This part will explain how Faspay account use encrypt method AES 256 for authorization.
  • String data that will be encrypted -> $plaintext = "APP_KEY:APP_SECRET";
  • algorithm used for encryption -> $algo = "aes256";
  • The Key used for encryption -> faspay_secret (generated by faspay) Step for encrypted the key :
    1. 1.
      hashing key uses the sha 256 algorithm and its output is raw binary data.
    2. 2.
      then, taken 32 characters from the front. Ex : $password = substr(hash('sha256', $key, true), 0, 32);
  • IV for encryption (generated by faspay) Step for encrypted IV :
    1. 1.
      hashing IV uses the md5 algorithm.
    2. 2.
      then taken 16 characters from behind. Ex : $iv = substr(md5($key.self::$iv), -16);
  • Encryption using openssl by including the plaintext, algo, password and iv for the encryption process, and encryption output is binary raw data. $encrypted = openssl_encrypt($plaintext, $algo, $password, OPENSSL_RAW_DATA, $iv);
  • the encryption results are re-encrypted using the base64 encode method to make lowercase hexits. $base64 = base64_encode($encrypted);
Last modified 1yr ago
Copy link