[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Authorize.net fingerprint generation using coldfusion

Posted on 2005-05-11
5
Medium Priority
?
608 Views
Last Modified: 2013-12-20
Hello,
I am trying to integrate my website with authorize.net's payment gateway (my first time integrating with a gateway), and to do this I need to generate a fingerprint to send to them as a hidden field. The fingerprint is suppose to be "a hash generated using an HMAC-MD5 algorithm on a few specified values":

<input type="hidden" name="x_login" id="x_login" value="loginName" />
<input type="hidden" name="x_fp_sequence" value="461">
<input type="hidden" name="x_fp_timestamp" value="67897654" />
<input type="hidden" name="x_amount" id="x_amount" value="10.98" />
<input type="hidden" name="x_tran_key" value="ab349dh47255">

The example I've found of how to generate this fingerprint is:

Fingerprint = HMAC-MD5 ("login^461^67897654^10.98^", "ab349dh47255")

Then it notes: "...the fields are concatenated and separated by the " ^ " character. Here, the transaction key is the cryptographic key used in the HMAC calculation."

I'm not what kind of script that is, but I'm wondering how I could convert that to coldfusion. My immediate thought was to use the Hash() function, but how then might I account for the "cryptographic key" - "ab349dh47255"?

Thanks in advance for any help.
0
Comment
Question by:maddiel
  • 3
  • 2
5 Comments
 
LVL 9

Expert Comment

by:Dain_Anderson
ID: 13981500
I think the "Key" (x_tran_key) is simply used on their end to track the transaction. You can use the UDF at: http://www.cflib.org/udf.cfm?ID=35 to perform the MD5 hash

-Dain
0
 

Author Comment

by:maddiel
ID: 13981574
Yes, the key actually shouldn't be posted to them-- I included it for a reference to go with the example, but I shouldn't have done it as a form field (oops). Thanks for finding me that function, but do you know where within the function I should put the Key (x_tran_key) so that it gets encrypeted correctly like it would in the [Fingerprint = HMAC-MD5 ("login^461^67897654^10.98^", "ab349dh47255")] example?
0
 
LVL 9

Accepted Solution

by:
Dain_Anderson earned 1000 total points
ID: 13981726
Ah, ok, I see now what you're trying to do, but as far as I know, that's only possible in CFMX 7's Encrypt() function, which now takes the "key" and "algorithm"  parameters:

#Encrypt(myString, 'ab349dh47255', 'CFMX_COMPAT')#

The "CFMX_COMPAT" is what was used in previous version of CF (MD5).

I don't know of a way to get this to work without CFMX 7 -- perhaps there's a Java solution that someone here may know about if you're using CFMX 6 or 6.1.

HTH,

-Dain
0
 

Author Comment

by:maddiel
ID: 13981994
Thanks for your help. I'm going to leave this open for possible java solutions. Until then, I'm downloading the CFMX 7 developers edition. Thx again!
0
 

Author Comment

by:maddiel
ID: 13982357
I solved it by using this custom tag:

<HTML>
<HEAD>
      <TITLE>HMAC Message Authentication</TITLE>
</HEAD>

<BODY>

<!--- default values of optional parameters --->
<CFPARAM name="attributes.data_format" default="">
<CFPARAM name="attributes.key_format" default="">
<CFPARAM name="attributes.hash_function" default="md5">
<CFPARAM name="attributes.output_bits" default="256">

<!--- Figure out what's coming in for troubleshooting --->
<CFSET caller.incoming=attributes.data>


<!--- convert data to ASCII binary-coded form --->
<CFIF attributes.data_format EQ "hex">
      <CFSET hex_data = attributes.data>
<CFELSE>
      <CFSET hex_data = "">
      <CFLOOP index="i" from="1" to="#Len(attributes.data)#">
            <CFSET hex_data = hex_data & Right("0"&FormatBaseN(Asc(Mid(attributes.data,i,1)),16),2)>
      </CFLOOP>
</CFIF>

<!--- convert key to ASCII binary-coded form --->
<CFIF attributes.key_format EQ "hex">
      <CFSET hex_key = attributes.key>
<CFELSE>
      <CFSET hex_key = "">
      <CFLOOP index="i" from="1" to="#Len(attributes.key)#">
            <CFSET hex_key = hex_key & Right("0"&FormatBaseN(Asc(Mid(attributes.key,i,1)),16),2)>
      </CFLOOP>
</CFIF>

<CFSET key_len = Len(hex_key)/2>

<!--- if key longer than 64 bytes, use hash of key as key --->
<CFIF key_len GT 64>
      <CFSWITCH expression="#attributes.hash_function#">
            <CFCASE value="md5">
                  <cf_md5 msg="#hex_key#" format="hex">
            </CFCASE>
            <CFCASE value="sha1">
                  <cf_sha_1 msg="#hex_key#" format="hex">
            </CFCASE>
            <CFCASE value="sha256">
                  <cf_sha_256 msg="#hex_key#" format="hex">
            </CFCASE>
            <CFCASE value="ripemd160">
                  <cf_ripemd_160 msg="#hex_key#" format="hex">
            </CFCASE>
      </CFSWITCH>
      <CFSET hex_key = msg_digest>
      <CFSET key_len = Len(hex_key)/2>
</CFIF>

<CFSET key_ipad = "">
<CFSET key_opad = "">
<CFLOOP index="i" from="1" to="#key_len#">
      <CFSET key_ipad = key_ipad & Right("0"&FormatBaseN(BitXor(InputBaseN(Mid(hex_key,2*i-1,2),16),InputBaseN("36",16)),16),2)>
      <CFSET key_opad = key_opad & Right("0"&FormatBaseN(BitXor(InputBaseN(Mid(hex_key,2*i-1,2),16),InputBaseN("5c",16)),16),2)>
</CFLOOP>
<CFSET key_ipad = key_ipad & RepeatString("36",64-key_len)>
<CFSET key_opad = key_opad & RepeatString("5c",64-key_len)>

<CFSWITCH expression="#attributes.hash_function#">
      <CFCASE value="md5">
            <cf_md5 msg="#key_ipad##hex_data#" format="hex">
            <cf_md5 msg="#key_opad##msg_digest#" format="hex">
      </CFCASE>
      <CFCASE value="sha1">
            <cf_sha_1 msg="#key_ipad##hex_data#" format="hex">
            <cf_sha_1 msg="#key_opad##msg_digest#" format="hex">
      </CFCASE>
      <CFCASE value="sha256">
            <cf_sha_256 msg="#key_ipad##hex_data#" format="hex">
            <cf_sha_256 msg="#key_opad##msg_digest#" format="hex">
      </CFCASE>
      <CFCASE value="ripemd160">
            <cf_ripemd_160 msg="#key_ipad##hex_data#" format="hex">
            <cf_ripemd_160 msg="#key_opad##msg_digest#" format="hex">
      </CFCASE>
</CFSWITCH>
<CFSET caller.digest = Left(msg_digest,attributes.output_bits/4)>
</BODY>
</HTML>
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about the eCommerce marketing trends for the year ahead.
In the below post we have mentioned the best hosting type for startups. Also, check out some of the superlative web hosting companies that are proposing affordable web hosting solutions to host your startup website.
The purpose of this video is to demonstrate how to integrate Mailchimp with Facebook. This will be demonstrated using a Windows 8 PC. Mailchimp and Facebook will be used. Log into your Mailchimp account. : Click on your name. Go to Account Setti…
The purpose of this video is to demonstrate how to set up an RSS Feed on a WordPress Website. This will be demonstrated using a Windows 8 PC. Feedburner will be used for this demonstration. Go to your WordPress login page. This will look like the…
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question