Archive for June, 2007

Paypal Encrypted Web Payments

Thursday, June 14th, 2007

I've spent this afternoon fighting with Paypal's developer sandbox to make encrypted web payments work. This is the system of whereby the details of an order are transferred as a form field encrypted with public key cryptography, but I wouldn't expect anyone to know that because Paypal has a wide glossary of internal terminology that is almost impenetrable to the novice.

I have never done a particularly large amount with Paypal. It's come up occasionally but I've always done the hastiest job possible, perhaps pasting some code from PaypalTech.com or something. This time I've been working in Python with Django so I've had to develop everything from scratch with the M2Crypto OpenSSL wrapper. Paypal's developer documentation lacks sufficient detail for a clean-room implementation (thought there are numerous examples to be found, none exactly corresponded to M2Crypto/Python). Furthermore, it does not give useful error messages, which can make it extremely troublesome to integrate with.

This is how I made EWP work.

  1. Paypal expects data to arrive as a set of key-value pairs, which you should already have/know about. The documentation for these is extensive.
  2. Make the payment system work unencrypted, using input fields with the corresponding names and values to the key-value pairs. This ensures that the information PayPal needs to receive is correct before you start faffing with encrypting that data. If you do not have a PayPal account, you can sign up for a "sandbox" account, then register as many scratch accounts as you like. Note that PayPal does not email you the confirmation emails for sandbox account; they appear in the sandbox interface under the "Emails" tab.
  3. Generate an SSL keypair in PEM format with openssl genrsa . If you view this file, it is titled as "PRIVATE KEY", but it does contain both private and public keys. The exact commandline arguments for this command are documented in the PayPal Website Payments Standard Integration Guide.
  4. Generate a self-signed SSL certificate from your keypair with openssl req. An SSL certificate contains your public key, some details about the owner, and one or more cryptographic signatures. Again, this is well documented.
  5. Exchange certficates with PayPal by logging in and visiting "Encrypted Web Payments" under "Profile". You save PayPal's certificate to a file, and upload your own. Paypal assigns a certificate ID to your certificate, which you must now add to your key-value pairs under the key cert_id . It displays this certificate ID in the table and will also email you a copy. Recall however, that PayPal's sandbox development server does not actually email you; "emails" are stored and are available on the web interface under the "Emails" tab.
  6. Generate the plaintext for the signing by encoding the key-value pairs as key=value , separated only by linefeed (\n, ASCII 0×0a) characters. CR-LF does not work.
  7. Sign the plaintext using S/MIME. This requires both your private key (for the cryptography) and your certificate (to identify whose signature it is). Use these options:
    • Use binary input mode, which prevents OpenSSL munging its input.
    • Encode the data in opaque form. This implies that the text to be signed is encoded along with the signature, as opposed to detached, which doesn't encode the plaintext.
    • Output the resulting PKCS7 structure in DER (not PEM, nor S/MIME) format. This is a binary format.
  8. Encrypt the resulting DER using PayPal's certificate (ie. public key):
    • Again, use binary input mode
    • Use the 3-key triple-DES, CBC mode block cipher. OpenSSL calls this des-ede3-cbc or just des3.
    • Output the resulting PKCS7 structure in PEM format, which is a base64-encoded format.
  9. Insert the PEM blob into a form field named encrypted. There must also be a hidden value form field, named cmd, with value _s-xclick.

Posted in Crypto, e-Commerce | No Comments »

PHP Superclass constructor

Monday, June 11th, 2007

I have just found this expression in some PHP code I wrote around two years ago:

// Call the constructor of the parent class
$this->{get_parent_class(__CLASS__)}();

I've never seen this syntax before, and I couldn't find any reference to it in the PHP documentation. The closest I found was a brief mention that curly brackets could be used to resolve ambiguity in expressions like ${$a}[0]. I have probably pasted it from somewhere after taking a dislike to some of the other ways of calling the superclass constructor (which must be done explicitly in PHP).

This looks like it might be useful in a variety of situations, except that I'm reluctant to use what is, AFAICT, undocumented syntax.

Posted in PHP | No Comments »

2012 Olympic Logo

Wednesday, June 6th, 2007

2012 Olympic LogoI'm watching the London 2012 logo fiasco with interest because it's very rare for the public to take an interest in graphic design in this way. The criticism of it has covered almost every aspect, and there are remarkably few people who actually like it. This logo represents £10 billion of investment so it's crucial that they get it right. On that basis, £400,000 isn't unreasonable.

If we are talking about a budget of £400,000 for just the branding (and I believe that figure covers the production costs for the entire marketing campaign), we're in a very different league to the kind of ad-hoc logo design I usually deal with. Normally with logo design, I come up with a few ideas, as different as possible, based on what I perceive the brandee's identity to be, and there's usually one or two in there that are decent enough for the client to want to run with.

Trusted with a budget as large as this, and forced to provide some measure of accountability rather than just using Inkscape's random polygon tool and stuffing the cash into my pockets, I would probably conceive of a procedure like:

  1. Write down design criteria that the marketing campaign must meet, both at a technical and an aesthetic level.
  2. Production of a whole load of logos that meet the formalised criteria.
  3. Allow LOCOG to narrow it down to a few candidate logos.
  4. Pitch each campaign and logo to a separate focus group comprising a proportion of foreign nationals, Brits and Londoners, to judge public response to each. At this stage, you can not only ask whether they like it, but actually collect feedback on how it can be improved.
  5. Repeat steps 3 and 4, unless the response is so poor that you have to return to step 2.

I cannot imagine that this logo has come through any such process. Focus groups are cheap and they can prevent mistakes which cost millions! I can conceive of how the graphic designer might submit this to LOCOG, but not how this could have been selected as the final logo unless the alternatives were truly dreadful, but that does not constitute endorsement and focus groups responses would have reflected that.

I would envisage that design criteria for any Olympics logo would be along these lines:

  • MUST incorporate the Olympic rings device unaltered and preferably in full colour.
  • MUST incorporate the name of the host city in legible roman script, and optionally local script.
  • MUST incorporate contain the year 2012 in legible Arabic or Roman numerals.
  • MUST NOT incorporate other text.
  • MAY convey a mild national theme or style, contemporary if possible.
  • SHOULD convey athletic achievement and/or Olympic tradition.
  • SHOULD remain identifiable as the Olympic logo regardless of treatment, orientation and low-fidelity reproduction.
  • MUST NOT exhibit any image likely to cause offense to any group, particularly with a view to avoiding cross-cultural faux pas.
  • SHOULD NOT exhibit anachronism.
  • SHOULD be distinctive, worldwide.

Posted in Graphic Design | 1 Comment »