• caglararli@hotmail.com
  • 05386281520

Payment Gateway rejecting Digitally Signed Payment Message

Payment Gateway rejecting Digitally Signed Payment Message

I am new to digital signatures. I read many problem statements, solutions, and documents but nothing came to my rescue.

Payment Message (Text) needs to be digitally signed with the following specs as per the payment system mandate.

  1. The hash algorithm used is SHA-256 algorithm.
  2. The signature should be generated in PKCS7 format.
  3. The signature should be detached signature.
  4. There should be serial no. existing in the signature.
  5. Signature should be included between the tag -----BEGIN PKCS7----- and -----END PKCS7-----.
  6. Each line should have a maximum of 64 bytes.
  7. \n should be used as End-of-line.

Payment Message being sent to gateway is Payment Message + Signature attached at the end in one single message transmitted via MQ

When the existing system signs the message, it is accepted by Payment System Gateway but when I try to do the same, it always fails in verification. We have been given a PFX file as input from the client and a relevant password which is valid. Using this PFX file, the existing system signs the message and is successful but then it always fails when I generate a digital signature and send it across.

I used OpenSSL commands

openssl dgst -sha256 -out hashfile inputpaymsg.txt 
openssl smime -sign -in hashfile -out output.p7s -signer certificate.pem -inkey private_key.pem -outform PEM -noattr earlier generated certificate.pem, private_key.pem

but I am not able to match the signature for a given input which is seen in the successful existing system message.

One difference I saw is that when I use openssl asn1parse on the digital signature which is accepted by Payment System generated by the existing system I see "md5" instead of "sha256".

                                SEQUENCE
   30:d=5  hl=2 l=   8 prim:    OBJECT            :md5
   40:d=5  hl=2 l=   0 prim:    NULL
   42:d=3  hl=2 l=  11 cons:    SEQUENCE
   44:d=4  hl=2 l=   9 prim:    OBJECT            :pkcs7-data

Tried hashing with md5 but still, it shows SHA256 only and is not matching with the signature as I see in the message sent by the existing system.

Would appreciate it if someone can give me step-by-step openssl commands via which I can use the PFX file and input text messages and generate digital signatures like existing system might be generating.