Paypal Encrypted Website payments
I am trying to integrate a PayPal Website Payments Standard > Cart Upload payment type into my shopping cart. I integrated Google Checkout a while back and I did not find it overly confusing as I do paypal.
I am getting info on how to encrypt it from here: https://cms.paypal.com/us/cgi-bin/?&cmd=_render-content&content_ID=developer/e_howto_html_encryptedwebpayments#id08A3I0P017Q
Paypal says I need to generate a private key and a public certificate using OpenSSL. I went to OpenSSL and downloaded the latest release, which is just a folder containing various files but I see no application开发者_开发问答 I can use, not sure what to do here.
Even if I were to get OpenSSL to generate me a private key and public cert, the next step is to download either an MS or Java command line tool to create the encrypted cart ahead of time with the cart-total, tax, etc. which sounds crazy to me, like I am supposed to manually do this prior to every order??
Obviously I do not know the items in the cart the customer is going to buy before hand so I need this to be done on the fly on my website using PHP. But I am completely lost. There has to be a way to setup dynamic secure cart uploads to paypal. Can someone please point me in the right direction?
Firstly, your problem with OpenSSL. If you use linux or Mac it is easy (as always). Install the package as usual and use the command on the paypal instructions page. On Windows, make sure you are downloading binaries not source from this page.
You do not need to use the Java programme they provide to generate the links. That part of the instruction sheet is for people making static pages, not using PHP. PayPal is a big solution that gives you a huge amount of flexibility, but they do that by providing you with lots of different APIs and ways of handling payments. EWPs (encrypted website payments), in the link you posted, are not what you are looking for.
It has been a couple of years now since I used PayPal in a solution for a customer. Last time, there was a separate API to do what you are asking called PDT (Payment data transfer). The API has changed a bit since I last used it, and the documentation seems to have moved around since I last downloaded it, but there is still the 'website payments standard integration guide' and 'order management integration guide'. Those still have the instructions you are looking for I think.
The short answer is that generating the encrypted links yourself to build a custom solution is very possible with PayPal, but you do have to do some work to make it happen. The docs are hard to find on the site
While Nicholas has already answered how you go about generating the private key and certificate you need and suggested using PDT to fufill your needs, I also wanted to pick up on actually using encrypted payments in PHP as I'm sure some visistors will want to do this.
The server you run will need openssl installed on it (it is installed on most Linux servers) and you will need to be able to execute this from php (i.e. via the exec command).
Code to do this is available here:
http://www.stellarwebsolutions.com/en/articles/paypal_button_encryption_php.php
I used this successfully (after tweaking the file variables as they were not being correctly picked up within the function).
This post seems tad bit old, I guess.
Still, I thought I might throw in my 2 cents
Paypal now was the option to simply click a checkbox your "Seller" tab, which states : "Do not accept payments which originate from an unencrypted website"......or something similar.
In addition, there are the options (also recommended by Paypal), to download their own Certificate, generate your own (or a public key), and use BOTH to verify and check that a payment is not fraudulent.
I am currently in the process of doing this right now. I created paypal buttons on my website, and clicked the option to reject payments from unencrypted websites.
The problem is : this so-called "security measure" is blocking about 50% of customers on my website, and for no apparent reason.
Which is why I am seriously considering REMOVING this so-called security-feature from my paypal button! It's a hassle. All paypal payments are secure anyway, as they go through SSL. My website is equally protected with SSL encryption.
And, judging from extensive research online, most people are of the same opinion as I am : the "encrypted" button is not worth the time and trouble, especially if it only pisses off 50% of your potential customers!
For Python users, the python-ewp package takes care of the signature and encryption. * Assuming you have the OpenSSL headers and libraries available, installation is as simple as:
pip install ewp
Once you have a string containing the key=value
lines, you can pass it to ewp.sign()
to generate the signature and ewp.encrypt()
for encryption:
signature = ewp.sign('test.key', 'test.crt', data)
ciphertext = ewp.encrypt('paypal.crt', signature)
Note that three filenames are provided:
test.key
- a private RSA keytest.crt
- an X509 certificate signed by the keypaypal.crt
- PayPal's public certificate
You can generate an RSA key with:
openssl genrsa -out test.key 2048
...and create a self-signed certificate valid for one year with:
openssl req -new -key test.key -x509 -days 3650 -out test.crt
The PayPal certificate can be obtained by following these instructions.
* Disclaimer: I am the author of the package.
精彩评论