blog.sojoodi.com

September 19, 2007

Secure PayPal buttons with OpenSSL

Filed under: Crypto, Ruby — Sahand @ 10:44 pm

Today, while integrating PayPal payments with our website, I was introduced to the world of OpenSSL. Actually, this admission is a little embarrassing, given that I have actually worked at a Cryptography company before (Certicom)! But it was a long time ago and I was working on the really low-level optimizations not the user interface.

In any case, this post contains all the useful links I came across as well as cool little tricks I learned along the way.

First off, you can use OpenSSL to generate your own private key and public certificate. The following is an example with PayPal parameters (RSA 1024 and X.509)


openssl genrsa -out my-prvkey.pem 1024
openssl req -new -key my-prvkey.pem -x509 -days 365 -out my-pubcert.pem

Secondly, in order to generate encrypted buttons for PayPal, hence hiding all the information you are sending them, you will have to devise a simple Public Key Encryption scheme. For more details on how to submit your public certificate to PayPal and how to download theirs, go here. Also, for more information on PayPal button HTML options, refer to their website.

But assuming we have everything in place, I used the following lines of ruby code in order to generate the encrypted button (fictitious data):

button_options_hash = {
  :cmd => "_xclick",
  :business => "sahand_blahblah@ gmail.com",
  :item_name => "blahblah_item",
  :amount => "10",
  :item_number => "123456789",
  :shipping => "0.00",
  :no_note => "1",
  :return => "http://sojoodi.com/accepted",
  :cancel_return => "http://sojoodi.com/cancelled",
  :currency_code => "USD",
  :cert_id => "ABCDEFGHIJKLM"
}

ssl_command = "openssl smime -sign -signer my-pubcert.pem -inkey my-prvkey.pem " +
              "-outform der -nodetach -binary | openssl smime -encrypt -des3 -binary " +
              "-outform pem paypal_sandbox_cert.pem"
encryptor = IO.popen(ssl_command, "w+b")
button_options_hash.each { |i,j| encryptor.puts i.to_s+"="+j.to_s }
encryptor.close_write
@pp_button_encrypted_options = encryptor.readlines.join

There were two other very useful links that I used in order to get PayPal working with my app:
This was a short and sweet page on the Perl implementation. And this was a similar one using a BASH script. The examples provided on the official PayPal site were scary, so take a look at these two first for morale boost.

Cheers!

© 2007 Sahand Sojoodi
Powered by WordPress