blog.sojoodi.com

Today, while integrating PayPal payments with our website, I was introduced to the world of OpenSSL. Actually, this admission is a little embarrassing, given that I have actually worked at a Cryptography company before (Certicom)! But it was a long time ago and I was working on the really low-level optimizations not the user interface.

In any case, this post contains all the useful links I came across as well as cool little tricks I learned along the way.

First off, you can use OpenSSL to generate your own private key and public certificate. The following is an example with PayPal parameters (RSA 1024 and X.509)

openssl genrsa -out my-prvkey.pem 1024
openssl req -new -key my-prvkey.pem -x509 -days 365 -out my-pubcert.pem

Secondly, in order to generate encrypted buttons for PayPal, hence hiding all the information you are sending them, you will have to devise a simple Public Key Encryption scheme. For more details on how to submit your public certificate to PayPal and how to download theirs, go here. Also, for more information on PayPal button HTML options, refer to their website.

But assuming we have everything in place, I used the following lines of ruby code in order to generate the encrypted button (fictitious data):

button_options_hash = {
  :cmd => "_xclick",
  :business => "sahand_blahblah@ gmail.com",
  :item_name => "blahblah_item",
  :amount => "10",
  :item_number => "123456789",
  :shipping => "0.00",
  :no_note => "1",
  :return => "http://sojoodi.com/accepted",
  :cancel_return => "http://sojoodi.com/cancelled",
  :currency_code => "USD",
  :cert_id => "ABCDEFGHIJKLM"
}

ssl_command = "openssl smime -sign -signer my-pubcert.pem -inkey my-prvkey.pem " +
              "-outform der -nodetach -binary | openssl smime -encrypt -des3 -binary " +
              "-outform pem paypal_sandbox_cert.pem"
encryptor = IO.popen(ssl_command, "w+b")
button_options_hash.each { |i,j| encryptor.puts i.to_s+"="+j.to_s }
encryptor.close_write
@pp_button_encrypted_options = encryptor.readlines.join

There were two other very useful links that I used in order to get PayPal working with my app:
This was a short and sweet page on the Perl implementation. And this was a similar one using a BASH script. The examples provided on the official PayPal site were scary, so take a look at these two first for morale boost.

Cheers!

I came across an interesting article on algorithms in, of all places, The Economist. It briefly describes the Luhn algorithm for credit card validation. So I hacked together the following piece of Ruby code which does just that.

print "Enter card number: "
cc_number = gets.chomp.tr(' -','')
checksum = 0
double = false
cc_number.reverse.each_byte do |digit|
  dig = digit.chr.to_i
  checksum += (double ? (dig*2)%9 : dig)
  double = !double
end

if checksum%10 == 0
  puts "valid CC number"
else
  puts "Invalid"
end

For more interesting articles on this, see the following:

http://www.darkcoding.net/index.php/credit-card-numbers/
http://www.merriampark.com/anatomycc.htm

Hello,

Thank you for visiting my blog. I am a Computer Engineer by training who has recently turned from hardware programming and modeling to web-application development. I am currently a co-founder of an online service site which you will hear about soon I hope.

This blog will be mostly technical for now, containing information about my week-to-week learnings in this new field — Ruby on Rails to be exact. However, I’ll try to include other topics as well if I come across interesting ones.

I hope you come across useful information in the blog and enjoy it.

Sahand