash){

        //valid

 } else{

        //not valid

 }

Changed to sha512 -

$this->signature_key = hex2bin($this->signature_key);



$string = '^'.$this->api_login_id.'^'.$this->transaction_id.'^'.$amount.'^';



if(strtoupper(HASH_HMAC('sha512', $string, $this->signature_key)) == $this->SHA2_Hash){

  //valid



} else{

  //not valid



}

What I am doing wrong?
When validating the transaction at my end it is saying please check your md5 setting. It validates on the basis of last code shown in the snippet.

my signature Key = E284BDC12A45A7F5B0933A352EB1C3F25E91A3B92360693D94E4366190EF12E78F6CFE8601751F719DA7A72ABBA117BF0161F8A1DD894DADE3C56A838D8355AD

after submitting getting in reponse -

X_SHA2_Hash - 19AB7947709CF6CB2B8415784EBD7669FCDE5D83B69EC8C716203806A3235308187668F5783F9CA0F1AE8A47808EDAB241025A8AF61A2FABC27FA6AAAEA8FFD8

generated hash code -
3E6427E67271B1F0732D3D95217D25EE4D7C4103C906A6CB70943498698157F48F7BECD5C7E5393CF2A489B464070A7778F15757385E8F29029CFC3F66256F05

using last snippet above.

so these are not equal so not a valid transaction.

edited Jan 21 at 6:13

asked Jan 18 at 14:37

Vikas Chauhan

1339

I am updating the md5 to sha512 for DPM authorizenet-
Please help me out -

I am not getting it work.

see code change -

while generating fingerprint for x_hp_hash -

from md5 -

if (function_exists('hash_hmac')) {



return hash_hmac("md5", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $transaction_key); 

}



return bin2hex(mhash(MHASH_MD5, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key));

to sha512 -

$signature_key = hex2bin($signature_key);



if (function_exists('hash_hmac')) {



return hash_hmac("sha512", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $signature_key); 



}



return bin2hex(mhash(MHASH_SHA512, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $signature_key));

While getting reponse and comparing the x_sha_hash value
from md5 -

if(strtoupper(md5($this->md5_setting . $this->api_login_id . $this



->transaction_id . $amount)) == $this->md5_hash){

        //valid

 } else{

        //not valid

 }

Changed to sha512 -

$this->signature_key = hex2bin($this->signature_key);



$string = '^'.$this->api_login_id.'^'.$this->transaction_id.'^'.$amount.'^';



if(strtoupper(HASH_HMAC('sha512', $string, $this->signature_key)) == $this->SHA2_Hash){

  //valid



} else{

  //not valid



}

What I am doing wrong?
When validating the transaction at my end it is saying please check your md5 setting. It validates on the basis of last code shown in the snippet.

my signature Key = E284BDC12A45A7F5B0933A352EB1C3F25E91A3B92360693D94E4366190EF12E78F6CFE8601751F719DA7A72ABBA117BF0161F8A1DD894DADE3C56A838D8355AD

after submitting getting in reponse -

X_SHA2_Hash - 19AB7947709CF6CB2B8415784EBD7669FCDE5D83B69EC8C716203806A3235308187668F5783F9CA0F1AE8A47808EDAB241025A8AF61A2FABC27FA6AAAEA8FFD8

generated hash code -
3E6427E67271B1F0732D3D95217D25EE4D7C4103C906A6CB70943498698157F48F7BECD5C7E5393CF2A489B464070A7778F15757385E8F29029CFC3F66256F05

using last snippet above.

so these are not equal so not a valid transaction.

php payment-gateway authorize.net

edited Jan 21 at 6:13

asked Jan 18 at 14:37

Vikas Chauhan

1339

edited Jan 21 at 6:13

asked Jan 18 at 14:37

Vikas Chauhan

1339

edited Jan 21 at 6:13

asked Jan 18 at 14:37

Vikas Chauhan

1339

asked Jan 18 at 14:37

Vikas Chauhan

1339

asked Jan 18 at 14:37

Vikas Chauhan

1339

2

What errors are you seeing? What is the question here? Edit the question and make sure it is clear what you are trying to do, and what results you get. Hint: if you make unit tests before your change you will have some baseline for the parts that break later.

– jdv
Jan 18 at 15:50

@jdv I have updated my question. Please have a look

– Vikas Chauhan
Jan 21 at 10:06

add a comment |

2

What errors are you seeing? What is the question here? Edit the question and make sure it is clear what you are trying to do, and what results you get. Hint: if you make unit tests before your change you will have some baseline for the parts that break later.

– jdv
Jan 18 at 15:50

@jdv I have updated my question. Please have a look

– Vikas Chauhan
Jan 21 at 10:06

What errors are you seeing? What is the question here? Edit the question and make sure it is clear what you are trying to do, and what results you get. Hint: if you make unit tests before your change you will have some baseline for the parts that break later.

– jdv
Jan 18 at 15:50

@jdv I have updated my question. Please have a look

– Vikas Chauhan
Jan 21 at 10:06

add a comment |

3 Answers
3

active

oldest

votes

I got it working

Thanks to the https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/td-p/65774/highlight/false

Instead of using only following three fields

$api_login_id

$transaction_id

$amount;

I had to use all the following fields see -

$hashData = implode('^', [

$_POST['x_trans_id'],

$_POST['x_test_request'],

$_POST['x_response_code'],

$_POST['x_auth_code'],

$_POST['x_cvv2_resp_code'],

$_POST['x_cavv_response'],

$_POST['x_avs_code'],

$_POST['x_method'],

$_POST['x_account_number'],

$_POST['x_amount'],

$_POST['x_company'],

$_POST['x_first_name'],

$_POST['x_last_name'],

$_POST['x_address'],

$_POST['x_city'],

$_POST['x_state'],

$_POST['x_zip'],

$_POST['x_country'],

$_POST['x_phone'],

$_POST['x_fax'],

$_POST['x_email'],

$_POST['x_ship_to_company'],

$_POST['x_ship_to_first_name'],

$_POST['x_ship_to_last_name'],

$_POST['x_ship_to_address'],

$_POST['x_ship_to_city'],

$_POST['x_ship_to_state'],

$_POST['x_ship_to_zip'],

$_POST['x_ship_to_country'],

$_POST['x_invoice_num'],

]);

$hash = hash_hmac('sha512', '^'.$hashData.'^', hex2bin($signatureKey)); 

$hash = strtoupper($hash);

if($this->SHA2_Hash === $hash) {

  //valid

}

So use all the x_fields from authorize.net to generate hashcode

answered Jan 21 at 12:43

Vikas Chauhan

1339

add a comment |

There is definitely a change in the logic for how this hash is calculated as simply changing md5 to sha215 does not work.

My original hash generation code for md5 (confirmed working):

$hash = hash_hmac('md5', sprintf('%s^%s^%s^%s^',

    $login,      // Authorize.Net API login ID

    $sequence,   // Random string

    $timestamp,  // time()

    $amount      // 1.00

),  $this->transactionKey);

Here's the new code for sha512 (confirmed working):

$hash = hash_hmac('sha512', sprintf('%s^%s^%s^%s^',

    $login,      // Authorize.Net API login ID

    $sequence,   // Random string

    $timestamp,  // time()

    $amount      // 1.00

), hex2bin($signature));

You can see I had to switch out the transactionKey and use the signature instead. I also had to convert it to binary using hex2bin().

There's a lot of useful, although messy, information about this on the Authorize.Net developer community forums.

edited Jan 19 at 17:33

answered Jan 19 at 16:28

John Conde

185k80370422

I have used a signature key instead of transaction key but not generating the same.

– Vikas Chauhan
Jan 21 at 6:16

It doesn't look like you are converting the signature key to binary. Have you tried using my code to generate your hash?

– John Conde
Jan 21 at 12:24

Yes, I followed every step. Though I found a solution as wrote below.

– Vikas Chauhan
Jan 21 at 12:34

add a comment |

When using it in magento 1.9

In request function:

$signature_key = hex2bin('7FFA2F94DFC76BC5CEE0E5F6122E51FB2BB0B0743C4F30D561077F5A8F2F1649232B4486A18FAF3435E8A33E18C1D8F79CF5B12991BA954008AD5F54DDB915E6'); //from authorize.net

return hash_hmac("sha512",

            $merchantApiLoginId . "^" .

            $fpSequence . "^" .

            $fpTimestamp . "^" .

            $amount . "^".

            $currencyCode. '^',

            $signature_key

        );

In response function:

$signature_key = hex2bin($merchantMd5);

$string = '^'.$merchantApiLogin.'^'.$transactionId.'^'.$amount.'^';

$generateHash = strtoupper(HASH_HMAC('sha512',

                                $string,

                                $signature_key

                            ));

return hash_equals($generateHash,$this->getData('x_SHA2_Hash'));

I am getting transaction declined message:

x_response_code = 3

x_response_reason_code = 99

x_response_reason_text = (TEST MODE) This transaction cannot be accepted. 

x_trans_id = 0

Is this due to test account ?

edited Jan 25 at 14:33

Stoogy

648622

answered Jan 25 at 13:53

Sharif Kareem

New contributor

FIrst - This is your question not answer Second - either it is test account or live account transaction will always be accepted. look for the sandbox account if it is set to live -> change it to test

– Vikas Chauhan
Jan 25 at 14:20

add a comment |

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54256127%2fupdating-md5-to-sha512-authorizenet%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

3 Answers
3

active

oldest

votes

3 Answers
3

active

oldest

votes

I got it working

Thanks to the https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/td-p/65774/highlight/false

Instead of using only following three fields

$api_login_id

$transaction_id

$amount;

I had to use all the following fields see -

$hashData = implode('^', [

$_POST['x_trans_id'],

$_POST['x_test_request'],

$_POST['x_response_code'],

$_POST['x_auth_code'],

$_POST['x_cvv2_resp_code'],

$_POST['x_cavv_response'],

$_POST['x_avs_code'],

$_POST['x_method'],

$_POST['x_account_number'],

$_POST['x_amount'],

$_POST['x_company'],

$_POST['x_first_name'],

$_POST['x_last_name'],

$_POST['x_address'],

$_POST['x_city'],

$_POST['x_state'],

$_POST['x_zip'],

$_POST['x_country'],

$_POST['x_phone'],

$_POST['x_fax'],

$_POST['x_email'],

$_POST['x_ship_to_company'],

$_POST['x_ship_to_first_name'],

$_POST['x_ship_to_last_name'],

$_POST['x_ship_to_address'],

$_POST['x_ship_to_city'],

$_POST['x_ship_to_state'],

$_POST['x_ship_to_zip'],

$_POST['x_ship_to_country'],

$_POST['x_invoice_num'],

]);

$hash = hash_hmac('sha512', '^'.$hashData.'^', hex2bin($signatureKey)); 

$hash = strtoupper($hash);

if($this->SHA2_Hash === $hash) {

  //valid

}

So use all the x_fields from authorize.net to generate hashcode

answered Jan 21 at 12:43

Vikas Chauhan

1339

add a comment |

I got it working

Thanks to the https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/td-p/65774/highlight/false

Instead of using only following three fields

$api_login_id

$transaction_id

$amount;

I had to use all the following fields see -

$hashData = implode('^', [

$_POST['x_trans_id'],

$_POST['x_test_request'],

$_POST['x_response_code'],

$_POST['x_auth_code'],

$_POST['x_cvv2_resp_code'],

$_POST['x_cavv_response'],

$_POST['x_avs_code'],

$_POST['x_method'],

$_POST['x_account_number'],

$_POST['x_amount'],

$_POST['x_company'],

$_POST['x_first_name'],

$_POST['x_last_name'],

$_POST['x_address'],

$_POST['x_city'],

$_POST['x_state'],

$_POST['x_zip'],

$_POST['x_country'],

$_POST['x_phone'],

$_POST['x_fax'],

$_POST['x_email'],

$_POST['x_ship_to_company'],

$_POST['x_ship_to_first_name'],

$_POST['x_ship_to_last_name'],

$_POST['x_ship_to_address'],

$_POST['x_ship_to_city'],

$_POST['x_ship_to_state'],

$_POST['x_ship_to_zip'],

$_POST['x_ship_to_country'],

$_POST['x_invoice_num'],

]);

$hash = hash_hmac('sha512', '^'.$hashData.'^', hex2bin($signatureKey)); 

$hash = strtoupper($hash);

if($this->SHA2_Hash === $hash) {

  //valid

}

So use all the x_fields from authorize.net to generate hashcode

answered Jan 21 at 12:43

Vikas Chauhan

1339

add a comment |

I got it working

Thanks to the https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/td-p/65774/highlight/false

Instead of using only following three fields

$api_login_id

$transaction_id

$amount;

I had to use all the following fields see -

$hashData = implode('^', [

$_POST['x_trans_id'],

$_POST['x_test_request'],

$_POST['x_response_code'],

$_POST['x_auth_code'],

$_POST['x_cvv2_resp_code'],

$_POST['x_cavv_response'],

$_POST['x_avs_code'],

$_POST['x_method'],

$_POST['x_account_number'],

$_POST['x_amount'],

$_POST['x_company'],

$_POST['x_first_name'],

$_POST['x_last_name'],

$_POST['x_address'],

$_POST['x_city'],

$_POST['x_state'],

$_POST['x_zip'],

$_POST['x_country'],

$_POST['x_phone'],

$_POST['x_fax'],

$_POST['x_email'],

$_POST['x_ship_to_company'],

$_POST['x_ship_to_first_name'],

$_POST['x_ship_to_last_name'],

$_POST['x_ship_to_address'],

$_POST['x_ship_to_city'],

$_POST['x_ship_to_state'],

$_POST['x_ship_to_zip'],

$_POST['x_ship_to_country'],

$_POST['x_invoice_num'],

]);

$hash = hash_hmac('sha512', '^'.$hashData.'^', hex2bin($signatureKey)); 

$hash = strtoupper($hash);

if($this->SHA2_Hash === $hash) {

  //valid

}

So use all the x_fields from authorize.net to generate hashcode

answered Jan 21 at 12:43

Vikas Chauhan

1339

I got it working

Thanks to the https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/td-p/65774/highlight/false

Instead of using only following three fields

$api_login_id

$transaction_id

$amount;

I had to use all the following fields see -

$hashData = implode('^', [

$_POST['x_trans_id'],

$_POST['x_test_request'],

$_POST['x_response_code'],

$_POST['x_auth_code'],

$_POST['x_cvv2_resp_code'],

$_POST['x_cavv_response'],

$_POST['x_avs_code'],

$_POST['x_method'],

$_POST['x_account_number'],

$_POST['x_amount'],

$_POST['x_company'],

$_POST['x_first_name'],

$_POST['x_last_name'],

$_POST['x_address'],

$_POST['x_city'],

$_POST['x_state'],

$_POST['x_zip'],

$_POST['x_country'],

$_POST['x_phone'],

$_POST['x_fax'],

$_POST['x_email'],

$_POST['x_ship_to_company'],

$_POST['x_ship_to_first_name'],

$_POST['x_ship_to_last_name'],

$_POST['x_ship_to_address'],

$_POST['x_ship_to_city'],

$_POST['x_ship_to_state'],

$_POST['x_ship_to_zip'],

$_POST['x_ship_to_country'],

$_POST['x_invoice_num'],

]);

$hash = hash_hmac('sha512', '^'.$hashData.'^', hex2bin($signatureKey)); 

$hash = strtoupper($hash);

if($this->SHA2_Hash === $hash) {

  //valid

}

So use all the x_fields from authorize.net to generate hashcode

answered Jan 21 at 12:43

Vikas Chauhan

1339

answered Jan 21 at 12:43

Vikas Chauhan

1339

answered Jan 21 at 12:43

Vikas Chauhan

1339

answered Jan 21 at 12:43

Vikas Chauhan

1339

add a comment |

There is definitely a change in the logic for how this hash is calculated as simply changing md5 to sha215 does not work.

My original hash generation code for md5 (confirmed working):

$hash = hash_hmac('md5', sprintf('%s^%s^%s^%s^',

    $login,      // Authorize.Net API login ID

    $sequence,   // Random string

    $timestamp,  // time()

    $amount      // 1.00

),  $this->transactionKey);

Here's the new code for sha512 (confirmed working):

$hash = hash_hmac('sha512', sprintf('%s^%s^%s^%s^',

    $login,      // Authorize.Net API login ID

    $sequence,   // Random string

    $timestamp,  // time()

    $amount      // 1.00

), hex2bin($signature));

You can see I had to switch out the transactionKey and use the signature instead. I also had to convert it to binary using hex2bin().

There's a lot of useful, although messy, information about this on the Authorize.Net developer community forums.

edited Jan 19 at 17:33

answered Jan 19 at 16:28

John Conde

185k80370422

I have used a signature key instead of transaction key but not generating the same.

– Vikas Chauhan
Jan 21 at 6:16

It doesn't look like you are converting the signature key to binary. Have you tried using my code to generate your hash?

– John Conde
Jan 21 at 12:24

Yes, I followed every step. Though I found a solution as wrote below.

– Vikas Chauhan
Jan 21 at 12:34

add a comment |

There is definitely a change in the logic for how this hash is calculated as simply changing md5 to sha215 does not work.

My original hash generation code for md5 (confirmed working):

$hash = hash_hmac('md5', sprintf('%s^%s^%s^%s^',

    $login,      // Authorize.Net API login ID

    $sequence,   // Random string

    $timestamp,  // time()

    $amount      // 1.00

),  $this->transactionKey);

Here's the new code for sha512 (confirmed working):

$hash = hash_hmac('sha512', sprintf('%s^%s^%s^%s^',

    $login,      // Authorize.Net API login ID

    $sequence,   // Random string

    $timestamp,  // time()

    $amount      // 1.00

), hex2bin($signature));

You can see I had to switch out the transactionKey and use the signature instead. I also had to convert it to binary using hex2bin().

There's a lot of useful, although messy, information about this on the Authorize.Net developer community forums.

edited Jan 19 at 17:33

answered Jan 19 at 16:28

John Conde

185k80370422

I have used a signature key instead of transaction key but not generating the same.

– Vikas Chauhan
Jan 21 at 6:16

It doesn't look like you are converting the signature key to binary. Have you tried using my code to generate your hash?

– John Conde
Jan 21 at 12:24

Yes, I followed every step. Though I found a solution as wrote below.

– Vikas Chauhan
Jan 21 at 12:34

add a comment |

There is definitely a change in the logic for how this hash is calculated as simply changing md5 to sha215 does not work.

My original hash generation code for md5 (confirmed working):

$hash = hash_hmac('md5', sprintf('%s^%s^%s^%s^',

    $login,      // Authorize.Net API login ID

    $sequence,   // Random string

    $timestamp,  // time()

    $amount      // 1.00

),  $this->transactionKey);

Here's the new code for sha512 (confirmed working):

$hash = hash_hmac('sha512', sprintf('%s^%s^%s^%s^',

    $login,      // Authorize.Net API login ID

    $sequence,   // Random string

    $timestamp,  // time()

    $amount      // 1.00

), hex2bin($signature));

You can see I had to switch out the transactionKey and use the signature instead. I also had to convert it to binary using hex2bin().

There's a lot of useful, although messy, information about this on the Authorize.Net developer community forums.

edited Jan 19 at 17:33

answered Jan 19 at 16:28

John Conde

185k80370422

There is definitely a change in the logic for how this hash is calculated as simply changing md5 to sha215 does not work.

My original hash generation code for md5 (confirmed working):

$hash = hash_hmac('md5', sprintf('%s^%s^%s^%s^',

    $login,      // Authorize.Net API login ID

    $sequence,   // Random string

    $timestamp,  // time()

    $amount      // 1.00

),  $this->transactionKey);

Here's the new code for sha512 (confirmed working):

$hash = hash_hmac('sha512', sprintf('%s^%s^%s^%s^',

    $login,      // Authorize.Net API login ID

    $sequence,   // Random string

    $timestamp,  // time()

    $amount      // 1.00

), hex2bin($signature));

You can see I had to switch out the transactionKey and use the signature instead. I also had to convert it to binary using hex2bin().

There's a lot of useful, although messy, information about this on the Authorize.Net developer community forums.

edited Jan 19 at 17:33

answered Jan 19 at 16:28

John Conde

185k80370422

edited Jan 19 at 17:33

answered Jan 19 at 16:28

John Conde

185k80370422

answered Jan 19 at 16:28

John Conde

185k80370422

answered Jan 19 at 16:28

John Conde

185k80370422

I have used a signature key instead of transaction key but not generating the same.

– Vikas Chauhan
Jan 21 at 6:16

It doesn't look like you are converting the signature key to binary. Have you tried using my code to generate your hash?

– John Conde
Jan 21 at 12:24

Yes, I followed every step. Though I found a solution as wrote below.

– Vikas Chauhan
Jan 21 at 12:34

add a comment |

I have used a signature key instead of transaction key but not generating the same.

– Vikas Chauhan
Jan 21 at 6:16

It doesn't look like you are converting the signature key to binary. Have you tried using my code to generate your hash?

– John Conde
Jan 21 at 12:24

Yes, I followed every step. Though I found a solution as wrote below.

– Vikas Chauhan
Jan 21 at 12:34

I have used a signature key instead of transaction key but not generating the same.

– Vikas Chauhan
Jan 21 at 6:16

It doesn't look like you are converting the signature key to binary. Have you tried using my code to generate your hash?

– John Conde
Jan 21 at 12:24

Yes, I followed every step. Though I found a solution as wrote below.

– Vikas Chauhan
Jan 21 at 12:34

add a comment |

When using it in magento 1.9

In request function:

$signature_key = hex2bin('7FFA2F94DFC76BC5CEE0E5F6122E51FB2BB0B0743C4F30D561077F5A8F2F1649232B4486A18FAF3435E8A33E18C1D8F79CF5B12991BA954008AD5F54DDB915E6'); //from authorize.net

return hash_hmac("sha512",

            $merchantApiLoginId . "^" .

            $fpSequence . "^" .

            $fpTimestamp . "^" .

            $amount . "^".

            $currencyCode. '^',

            $signature_key

        );

In response function:

$signature_key = hex2bin($merchantMd5);

$string = '^'.$merchantApiLogin.'^'.$transactionId.'^'.$amount.'^';

$generateHash = strtoupper(HASH_HMAC('sha512',

                                $string,

                                $signature_key

                            ));

return hash_equals($generateHash,$this->getData('x_SHA2_Hash'));

I am getting transaction declined message:

x_response_code = 3

x_response_reason_code = 99

x_response_reason_text = (TEST MODE) This transaction cannot be accepted. 

x_trans_id = 0

Is this due to test account ?

edited Jan 25 at 14:33

Stoogy

648622

answered Jan 25 at 13:53

Sharif Kareem

New contributor

FIrst - This is your question not answer Second - either it is test account or live account transaction will always be accepted. look for the sandbox account if it is set to live -> change it to test

– Vikas Chauhan
Jan 25 at 14:20

add a comment |

When using it in magento 1.9

In request function:

$signature_key = hex2bin('7FFA2F94DFC76BC5CEE0E5F6122E51FB2BB0B0743C4F30D561077F5A8F2F1649232B4486A18FAF3435E8A33E18C1D8F79CF5B12991BA954008AD5F54DDB915E6'); //from authorize.net

return hash_hmac("sha512",

            $merchantApiLoginId . "^" .

            $fpSequence . "^" .

            $fpTimestamp . "^" .

            $amount . "^".

            $currencyCode. '^',

            $signature_key

        );

In response function:

$signature_key = hex2bin($merchantMd5);

$string = '^'.$merchantApiLogin.'^'.$transactionId.'^'.$amount.'^';

$generateHash = strtoupper(HASH_HMAC('sha512',

                                $string,

                                $signature_key

                            ));

return hash_equals($generateHash,$this->getData('x_SHA2_Hash'));

I am getting transaction declined message:

x_response_code = 3

x_response_reason_code = 99

x_response_reason_text = (TEST MODE) This transaction cannot be accepted. 

x_trans_id = 0

Is this due to test account ?

edited Jan 25 at 14:33

Stoogy

648622

answered Jan 25 at 13:53

Sharif Kareem

New contributor

FIrst - This is your question not answer Second - either it is test account or live account transaction will always be accepted. look for the sandbox account if it is set to live -> change it to test

– Vikas Chauhan
Jan 25 at 14:20

add a comment |

When using it in magento 1.9

In request function:

$signature_key = hex2bin('7FFA2F94DFC76BC5CEE0E5F6122E51FB2BB0B0743C4F30D561077F5A8F2F1649232B4486A18FAF3435E8A33E18C1D8F79CF5B12991BA954008AD5F54DDB915E6'); //from authorize.net

return hash_hmac("sha512",

            $merchantApiLoginId . "^" .

            $fpSequence . "^" .

            $fpTimestamp . "^" .

            $amount . "^".

            $currencyCode. '^',

            $signature_key

        );

In response function:

$signature_key = hex2bin($merchantMd5);

$string = '^'.$merchantApiLogin.'^'.$transactionId.'^'.$amount.'^';

$generateHash = strtoupper(HASH_HMAC('sha512',

                                $string,

                                $signature_key

                            ));

return hash_equals($generateHash,$this->getData('x_SHA2_Hash'));

I am getting transaction declined message:

x_response_code = 3

x_response_reason_code = 99

x_response_reason_text = (TEST MODE) This transaction cannot be accepted. 

x_trans_id = 0

Is this due to test account ?

edited Jan 25 at 14:33

Stoogy

648622

answered Jan 25 at 13:53

Sharif Kareem

New contributor

When using it in magento 1.9

In request function:

$signature_key = hex2bin('7FFA2F94DFC76BC5CEE0E5F6122E51FB2BB0B0743C4F30D561077F5A8F2F1649232B4486A18FAF3435E8A33E18C1D8F79CF5B12991BA954008AD5F54DDB915E6'); //from authorize.net

return hash_hmac("sha512",

            $merchantApiLoginId . "^" .

            $fpSequence . "^" .

            $fpTimestamp . "^" .

            $amount . "^".

            $currencyCode. '^',

            $signature_key

        );

In response function:

$signature_key = hex2bin($merchantMd5);

$string = '^'.$merchantApiLogin.'^'.$transactionId.'^'.$amount.'^';

$generateHash = strtoupper(HASH_HMAC('sha512',

                                $string,

                                $signature_key

                            ));

return hash_equals($generateHash,$this->getData('x_SHA2_Hash'));

I am getting transaction declined message:

x_response_code = 3

x_response_reason_code = 99

x_response_reason_text = (TEST MODE) This transaction cannot be accepted. 

x_trans_id = 0

Is this due to test account ?

edited Jan 25 at 14:33

Stoogy

648622

answered Jan 25 at 13:53

Sharif Kareem

New contributor

edited Jan 25 at 14:33

Stoogy

648622

edited Jan 25 at 14:33

Stoogy

648622

edited Jan 25 at 14:33

Stoogy

648622

answered Jan 25 at 13:53

Sharif Kareem

New contributor

answered Jan 25 at 13:53

Sharif Kareem

answered Jan 25 at 13:53

Sharif Kareem

New contributor

Sharif Kareem is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

FIrst - This is your question not answer Second - either it is test account or live account transaction will always be accepted. look for the sandbox account if it is set to live -> change it to test

– Vikas Chauhan
Jan 25 at 14:20

add a comment |

FIrst - This is your question not answer Second - either it is test account or live account transaction will always be accepted. look for the sandbox account if it is set to live -> change it to test

– Vikas Chauhan
Jan 25 at 14:20

FIrst - This is your question not answer Second - either it is test account or live account transaction will always be accepted. look for the sandbox account if it is set to live -> change it to test

– Vikas Chauhan
Jan 25 at 14:20

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Brtdku