Updating md5 to sha512 authorizenet












0















I am updating the md5 to sha512 for DPM authorizenet-
Please help me out -



I am not getting it work.



see code change -



while generating fingerprint for x_hp_hash -



from md5 - 



if (function_exists('hash_hmac')) {



return hash_hmac("md5", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $transaction_key); 

}



return bin2hex(mhash(MHASH_MD5, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key));


to sha512 - 



$signature_key = hex2bin($signature_key);



if (function_exists('hash_hmac')) {



return hash_hmac("sha512", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $signature_key); 



}



return bin2hex(mhash(MHASH_SHA512, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $signature_key));


While getting reponse and comparing the x_sha_hash value
from md5 -



if(strtoupper(md5($this->md5_setting . $this->api_login_id . $this



->transaction_id . $amount)) == $this->md5_hash){

        //valid

 } else{

        //not valid

 }


Changed to sha512 - 



$this->signature_key = hex2bin($this->signature_key);



$string = '^'.$this->api_login_id.'^'.$this->transaction_id.'^'.$amount.'^';



if(strtoupper(HASH_HMAC('sha512', $string, $this->signature_key)) == $this->SHA2_Hash){

  //valid



} else{

  //not valid



}


What I am doing wrong?
When validating the transaction at my end it is saying please check your md5 setting. It validates on the basis of last code shown in the snippet.



my signature Key = E284BDC12A45A7F5B0933A352EB1C3F25E91A3B92360693D94E4366190EF12E78F6CFE8601751F719DA7A72ABBA117BF0161F8A1DD894DADE3C56A838D8355AD



x_hp_hash submitting using the second code snippet (i.e sha512 fingerprint)
x_hp_hash = b4c9e1878f88aa9c4f808761ed8ceee71ab117cc0f1297b2d850e28351f08fc52bd528a7538c832568c674a1d5095ead1a5383a626c9797587ab16bae76e45fb



after submitting getting in reponse -



X_SHA2_Hash - 19AB7947709CF6CB2B8415784EBD7669FCDE5D83B69EC8C716203806A3235308187668F5783F9CA0F1AE8A47808EDAB241025A8AF61A2FABC27FA6AAAEA8FFD8



generated hash code -
3E6427E67271B1F0732D3D95217D25EE4D7C4103C906A6CB70943498698157F48F7BECD5C7E5393CF2A489B464070A7778F15757385E8F29029CFC3F66256F05



using last snippet above.



so these are not equal so not a valid transaction.






php payment-gateway authorize.net







share|improve this question




















  • 2





    What errors are you seeing? What is the question here? Edit the question and make sure it is clear what you are trying to do, and what results you get. Hint: if you make unit tests before your change you will have some baseline for the parts that break later.

    – jdv
    Jan 18 at 15:50













  • @jdv I have updated my question. Please have a look

    – Vikas Chauhan
    Jan 21 at 10:06
















0















I am updating the md5 to sha512 for DPM authorizenet-
Please help me out -



I am not getting it work.



see code change -



while generating fingerprint for x_hp_hash -



from md5 - 



if (function_exists('hash_hmac')) {



return hash_hmac("md5", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $transaction_key); 

}



return bin2hex(mhash(MHASH_MD5, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key));


to sha512 - 



$signature_key = hex2bin($signature_key);



if (function_exists('hash_hmac')) {



return hash_hmac("sha512", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $signature_key); 



}



return bin2hex(mhash(MHASH_SHA512, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $signature_key));


While getting reponse and comparing the x_sha_hash value
from md5 -



if(strtoupper(md5($this->md5_setting . $this->api_login_id . $this



->transaction_id . $amount)) == $this->md5_hash){

        //valid

 } else{

        //not valid

 }


Changed to sha512 - 



$this->signature_key = hex2bin($this->signature_key);



$string = '^'.$this->api_login_id.'^'.$this->transaction_id.'^'.$amount.'^';



if(strtoupper(HASH_HMAC('sha512', $string, $this->signature_key)) == $this->SHA2_Hash){

  //valid



} else{

  //not valid



}


What I am doing wrong?
When validating the transaction at my end it is saying please check your md5 setting. It validates on the basis of last code shown in the snippet.



my signature Key = E284BDC12A45A7F5B0933A352EB1C3F25E91A3B92360693D94E4366190EF12E78F6CFE8601751F719DA7A72ABBA117BF0161F8A1DD894DADE3C56A838D8355AD



x_hp_hash submitting using the second code snippet (i.e sha512 fingerprint)
x_hp_hash = b4c9e1878f88aa9c4f808761ed8ceee71ab117cc0f1297b2d850e28351f08fc52bd528a7538c832568c674a1d5095ead1a5383a626c9797587ab16bae76e45fb



after submitting getting in reponse -



X_SHA2_Hash - 19AB7947709CF6CB2B8415784EBD7669FCDE5D83B69EC8C716203806A3235308187668F5783F9CA0F1AE8A47808EDAB241025A8AF61A2FABC27FA6AAAEA8FFD8



generated hash code -
3E6427E67271B1F0732D3D95217D25EE4D7C4103C906A6CB70943498698157F48F7BECD5C7E5393CF2A489B464070A7778F15757385E8F29029CFC3F66256F05



using last snippet above.



so these are not equal so not a valid transaction.






php payment-gateway authorize.net







share|improve this question




















  • 2





    What errors are you seeing? What is the question here? Edit the question and make sure it is clear what you are trying to do, and what results you get. Hint: if you make unit tests before your change you will have some baseline for the parts that break later.

    – jdv
    Jan 18 at 15:50













  • @jdv I have updated my question. Please have a look

    – Vikas Chauhan
    Jan 21 at 10:06














0












0








0








I am updating the md5 to sha512 for DPM authorizenet-
Please help me out -



I am not getting it work.



see code change -



while generating fingerprint for x_hp_hash -



from md5 - 



if (function_exists('hash_hmac')) {



return hash_hmac("md5", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $transaction_key); 

}



return bin2hex(mhash(MHASH_MD5, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key));


to sha512 - 



$signature_key = hex2bin($signature_key);



if (function_exists('hash_hmac')) {



return hash_hmac("sha512", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $signature_key); 



}



return bin2hex(mhash(MHASH_SHA512, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $signature_key));


While getting reponse and comparing the x_sha_hash value
from md5 -



if(strtoupper(md5($this->md5_setting . $this->api_login_id . $this



->transaction_id . $amount)) == $this->md5_hash){

        //valid

 } else{

        //not valid

 }


Changed to sha512 - 



$this->signature_key = hex2bin($this->signature_key);



$string = '^'.$this->api_login_id.'^'.$this->transaction_id.'^'.$amount.'^';



if(strtoupper(HASH_HMAC('sha512', $string, $this->signature_key)) == $this->SHA2_Hash){

  //valid



} else{

  //not valid



}


What I am doing wrong?
When validating the transaction at my end it is saying please check your md5 setting. It validates on the basis of last code shown in the snippet.



my signature Key = E284BDC12A45A7F5B0933A352EB1C3F25E91A3B92360693D94E4366190EF12E78F6CFE8601751F719DA7A72ABBA117BF0161F8A1DD894DADE3C56A838D8355AD



x_hp_hash submitting using the second code snippet (i.e sha512 fingerprint)
x_hp_hash = b4c9e1878f88aa9c4f808761ed8ceee71ab117cc0f1297b2d850e28351f08fc52bd528a7538c832568c674a1d5095ead1a5383a626c9797587ab16bae76e45fb



after submitting getting in reponse -



X_SHA2_Hash - 19AB7947709CF6CB2B8415784EBD7669FCDE5D83B69EC8C716203806A3235308187668F5783F9CA0F1AE8A47808EDAB241025A8AF61A2FABC27FA6AAAEA8FFD8



generated hash code -
3E6427E67271B1F0732D3D95217D25EE4D7C4103C906A6CB70943498698157F48F7BECD5C7E5393CF2A489B464070A7778F15757385E8F29029CFC3F66256F05



using last snippet above.



so these are not equal so not a valid transaction.






php payment-gateway authorize.net







share|improve this question
















I am updating the md5 to sha512 for DPM authorizenet-
Please help me out -



I am not getting it work.



see code change -



while generating fingerprint for x_hp_hash -



from md5 - 



if (function_exists('hash_hmac')) {



return hash_hmac("md5", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $transaction_key); 

}



return bin2hex(mhash(MHASH_MD5, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key));


to sha512 - 



$signature_key = hex2bin($signature_key);



if (function_exists('hash_hmac')) {



return hash_hmac("sha512", $api_login_id . "^" . $fp_sequence . "^" .



 $fp_timestamp . "^" . $amount . "^", $signature_key); 



}



return bin2hex(mhash(MHASH_SHA512, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $signature_key));


While getting reponse and comparing the x_sha_hash value
from md5 -



if(strtoupper(md5($this->md5_setting . $this->api_login_id . $this



->transaction_id . $amount)) == $this->md5_hash){

        //valid

 } else{

        //not valid

 }


Changed to sha512 - 



$this->signature_key = hex2bin($this->signature_key);



$string = '^'.$this->api_login_id.'^'.$this->transaction_id.'^'.$amount.'^';



if(strtoupper(HASH_HMAC('sha512', $string, $this->signature_key)) == $this->SHA2_Hash){

  //valid



} else{

  //not valid



}


What I am doing wrong?
When validating the transaction at my end it is saying please check your md5 setting. It validates on the basis of last code shown in the snippet.



my signature Key = E284BDC12A45A7F5B0933A352EB1C3F25E91A3B92360693D94E4366190EF12E78F6CFE8601751F719DA7A72ABBA117BF0161F8A1DD894DADE3C56A838D8355AD



x_hp_hash submitting using the second code snippet (i.e sha512 fingerprint)
x_hp_hash = b4c9e1878f88aa9c4f808761ed8ceee71ab117cc0f1297b2d850e28351f08fc52bd528a7538c832568c674a1d5095ead1a5383a626c9797587ab16bae76e45fb



after submitting getting in reponse -



X_SHA2_Hash - 19AB7947709CF6CB2B8415784EBD7669FCDE5D83B69EC8C716203806A3235308187668F5783F9CA0F1AE8A47808EDAB241025A8AF61A2FABC27FA6AAAEA8FFD8



generated hash code -
3E6427E67271B1F0732D3D95217D25EE4D7C4103C906A6CB70943498698157F48F7BECD5C7E5393CF2A489B464070A7778F15757385E8F29029CFC3F66256F05



using last snippet above.



so these are not equal so not a valid transaction.






php payment-gateway authorize.net




php payment-gateway authorize.net






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 21 at 6:13







Vikas Chauhan

















asked Jan 18 at 14:37









Vikas ChauhanVikas Chauhan

1339




1339








  • 2





    What errors are you seeing? What is the question here? Edit the question and make sure it is clear what you are trying to do, and what results you get. Hint: if you make unit tests before your change you will have some baseline for the parts that break later.

    – jdv
    Jan 18 at 15:50













  • @jdv I have updated my question. Please have a look

    – Vikas Chauhan
    Jan 21 at 10:06














  • 2





    What errors are you seeing? What is the question here? Edit the question and make sure it is clear what you are trying to do, and what results you get. Hint: if you make unit tests before your change you will have some baseline for the parts that break later.

    – jdv
    Jan 18 at 15:50













  • @jdv I have updated my question. Please have a look

    – Vikas Chauhan
    Jan 21 at 10:06








2




2





What errors are you seeing? What is the question here? Edit the question and make sure it is clear what you are trying to do, and what results you get. Hint: if you make unit tests before your change you will have some baseline for the parts that break later.

– jdv
Jan 18 at 15:50







What errors are you seeing? What is the question here? Edit the question and make sure it is clear what you are trying to do, and what results you get. Hint: if you make unit tests before your change you will have some baseline for the parts that break later.

– jdv
Jan 18 at 15:50















@jdv I have updated my question. Please have a look

– Vikas Chauhan
Jan 21 at 10:06





@jdv I have updated my question. Please have a look

– Vikas Chauhan
Jan 21 at 10:06












3 Answers
3






active

oldest

votes


















2














I got it working



Thanks to the https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/td-p/65774/highlight/false



Instead of using only following three fields




$api_login_id

$transaction_id

$amount;




I had to use all the following fields see - 



$hashData = implode('^', [

$_POST['x_trans_id'],

$_POST['x_test_request'],

$_POST['x_response_code'],

$_POST['x_auth_code'],

$_POST['x_cvv2_resp_code'],

$_POST['x_cavv_response'],

$_POST['x_avs_code'],

$_POST['x_method'],

$_POST['x_account_number'],

$_POST['x_amount'],

$_POST['x_company'],

$_POST['x_first_name'],

$_POST['x_last_name'],

$_POST['x_address'],

$_POST['x_city'],

$_POST['x_state'],

$_POST['x_zip'],

$_POST['x_country'],

$_POST['x_phone'],

$_POST['x_fax'],

$_POST['x_email'],

$_POST['x_ship_to_company'],

$_POST['x_ship_to_first_name'],

$_POST['x_ship_to_last_name'],

$_POST['x_ship_to_address'],

$_POST['x_ship_to_city'],

$_POST['x_ship_to_state'],

$_POST['x_ship_to_zip'],

$_POST['x_ship_to_country'],

$_POST['x_invoice_num'],

]);

$hash = hash_hmac('sha512', '^'.$hashData.'^', hex2bin($signatureKey)); 

$hash = strtoupper($hash);

if($this->SHA2_Hash === $hash) {

  //valid

}


So use all the x_fields from authorize.net to generate hashcode






share|improve this answer































    0














    There is definitely a change in the logic for how this hash is calculated as simply changing md5 to sha215 does not work.



    My original hash generation code for md5 (confirmed working):



    $hash = hash_hmac('md5', sprintf('%s^%s^%s^%s^',
    
    $login,      // Authorize.Net API login ID
    
    $sequence,   // Random string
    
    $timestamp,  // time()
    
    $amount      // 1.00
    
),  $this->transactionKey);


    Here's the new code for sha512 (confirmed working):



    $hash = hash_hmac('sha512', sprintf('%s^%s^%s^%s^',
    
    $login,      // Authorize.Net API login ID
    
    $sequence,   // Random string
    
    $timestamp,  // time()
    
    $amount      // 1.00
    
), hex2bin($signature));


    You can see I had to switch out the transactionKey and use the signature instead. I also had to convert it to binary using hex2bin().



    There's a lot of useful, although messy, information about this on the Authorize.Net developer community forums.






    share|improve this answer


























    • I have used a signature key instead of transaction key but not generating the same.

      – Vikas Chauhan
      Jan 21 at 6:16











    • It doesn't look like you are converting the signature key to binary. Have you tried using my code to generate your hash?

      – John Conde
      Jan 21 at 12:24











    • Yes, I followed every step. Though I found a solution as wrote below.

      – Vikas Chauhan
      Jan 21 at 12:34



















    0














    When using it in magento 1.9



    In request function:



    $signature_key = hex2bin('7FFA2F94DFC76BC5CEE0E5F6122E51FB2BB0B0743C4F30D561077F5A8F2F1649232B4486A18FAF3435E8A33E18C1D8F79CF5B12991BA954008AD5F54DDB915E6'); //from authorize.net
    
return hash_hmac("sha512",
    
            $merchantApiLoginId . "^" .
    
            $fpSequence . "^" .
    
            $fpTimestamp . "^" .
    
            $amount . "^".
    
            $currencyCode. '^',
    
            $signature_key
    
        );


    In response function:



    $signature_key = hex2bin($merchantMd5);
    
$string = '^'.$merchantApiLogin.'^'.$transactionId.'^'.$amount.'^';
    
$generateHash = strtoupper(HASH_HMAC('sha512',
    
                                $string,
    
                                $signature_key
    
                            ));
    
return hash_equals($generateHash,$this->getData('x_SHA2_Hash'));


    I am getting transaction declined message:



    x_response_code = 3
    
x_response_reason_code = 99
    
x_response_reason_text = (TEST MODE) This transaction cannot be accepted. 
    
x_trans_id = 0


    Is this due to test account ?






    share|improve this answer










    New contributor




    Sharif Kareem is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.





















    • FIrst - This is your question not answer Second - either it is test account or live account transaction will always be accepted. look for the sandbox account if it is set to live -> change it to test

      – Vikas Chauhan
      Jan 25 at 14:20











    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54256127%2fupdating-md5-to-sha512-authorizenet%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    2














    I got it working



    Thanks to the https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/td-p/65774/highlight/false



    Instead of using only following three fields




    $api_login_id

    $transaction_id

    $amount;




    I had to use all the following fields see - 



    $hashData = implode('^', [
    
$_POST['x_trans_id'],
    
$_POST['x_test_request'],
    
$_POST['x_response_code'],
    
$_POST['x_auth_code'],
    
$_POST['x_cvv2_resp_code'],
    
$_POST['x_cavv_response'],
    
$_POST['x_avs_code'],
    
$_POST['x_method'],
    
$_POST['x_account_number'],
    
$_POST['x_amount'],
    
$_POST['x_company'],
    
$_POST['x_first_name'],
    
$_POST['x_last_name'],
    
$_POST['x_address'],
    
$_POST['x_city'],
    
$_POST['x_state'],
    
$_POST['x_zip'],
    
$_POST['x_country'],
    
$_POST['x_phone'],
    
$_POST['x_fax'],
    
$_POST['x_email'],
    
$_POST['x_ship_to_company'],
    
$_POST['x_ship_to_first_name'],
    
$_POST['x_ship_to_last_name'],
    
$_POST['x_ship_to_address'],
    
$_POST['x_ship_to_city'],
    
$_POST['x_ship_to_state'],
    
$_POST['x_ship_to_zip'],
    
$_POST['x_ship_to_country'],
    
$_POST['x_invoice_num'],
    
]);
    
$hash = hash_hmac('sha512', '^'.$hashData.'^', hex2bin($signatureKey)); 
    
$hash = strtoupper($hash);
    
if($this->SHA2_Hash === $hash) {
    
  //valid
    
}


    So use all the x_fields from authorize.net to generate hashcode






    share|improve this answer




























      2














      I got it working



      Thanks to the https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/td-p/65774/highlight/false



      Instead of using only following three fields




      $api_login_id

      $transaction_id

      $amount;




      I had to use all the following fields see - 



      $hashData = implode('^', [
      
$_POST['x_trans_id'],
      
$_POST['x_test_request'],
      
$_POST['x_response_code'],
      
$_POST['x_auth_code'],
      
$_POST['x_cvv2_resp_code'],
      
$_POST['x_cavv_response'],
      
$_POST['x_avs_code'],
      
$_POST['x_method'],
      
$_POST['x_account_number'],
      
$_POST['x_amount'],
      
$_POST['x_company'],
      
$_POST['x_first_name'],
      
$_POST['x_last_name'],
      
$_POST['x_address'],
      
$_POST['x_city'],
      
$_POST['x_state'],
      
$_POST['x_zip'],
      
$_POST['x_country'],
      
$_POST['x_phone'],
      
$_POST['x_fax'],
      
$_POST['x_email'],
      
$_POST['x_ship_to_company'],
      
$_POST['x_ship_to_first_name'],
      
$_POST['x_ship_to_last_name'],
      
$_POST['x_ship_to_address'],
      
$_POST['x_ship_to_city'],
      
$_POST['x_ship_to_state'],
      
$_POST['x_ship_to_zip'],
      
$_POST['x_ship_to_country'],
      
$_POST['x_invoice_num'],
      
]);
      
$hash = hash_hmac('sha512', '^'.$hashData.'^', hex2bin($signatureKey)); 
      
$hash = strtoupper($hash);
      
if($this->SHA2_Hash === $hash) {
      
  //valid
      
}


      So use all the x_fields from authorize.net to generate hashcode






      share|improve this answer


























        2












        2








        2







        I got it working



        Thanks to the https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/td-p/65774/highlight/false



        Instead of using only following three fields




        $api_login_id

        $transaction_id

        $amount;




        I had to use all the following fields see - 



        $hashData = implode('^', [
        
$_POST['x_trans_id'],
        
$_POST['x_test_request'],
        
$_POST['x_response_code'],
        
$_POST['x_auth_code'],
        
$_POST['x_cvv2_resp_code'],
        
$_POST['x_cavv_response'],
        
$_POST['x_avs_code'],
        
$_POST['x_method'],
        
$_POST['x_account_number'],
        
$_POST['x_amount'],
        
$_POST['x_company'],
        
$_POST['x_first_name'],
        
$_POST['x_last_name'],
        
$_POST['x_address'],
        
$_POST['x_city'],
        
$_POST['x_state'],
        
$_POST['x_zip'],
        
$_POST['x_country'],
        
$_POST['x_phone'],
        
$_POST['x_fax'],
        
$_POST['x_email'],
        
$_POST['x_ship_to_company'],
        
$_POST['x_ship_to_first_name'],
        
$_POST['x_ship_to_last_name'],
        
$_POST['x_ship_to_address'],
        
$_POST['x_ship_to_city'],
        
$_POST['x_ship_to_state'],
        
$_POST['x_ship_to_zip'],
        
$_POST['x_ship_to_country'],
        
$_POST['x_invoice_num'],
        
]);
        
$hash = hash_hmac('sha512', '^'.$hashData.'^', hex2bin($signatureKey)); 
        
$hash = strtoupper($hash);
        
if($this->SHA2_Hash === $hash) {
        
  //valid
        
}


        So use all the x_fields from authorize.net to generate hashcode






        share|improve this answer













        I got it working



        Thanks to the https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/td-p/65774/highlight/false



        Instead of using only following three fields




        $api_login_id

        $transaction_id

        $amount;




        I had to use all the following fields see - 



        $hashData = implode('^', [
        
$_POST['x_trans_id'],
        
$_POST['x_test_request'],
        
$_POST['x_response_code'],
        
$_POST['x_auth_code'],
        
$_POST['x_cvv2_resp_code'],
        
$_POST['x_cavv_response'],
        
$_POST['x_avs_code'],
        
$_POST['x_method'],
        
$_POST['x_account_number'],
        
$_POST['x_amount'],
        
$_POST['x_company'],
        
$_POST['x_first_name'],
        
$_POST['x_last_name'],
        
$_POST['x_address'],
        
$_POST['x_city'],
        
$_POST['x_state'],
        
$_POST['x_zip'],
        
$_POST['x_country'],
        
$_POST['x_phone'],
        
$_POST['x_fax'],
        
$_POST['x_email'],
        
$_POST['x_ship_to_company'],
        
$_POST['x_ship_to_first_name'],
        
$_POST['x_ship_to_last_name'],
        
$_POST['x_ship_to_address'],
        
$_POST['x_ship_to_city'],
        
$_POST['x_ship_to_state'],
        
$_POST['x_ship_to_zip'],
        
$_POST['x_ship_to_country'],
        
$_POST['x_invoice_num'],
        
]);
        
$hash = hash_hmac('sha512', '^'.$hashData.'^', hex2bin($signatureKey)); 
        
$hash = strtoupper($hash);
        
if($this->SHA2_Hash === $hash) {
        
  //valid
        
}


        So use all the x_fields from authorize.net to generate hashcode







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jan 21 at 12:43









        Vikas ChauhanVikas Chauhan

        1339




        1339

























            0














            There is definitely a change in the logic for how this hash is calculated as simply changing md5 to sha215 does not work.



            My original hash generation code for md5 (confirmed working):



            $hash = hash_hmac('md5', sprintf('%s^%s^%s^%s^',
            
    $login,      // Authorize.Net API login ID
            
    $sequence,   // Random string
            
    $timestamp,  // time()
            
    $amount      // 1.00
            
),  $this->transactionKey);


            Here's the new code for sha512 (confirmed working):



            $hash = hash_hmac('sha512', sprintf('%s^%s^%s^%s^',
            
    $login,      // Authorize.Net API login ID
            
    $sequence,   // Random string
            
    $timestamp,  // time()
            
    $amount      // 1.00
            
), hex2bin($signature));


            You can see I had to switch out the transactionKey and use the signature instead. I also had to convert it to binary using hex2bin().



            There's a lot of useful, although messy, information about this on the Authorize.Net developer community forums.






            share|improve this answer


























            • I have used a signature key instead of transaction key but not generating the same.

              – Vikas Chauhan
              Jan 21 at 6:16











            • It doesn't look like you are converting the signature key to binary. Have you tried using my code to generate your hash?

              – John Conde
              Jan 21 at 12:24











            • Yes, I followed every step. Though I found a solution as wrote below.

              – Vikas Chauhan
              Jan 21 at 12:34
















            0














            There is definitely a change in the logic for how this hash is calculated as simply changing md5 to sha215 does not work.



            My original hash generation code for md5 (confirmed working):



            $hash = hash_hmac('md5', sprintf('%s^%s^%s^%s^',
            
    $login,      // Authorize.Net API login ID
            
    $sequence,   // Random string
            
    $timestamp,  // time()
            
    $amount      // 1.00
            
),  $this->transactionKey);


            Here's the new code for sha512 (confirmed working):



            $hash = hash_hmac('sha512', sprintf('%s^%s^%s^%s^',
            
    $login,      // Authorize.Net API login ID
            
    $sequence,   // Random string
            
    $timestamp,  // time()
            
    $amount      // 1.00
            
), hex2bin($signature));


            You can see I had to switch out the transactionKey and use the signature instead. I also had to convert it to binary using hex2bin().



            There's a lot of useful, although messy, information about this on the Authorize.Net developer community forums.






            share|improve this answer


























            • I have used a signature key instead of transaction key but not generating the same.

              – Vikas Chauhan
              Jan 21 at 6:16











            • It doesn't look like you are converting the signature key to binary. Have you tried using my code to generate your hash?

              – John Conde
              Jan 21 at 12:24











            • Yes, I followed every step. Though I found a solution as wrote below.

              – Vikas Chauhan
              Jan 21 at 12:34














            0












            0








            0







            There is definitely a change in the logic for how this hash is calculated as simply changing md5 to sha215 does not work.



            My original hash generation code for md5 (confirmed working):



            $hash = hash_hmac('md5', sprintf('%s^%s^%s^%s^',
            
    $login,      // Authorize.Net API login ID
            
    $sequence,   // Random string
            
    $timestamp,  // time()
            
    $amount      // 1.00
            
),  $this->transactionKey);


            Here's the new code for sha512 (confirmed working):



            $hash = hash_hmac('sha512', sprintf('%s^%s^%s^%s^',
            
    $login,      // Authorize.Net API login ID
            
    $sequence,   // Random string
            
    $timestamp,  // time()
            
    $amount      // 1.00
            
), hex2bin($signature));


            You can see I had to switch out the transactionKey and use the signature instead. I also had to convert it to binary using hex2bin().



            There's a lot of useful, although messy, information about this on the Authorize.Net developer community forums.






            share|improve this answer















            There is definitely a change in the logic for how this hash is calculated as simply changing md5 to sha215 does not work.



            My original hash generation code for md5 (confirmed working):



            $hash = hash_hmac('md5', sprintf('%s^%s^%s^%s^',
            
    $login,      // Authorize.Net API login ID
            
    $sequence,   // Random string
            
    $timestamp,  // time()
            
    $amount      // 1.00
            
),  $this->transactionKey);


            Here's the new code for sha512 (confirmed working):



            $hash = hash_hmac('sha512', sprintf('%s^%s^%s^%s^',
            
    $login,      // Authorize.Net API login ID
            
    $sequence,   // Random string
            
    $timestamp,  // time()
            
    $amount      // 1.00
            
), hex2bin($signature));


            You can see I had to switch out the transactionKey and use the signature instead. I also had to convert it to binary using hex2bin().



            There's a lot of useful, although messy, information about this on the Authorize.Net developer community forums.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Jan 19 at 17:33

























            answered Jan 19 at 16:28









            John CondeJohn Conde

            185k80370422




            185k80370422













            • I have used a signature key instead of transaction key but not generating the same.

              – Vikas Chauhan
              Jan 21 at 6:16











            • It doesn't look like you are converting the signature key to binary. Have you tried using my code to generate your hash?

              – John Conde
              Jan 21 at 12:24











            • Yes, I followed every step. Though I found a solution as wrote below.

              – Vikas Chauhan
              Jan 21 at 12:34



















            • I have used a signature key instead of transaction key but not generating the same.

              – Vikas Chauhan
              Jan 21 at 6:16











            • It doesn't look like you are converting the signature key to binary. Have you tried using my code to generate your hash?

              – John Conde
              Jan 21 at 12:24











            • Yes, I followed every step. Though I found a solution as wrote below.

              – Vikas Chauhan
              Jan 21 at 12:34

















            I have used a signature key instead of transaction key but not generating the same.

            – Vikas Chauhan
            Jan 21 at 6:16





            I have used a signature key instead of transaction key but not generating the same.

            – Vikas Chauhan
            Jan 21 at 6:16













            It doesn't look like you are converting the signature key to binary. Have you tried using my code to generate your hash?

            – John Conde
            Jan 21 at 12:24





            It doesn't look like you are converting the signature key to binary. Have you tried using my code to generate your hash?

            – John Conde
            Jan 21 at 12:24













            Yes, I followed every step. Though I found a solution as wrote below.

            – Vikas Chauhan
            Jan 21 at 12:34





            Yes, I followed every step. Though I found a solution as wrote below.

            – Vikas Chauhan
            Jan 21 at 12:34











            0














            When using it in magento 1.9



            In request function:



            $signature_key = hex2bin('7FFA2F94DFC76BC5CEE0E5F6122E51FB2BB0B0743C4F30D561077F5A8F2F1649232B4486A18FAF3435E8A33E18C1D8F79CF5B12991BA954008AD5F54DDB915E6'); //from authorize.net
            
return hash_hmac("sha512",
            
            $merchantApiLoginId . "^" .
            
            $fpSequence . "^" .
            
            $fpTimestamp . "^" .
            
            $amount . "^".
            
            $currencyCode. '^',
            
            $signature_key
            
        );


            In response function:



            $signature_key = hex2bin($merchantMd5);
            
$string = '^'.$merchantApiLogin.'^'.$transactionId.'^'.$amount.'^';
            
$generateHash = strtoupper(HASH_HMAC('sha512',
            
                                $string,
            
                                $signature_key
            
                            ));
            
return hash_equals($generateHash,$this->getData('x_SHA2_Hash'));


            I am getting transaction declined message:



            x_response_code = 3
            
x_response_reason_code = 99
            
x_response_reason_text = (TEST MODE) This transaction cannot be accepted. 
            
x_trans_id = 0


            Is this due to test account ?






            share|improve this answer










            New contributor




            Sharif Kareem is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.





















            • FIrst - This is your question not answer Second - either it is test account or live account transaction will always be accepted. look for the sandbox account if it is set to live -> change it to test

              – Vikas Chauhan
              Jan 25 at 14:20
















            0














            When using it in magento 1.9



            In request function:



            $signature_key = hex2bin('7FFA2F94DFC76BC5CEE0E5F6122E51FB2BB0B0743C4F30D561077F5A8F2F1649232B4486A18FAF3435E8A33E18C1D8F79CF5B12991BA954008AD5F54DDB915E6'); //from authorize.net
            
return hash_hmac("sha512",
            
            $merchantApiLoginId . "^" .
            
            $fpSequence . "^" .
            
            $fpTimestamp . "^" .
            
            $amount . "^".
            
            $currencyCode. '^',
            
            $signature_key
            
        );


            In response function:



            $signature_key = hex2bin($merchantMd5);
            
$string = '^'.$merchantApiLogin.'^'.$transactionId.'^'.$amount.'^';
            
$generateHash = strtoupper(HASH_HMAC('sha512',
            
                                $string,
            
                                $signature_key
            
                            ));
            
return hash_equals($generateHash,$this->getData('x_SHA2_Hash'));


            I am getting transaction declined message:



            x_response_code = 3
            
x_response_reason_code = 99
            
x_response_reason_text = (TEST MODE) This transaction cannot be accepted. 
            
x_trans_id = 0


            Is this due to test account ?






            share|improve this answer










            New contributor




            Sharif Kareem is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.





















            • FIrst - This is your question not answer Second - either it is test account or live account transaction will always be accepted. look for the sandbox account if it is set to live -> change it to test

              – Vikas Chauhan
              Jan 25 at 14:20














            0












            0








            0







            When using it in magento 1.9



            In request function:



            $signature_key = hex2bin('7FFA2F94DFC76BC5CEE0E5F6122E51FB2BB0B0743C4F30D561077F5A8F2F1649232B4486A18FAF3435E8A33E18C1D8F79CF5B12991BA954008AD5F54DDB915E6'); //from authorize.net
            
return hash_hmac("sha512",
            
            $merchantApiLoginId . "^" .
            
            $fpSequence . "^" .
            
            $fpTimestamp . "^" .
            
            $amount . "^".
            
            $currencyCode. '^',
            
            $signature_key
            
        );


            In response function:



            $signature_key = hex2bin($merchantMd5);
            
$string = '^'.$merchantApiLogin.'^'.$transactionId.'^'.$amount.'^';
            
$generateHash = strtoupper(HASH_HMAC('sha512',
            
                                $string,
            
                                $signature_key
            
                            ));
            
return hash_equals($generateHash,$this->getData('x_SHA2_Hash'));


            I am getting transaction declined message:



            x_response_code = 3
            
x_response_reason_code = 99
            
x_response_reason_text = (TEST MODE) This transaction cannot be accepted. 
            
x_trans_id = 0


            Is this due to test account ?






            share|improve this answer










            New contributor




            Sharif Kareem is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.










            When using it in magento 1.9



            In request function:



            $signature_key = hex2bin('7FFA2F94DFC76BC5CEE0E5F6122E51FB2BB0B0743C4F30D561077F5A8F2F1649232B4486A18FAF3435E8A33E18C1D8F79CF5B12991BA954008AD5F54DDB915E6'); //from authorize.net
            
return hash_hmac("sha512",
            
            $merchantApiLoginId . "^" .
            
            $fpSequence . "^" .
            
            $fpTimestamp . "^" .
            
            $amount . "^".
            
            $currencyCode. '^',
            
            $signature_key
            
        );


            In response function:



            $signature_key = hex2bin($merchantMd5);
            
$string = '^'.$merchantApiLogin.'^'.$transactionId.'^'.$amount.'^';
            
$generateHash = strtoupper(HASH_HMAC('sha512',
            
                                $string,
            
                                $signature_key
            
                            ));
            
return hash_equals($generateHash,$this->getData('x_SHA2_Hash'));


            I am getting transaction declined message:



            x_response_code = 3
            
x_response_reason_code = 99
            
x_response_reason_text = (TEST MODE) This transaction cannot be accepted. 
            
x_trans_id = 0


            Is this due to test account ?







            share|improve this answer










            New contributor




            Sharif Kareem is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            share|improve this answer



            share|improve this answer








            edited Jan 25 at 14:33









            Stoogy

            648622




            648622






            New contributor




            Sharif Kareem is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            answered Jan 25 at 13:53









            Sharif KareemSharif Kareem

            12




            12




            New contributor




            Sharif Kareem is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.





            New contributor





            Sharif Kareem is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.






            Sharif Kareem is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.













            • FIrst - This is your question not answer Second - either it is test account or live account transaction will always be accepted. look for the sandbox account if it is set to live -> change it to test

              – Vikas Chauhan
              Jan 25 at 14:20



















            • FIrst - This is your question not answer Second - either it is test account or live account transaction will always be accepted. look for the sandbox account if it is set to live -> change it to test

              – Vikas Chauhan
              Jan 25 at 14:20

















            FIrst - This is your question not answer Second - either it is test account or live account transaction will always be accepted. look for the sandbox account if it is set to live -> change it to test

            – Vikas Chauhan
            Jan 25 at 14:20





            FIrst - This is your question not answer Second - either it is test account or live account transaction will always be accepted. look for the sandbox account if it is set to live -> change it to test

            – Vikas Chauhan
            Jan 25 at 14:20


















            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54256127%2fupdating-md5-to-sha512-authorizenet%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Homophylophilia

            Image
            Haec pagina ad tempus protecta est ob maleficia perpetua. Quaesemus, emendationes suggere in pagina disputationis vel magistratum ad hanc deprotegendam pete. Homophylophilia Hyacinthus complexus ab amante suo Apolline, in pictura Mors Hyacinthi quam Jean Broc pinxit. Homophylophilia est sui sexus vel generis amor vel mores romantici vel sexuales, res venerea masculina in masculos, aut mulier in mulieres appetentes. Hoc ingenium sexuale est "exemplar permanens vel inclinatio ad experiendam sexualem, adfectionalem, vel romanticam vim attrahendi," praecipue vel solum ex hominibus eiusdem sexús; notio "etiam ad hominis iudicium identitatis privatae socialisque in illis attractionibus conditum refert, in moribus quoque qui illos exprimant, et in societate communitatis aliorum qui illos communicent." [1] [2] Per aevos alii aliter rem definiverunt, sed Occidentali nostrae aetatis cultu civili non tantum ad ipsa acta erotica spectat, sed etiam igitur
            Read more

            Updating UILabel text programmatically using a function

            Image
            0 so I am trying to update the UIlabel text using a func. I have seen few other questions like mine and I tried their method but it doesn't work. fun returns no value when used in the UIlabel. I have shown my code below.It has to be noted that when I use the function in viewdidload I can retrieve the data. lazy var name: UILabel = { let lb = UILabel() lb.text? = getthename() lb.lineBreakMode = NSLineBreakMode.byWordWrapping lb.textColor = .mainGreen lb.textAlignment = .left lb.font = UIFont.boldSystemFont(ofSize:12.0) return lb }() func getthename() -> String { var wins : String = "" let ud = (Auth.auth().currentUser?.uid) self.ref = Database.database().reference() self.ref.child("Users").child(ud!).observeSingleEvent(of: .value, with: {(snapshot) in
            Read more

            Cloud Functions - OpenCV Videocapture Read method fails for larger files from cloud storage

            Image
            0 I created a cloud function to read a video file from cloud storage and read frames and create an image for each frame. This function works for small files which is 1-2 MB, However, this method fails while reading larger file 130 MB. import cv2 from google.cloud import storage vidcap = cv2.VideoCapture("https://storage.googleapis.com/[bucker_name]/[filename.mp4]") if vidcap.isOpened(): vidcap.open("https://storage.googleapis.com/[bucker_name]/[filename.mp4]") success,image = vidcap.read() print(success) Expected the print will return true and an image will hold an image of a first frame. python-3.x function opencv cloud share | improve this question
            Read more