Hi,
I am attempting to encrypt a
string for passing to SagePay, but so far my attempts are rejected by SagePay saying that the encryption method I have used is not supported.
Their
doc says: This string should be encrypted using the AES/CBC/PCKS#5 algorithm and the pre-registered Encryption password, then subsequently Base64 encoded to allow safe transport in an HTML form.
The password they provide looks a bit like this: 8JQc4w5MUsZ47Z8z
Here is some code I cobbled together to encrypt my plainTextString using my passwordString
I didn't know how to convert the password they provide to a SecretKey used by Cipher, so there are guesses in there.
byte[] byteDataToEncrypt = plainTextString.getBytes();
Cipher aesCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecureRandom rand = SecureRandom.getInstance("SHA1PRNG");
byte[] salt = new byte[16];
rand.nextBytes(salt);
PBEKeySpec keySpec = new PBEKeySpec(passwordString.toCharArray(), salt, 65536, 256);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
PBEKey key = (PBEKey) factory.generateSecret(keySpec);
SecretKey secretKey = new SecretKeySpec(key.getEncoded(), "AES");
aesCipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] byteCipherText = aesCipher.doFinal(byteDataToEncrypt);
crypt = new BASE64Encoder().encode(byteCipherText);
System.out.println("Cipher Text generated using AES is " + crypt);
Have SagePay provided enough info for me to achieve the encryption; they have basically just told me that I must be doing it wrong and they can't help and certainly wouldn't comment on any code! They do provide a
Java api, but then the bit that does the encryption is as they put it "locked down" so they refuse to provide a class/method in the API to do the encryption/decryption for me!
Many thanks to anyone who can help.
John