Tweet
I am working on integrating to amazon pay v2 and have most of it ready I am stuck on creating my signature with a salt length of 20. Does not seem to be an option in the api, do I need to use a different api first?
I am able to verify amazon output using my public certificate in python. But when I try and generate it in rpg the output is the same every time which it shouldn't be and it will not verify. I need to use a salt length of 20 to create a randomized output that will verify.
Rpg code
I am able to verify amazon output using my public certificate in python. But when I try and generate it in rpg the output is the same every time which it shouldn't be and it will not verify. I need to use a salt length of 20 to create a randomized output that will verify.
Code:
from Crypto.Signature import pss
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
import base64
#amazon message works
message = b'AMZN-PAY-RSASSA-PSS\n346fe3fb1b84bac499c3f7dd1300fd34c3f7635eba8930fd682692a94d88f248'
signature = base64.b64decode('E8uc9hOs+w5Y3+2KZlNRaP6npwsfV+hjosibPj7z5yDEqjUGLJ2h8KkT+EYk/Lbeb7QDWPots2c7g2oxNYkRrWZko+HcmgzNT/hM1mvjHADB5wZJzfNuy9TerTKZ4xYrJRKmWNzptjKSJYqhCuO0ZMK1OvStc2cSTpBNPQ2dDVcLNnIsIqyxBJlwPNrC3b8xkK36wpF/rcqUJ4osWBvAZFGtLTpSEbdSlzUno5PdgPyisiXZqmaf1Wv74I7bbR4WPZTXHDa0B3tZGrklhBgJU1tcqMX7dmPUzqUrQcNTPwPA2qIYXJ6uk3iZST768lB/sUleuq7MA7bfU6EmU0rwfg==')
print(signature)
#my test does not
#message = b'test'
# signature = base64.b64decode('rIDc/qoQ+0mLBYN1ym0zEh7Qz2bt11KZKN1iLBOcaKHtWhhhdsPQ7HeweEc8uq8HVCFPamWWKRrg7mYhbaQXPNLU2VzRnlVY0S8K530fSN8jIGVbN9qa8vrM11WOWoE5glKlZM8qDGzCQUEpqmU+kBC8TA5tlbbMCuRZu2vH9t8qxCjEXDd78lERLLyCnAg5k0ykyHCDo4soTNLGb3UzjMg5kkQN+HQFHxyXUAlaDec3Z+xLlWBGmj+3ANcSQ/u6qjA0pWWvqIrEYkX1PXgmnrzPz9oDSyRB82piOLzESiPt6w/scdWmPSeKVgi5tXRVhxTMqBwqYEVCbUnc5AOoTg==')
# print(signature)
key = RSA.import_key(open('C:/Users/jerry.dahlheimer/Desktop/temp project files/mis-86272 amazon pay v2/publicKey.pub').read())
h = SHA256.new(message)
verifier = pss.new(key,salt_bytes=20)
try:
verifier.verify(h, signature)
print("The signature is authentic.")
except (ValueError, TypeError):
print ("The signature is not authentic.")
Code:
// header specifications
/Include qcpysrc,copyhspec
ctl-opt bnddir('BASE64');
// include procedure definitions
/Include qcpysrc,copyallprc
/Include qcpysrc,copypsds
/copy qrpgsrc,base64_h
/COPY QSYSINC/QRPGLESRC,QUSEC
/COPY QSYSINC/QRPGLESRC,QC3CCI
dcl-c HASH_ALGORITHM_SHA256 3;
dcl-c CRYPTO_ALGORITHM_RSA 50;
Dcl-C ANY_CSP '0';
dcl-ds t_ALGD0400 len(12) qualified template;
publicKeyCipherAlgorithm int(10) pos(1);
pkaBlockFormat char(1) pos(5);
signingHashAlgorithm int(10) pos(9);
end-ds;
dcl-ds t_KEYD0400 len(56) qualified template;
keystoreFile char(10);
keystoreLibrary char(10);
recordLabel char(32);
end-ds;
dcl-pr Qc3CalculateSignature extproc(*dclcase);
inputData char(30000) options(*varsize) const;
inputDataLength int(10) const;
inputDataFormat char(8) const;
algorithmDescription char(32000) options(*varsize) const;
algorithmDescriptionFormat char(8) const;
keyDescription char(30000) options(*varsize) const;
keyDescriptionFormat char(8) const;
cryptoServiceProvider char(1) const;
cryptoDeviceName char(10) const;
signature char(512) ccsid(*hex) options(*varsize);
signatureLengthProvided int(10) const;
signatureLengthReturned int(10);
errorCode like(qusec);
end-pr;
Dcl-S publickey varchar(50);
Dcl-S privateKey varchar(2000);
dcl-s output varchar(52);
Dcl-S base64 char(3200);
dcl-S E@Encrypt char(2000);
dcl-s wwEncLen int(10);
dcl-s payload varchar(10000) ccsid(*hex);
dcl-ds keyDescription likeds(t_KEYD0400);
dcl-ds algorithmDescription likeds(t_ALGD0400);
dcl-s signature char(512) ccsid(*hex);
dcl-s signatureLength int(10);
keyDescription = *allx'00';
keyDescription.keystoreFile = 'TESTKEY';
keyDescription.keystoreLibrary = 'MISJD';
keyDescription.recordLabel = 'testkey';
algorithmDescription = *allx'00';
algorithmDescription.publicKeyCipherAlgorithm = CRYPTO_ALGORITHM_RSA;
algorithmDescription.pkaBlockFormat = '1';
algorithmDescription.signingHashAlgorithm = HASH_ALGORITHM_SHA256;
GetAttributes();
payload = 'test';
Qc3CalculateSignature(
payload :
%len(payload) :
'DATA0100' :
algorithmDescription :
'ALGD0400' :
keyDescription :
'KEYD0400' :
ANY_CSP :
'' :
signature :
%size(signature) :
signatureLength :
qusec
);
// output = signature;
// dsply output;
wwEncLen = base64_encode(%addr(signature)
: signatureLength
: %addr(base64)
: %size(base64));
E@Encrypt = %subst(base64:1:wwEncLen);
Exec Sql
Set Option Commit = *None;
Exec Sql
Insert Into Holdxml
Values
(Trim(:E@encrypt));
*inlr = *on;
return;
Dcl-Proc GetAttributes;
Exec Sql
Select Trim(Appubkey),
Trim(Apprivkey)
Into :Publickey,
:Privatekey
From Amzpayf01
Fetch First Row Only;
End-Proc;
Comment