question

xmark avatar image
xmark asked David Marginian Deactivated commented

Difficulty encrypting the pan to get a card token

I've been trying to get a payment integration working using PHP. I've gotten all the Oauth stuff and access tokens working up to the point where I need to get a card token. I'm using openSSL and I've gotten phpseclib 3.0 working and I'm using the TA_PUBLIC_KEY_DEV key from the CDN. From what I've seen in the community here, the prefix is supposed to be 00000000 so I'm using that. Here's the code for where I generate the public key and encrypt the PAN:

  $ta_public_key = bin2hex(base64_decode($TA_PUBLIC_KEYS['TA_PUBLIC_KEY_DEV']));
  $modulus  = substr($ta_public_key, 0, 512);
  $exponent = substr($ta_public_key, -5);
  $prefix = "00000000";
  $rsa = PublicKeyLoader::load([
    'e' => new BigInteger($exponent, 256),
    'n' => new BigInteger($modulus, 256)
  ]);
  openssl_public_encrypt($prefix.$cardnumber, $encrypted, "$rsa", OPENSSL_PKCS1_OAEP_PADDING);

The $rsa key seems to be a valid key, and the value at $encrypted looks good as far as I can tell, but I'm getting a 500 Internal Server Error when I try to POST it over to v1/tokens

From what I've read, a 500 error likely means that it was somehow not encrypted properly, but I can't figure out what I could be doing wrong. Is there some specific type of RSA encryption that needs to be specified in some way for openssl_public_encrypt? Am I grabbing the modulus and exponent properly and passing it to PublicKeyLoader properly?

The page at https://docs.clover.com/docs/ecommerce-generating-a-card-token mentions that you need to send a transarmor_key_id along with the post, with no explanation of what a transarmor_key_id is or where to find one. And that variable name is not even mentioned in the API reference page at https://docs.clover.com/reference/createtoken and I seem to be able to put the post through without that variable (it's a 500 error, but I'm not sure if the lack of a transarmor_key_id has anything to do with it) Do I need that? And if so, how do I get it?

ecommerce
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image
David Marginian Deactivated answered David Marginian Deactivated edited

The transarmor key should not be passed if you are following the instructions here and retrieving the public encryption keys from the CDN - https://docs.clover.com/docs/ecommerce-generating-a-card-token#encrypting-card-data.

Try this:

https://community.clover.com/questions/37890/card-encryption-for-getting-card-token-with-php.html?childToView=37918#comment-37918

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

xmark avatar image
xmark answered David Marginian Deactivated commented

Okay, from that other thread I see that I was using the wrong number in the BigInteger calls, changed that to:

  $rsa = PublicKeyLoader::load([
    'e' => new BigInteger($exponent, 16),
    'n' => new BigInteger($modulus, 16)
  ]);

And I'm not trying to send any transarmor_key_id as it seem that it's not necessary in this situation. However, I still get a 500 error. Here's what my JSON post to v1/tokens looks like:

{"card":{"encrypted_pan":"HgATJhfL4DVBYkawYIzOzCbgMBpUnHvkhZjv77HoAJ78dEnRV0VwCXahwLh2SuBeAktmk1Npu9fVjbnL3xFYZ2oF4QWAO2Itj+n+okNFbmym8HGwWyxxRrbvyOovHYhX4x+no4mmvoUwDKEJrNfb+3Mb9c2tkNBt6uvtSWZIKU\/C3qJFaCKMPIOOA7IHv4n\/lZb5J6Bp7X9SPuj0rYugYZL1nNXnE3BY08ASlERVBOUmYIXRFMaErbHrxXtYcqvj9liXBv55swBPHFotxilsyEynH9RvFAy0NX44UeKS0actzrtyi31xfzgvHuAHrGol60f0MRW5\/Uk3wxKEqciwQg==","exp_month":"10","exp_year":"2023","cvv":"123","brand":"DISCOVER","first6":"601136","last4":"6668"}}

Any idea what might be wrong with it?

3 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Are you using the encryption keys from the CDN?
1 Like 1 ·
xmark avatar image xmark David Marginian ♦♦ ·

Yes. Actually, I figured out what I was doing wrong: I didn't take the spaces out of the credit card number before encrypting it. It worked after I did that!

0 Likes 0 ·
Excellent!
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community