This part will explain how Faspay account use encrypt method AES 256 for authorization.


  • String data that will be encrypted -> $plaintext = "APP_KEY:APP_SECRET";

  • algorithm used for encryption -> $algo = "aes256";

  • The Key used for encryption -> faspay_secret (generated by faspay) Step for encrypted the key :

    1. hashing key uses the sha 256 algorithm and its output is raw binary data.

    2. then, taken 32 characters from the front. Ex : $password = substr(hash('sha256', $key, true), 0, 32);

  • IV for encryption (generated by faspay) Step for encrypted IV :

    1. hashing IV uses the md5 algorithm.

    2. then taken 16 characters from behind. Ex : $iv = substr(md5($key.self::$iv), -16);

  • Encryption using openssl by including the plaintext, algo, password and iv for the encryption process, and encryption output is binary raw data. $encrypted = openssl_encrypt($plaintext, $algo, $password, OPENSSL_RAW_DATA, $iv);

  • the encryption results are re-encrypted using the base64 encode method to make lowercase hexits. $base64 = base64_encode($encrypted);

Last updated