Paypal development. encrypt transactions. php p12

Posted by ninchen on Stack Overflow See other posts from Stack Overflow or by ninchen
Published on 2014-05-28T09:23:08Z Indexed on 2014/05/28 9:24 UTC
Read the original article Hit count: 258

Filed under:
|
|
|
|

when i take a look at the paypal documentation, they say "Note that the PayPal SDK for PHP does not require SSL encryption". https://developer.paypal.com/docs/classic/api/apiCredentials/#encrypting-your-certificate

Is the statement of this phrase, that i don't have to create a p12 certificate when working with php, but use the public_key.pem and paypal_public_key.pem?

If yes: Is it secure enough to create the encrypted form input elements without p12 certificate?

If no: What do they mean? :-)

Before this question came up, i've tested this little programm. http://www.softarea51.com/blog/how-to-integrate-your-custom-shopping-cart-with-paypal-website-payments-standard-using-php/

There is a config file paypal-wps-config.inc.php where i can define the paths to my certificates.

  // tryed to use // 'paypal_cert.p12 ';
  $config['private_key_path'] = '/home/folder/.cert/pp/prvkey.pem'; 

  // must match the one you set when you created the private key
  $config['private_key_password'] = ''; //'my_password'; 

When i try to use the p12 certificate, openssl_error_string() returns "Could not sign data: error:0906D06C:PEM routines:PEM_read_bio:no start line openssl_pkcs7_sign

When i instead use the prvkey.pem without password all works fine.

Here is the function, which signs and encrypt the data.

    function signAndEncrypt($dataStr_, $ewpCertPath_, $ewpPrivateKeyPath_, $ewpPrivateKeyPwd_, $paypalCertPath_)
    {

        $dataStrFile  = realpath(tempnam('/tmp', 'pp_'));
        $fd = fopen($dataStrFile, 'w');
        if(!$fd) {
            $error = "Could not open temporary file $dataStrFile.";
            return array("status" => false, "error_msg" => $error, "error_no" => 0);
        }
        fwrite($fd, $dataStr_);
        fclose($fd);

        $signedDataFile = realpath(tempnam('/tmp', 'pp_'));
        **// here the error came from**
        if(!@openssl_pkcs7_sign(    $dataStrFile,
                                    $signedDataFile,
                                    "file://$ewpCertPath_",
                                    array("file://$ewpPrivateKeyPath_", $ewpPrivateKeyPwd_),
                                    array(),
                                    PKCS7_BINARY)) {
            unlink($dataStrFile);
            unlink($signedDataFile);
            $error = "Could not sign data: ".openssl_error_string();
            return array("status" => false, "error_msg" => $error, "error_no" => 0);
        }

        unlink($dataStrFile);

        $signedData = file_get_contents($signedDataFile);
        $signedDataArray = explode("\n\n", $signedData);
        $signedData = $signedDataArray[1];
        $signedData = base64_decode($signedData);

        unlink($signedDataFile);

        $decodedSignedDataFile = realpath(tempnam('/tmp', 'pp_'));
        $fd = fopen($decodedSignedDataFile, 'w');
        if(!$fd) {
            $error = "Could not open temporary file $decodedSignedDataFile.";
            return array("status" => false, "error_msg" => $error, "error_no" => 0);
        }
        fwrite($fd, $signedData);
        fclose($fd);

        $encryptedDataFile = realpath(tempnam('/tmp', 'pp_'));
        if(!@openssl_pkcs7_encrypt( $decodedSignedDataFile,
                                    $encryptedDataFile,
                                    file_get_contents($paypalCertPath_),
                                    array(),
                                    PKCS7_BINARY)) {
            unlink($decodedSignedDataFile);
            unlink($encryptedDataFile);
            $error = "Could not encrypt data: ".openssl_error_string();
            return array("status" => false, "error_msg" => $error, "error_no" => 0);
        }

        unlink($decodedSignedDataFile);

        $encryptedData = file_get_contents($encryptedDataFile);
        if(!$encryptedData) {
            $error = "Encryption and signature of data failed.";
            return array("status" => false, "error_msg" => $error, "error_no" => 0);
        }

        unlink($encryptedDataFile);

        $encryptedDataArray = explode("\n\n", $encryptedData);
        $encryptedData = trim(str_replace("\n", '', $encryptedDataArray[1]));

        return array("status" => true, "encryptedData" => $encryptedData);
    } // signAndEncrypt
} // PPCrypto

The main questions: 1. Is it possible to use p12 cert with php, or is it secure enough to work without it? 2. Why i become an error when using openssl_pkcs7_sign

Please help.

Greetings ninchen

© Stack Overflow or respective owner

Related posts about php

Related posts about ssl