I am still building a payment gateway. The payment operator have a
ready-made library for php, and it was pretty straight-forward to just
convert it to Lasso.

One problem though, with encryption, which always seems to be the tricky
part in this kind of gateways. Below is the problem and my
dirty solution (include a php file to process the digest part).

The original php code was like this (simplified here). This is for
calculating a MAC value based on a string of parameters.

$generatedMac = hash_hmac("sha256","$myparams",$mypw);

The problem is that in Lasso 8.6 I cannot use

encrypt_hmac(-token=$myparams,-digest=sha256,-password=$mypw)

....because that yields a Lasso error:

> [Encrypt_HMAC] The digest "sha256" is not supported by Lasso on this
> machine. Supported digest types include (MD2, MD4, MD5, SHA, SHA1,
> DSA-SHA, DSA, RIPEMD160).

(The OS is CentOS 6). However, on command line I can use SHA256:

# openssl dgst -sha256 -hmac 'mypassword' myfile

But the result is not the same as with the php tag, I don't know why. I
could not make them match.

So my dirty solution is to use a php file to calculate. I will pass the
parameters from my payment validation ctag like this:

local('generatedMac') include_url($myserver + '/digest-test.php',
-username='myuser',
-password='mypass',
-GETParams=(array('macbasis'=#macbasis))
);

Seems to work just fine. Still, a cleaner solution would be nice. :-)

- Jussi

#############################################################

This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>