Generating HMAC-SHA512 Fingerprint

> Le 22 févr. 2019 à 14:00, Mike Ealy <[hidden email]> a écrit :
>
> Hi All,
>
> Authorize.net is ending the life of HMAC-MD5 and moving to HMAC-SHA512. What
> are my options for generating a fingerprint from HMAC-SHA512 using Lasso 8
> on a Mac running OS 10.11?
>
> I have been using Authorize.net's Server Integration Method (SIM) for years
> now. That means I collect some information about my customer (name, address,
> etc.) and then pass the transaction to Authorize where credit card details
> are entered. Upon successfully charging the card (or not), Authorize passes
> the transaction back to my site where I take over again.
>
> In order to continue connecting with Authorize in this way, I need to
> upgrade the transaction fingerprint so that it uses HMAC-SHA512 instead of
> HMAC-MD5. I've been using the Lasso Encrypt_HMAC tag as follows.
>
> [var:'x_fp_hash'=(Encrypt_HMAC: $transactionkey, $x_login + '^' +
> $x_fp_sequence + '^' + ($utc_timestamp) + '^' + $x_amount + '^', -cram)]
>
> I know I've been procrastinating this move, but Authorize.net has stopped
> extending this rollout and is finally bringing HMAC-MD5 to a close. Mac OS
> 10.11 does support TLSv1.2 so I there may be a possible solution with
> os_process and curl.
>
> Steve Piercy wrote:
>> Lasso 8 can use TLS v1.2. Use os_process and shell
>> to invoke curl, and the operating system must
>> support TLS v1.2.  My AuthorizeNet_AIM tag supports it.
>> It's easy, and the benefits in security and ease
>> of use of curl are totally worth it.
>
> I read Steve's github for implementing AuthorizeNet_AIM at
> https://github.com/stevepiercy/AuthorizeNet_AIM , but I'm not sure how to
> put all these pieces in place to get it working. Since I'm using SIM instead
> of AIM will Steve's tag even work for me? I'll keep at it but in the
> meantime, if someone could point me in the right direction I would certainly
> appreciate it.
>
> Thanks,
> Mike Ealy
>
>
>
>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

>Hi All,
>
>Authorize.net is ending the life of HMAC-MD5 and moving to HMAC-SHA512. What
>are my options for generating a fingerprint from HMAC-SHA512 using Lasso 8
>on a Mac running OS 10.11?
>
>I have been using Authorize.net's Server Integration Method (SIM) for years
>now. That means I collect some information about my customer (name, address,
>etc.) and then pass the transaction to Authorize where credit card details
>are entered. Upon successfully charging the card (or not), Authorize passes
>the transaction back to my site where I take over again.
>
>In order to continue connecting with Authorize in this way, I need to
>upgrade the transaction fingerprint so that it uses HMAC-SHA512 instead of
>HMAC-MD5. I've been using the Lasso Encrypt_HMAC tag as follows.
>
>[var:'x_fp_hash'=(Encrypt_HMAC: $transactionkey, $x_login + '^' +
>$x_fp_sequence + '^' + ($utc_timestamp) + '^' + $x_amount + '^', -cram)]
>
>I know I've been procrastinating this move, but Authorize.net has stopped
>extending this rollout and is finally bringing HMAC-MD5 to a close. Mac OS
>10.11 does support TLSv1.2 so I there may be a possible solution with
>os_process and curl.
>
>Steve Piercy wrote:
>>Lasso 8 can use TLS v1.2. Use os_process and shell
>>to invoke curl, and the operating system must
>>support TLS v1.2.  My AuthorizeNet_AIM tag supports it.
>>It's easy, and the benefits in security and ease
>>of use of curl are totally worth it.
>
>I read Steve's github for implementing AuthorizeNet_AIM at
>https://github.com/stevepiercy/AuthorizeNet_AIM , but I'm not sure how to
>put all these pieces in place to get it working. Since I'm using SIM instead
>of AIM will Steve's tag even work for me? I'll keep at it but in the
>meantime, if someone could point me in the right direction I would certainly
>appreciate it.
>
>Thanks,
>Mike Ealy
>
>
>
>
>
>#############################################################
>
>This message is sent to you because you are subscribed to
>the mailing list Lasso [hidden email]
>Official list archives available at http://www.lassotalk.com
>To unsubscribe, E-mail to: <[hidden email]>
>Send administrative queries to  <[hidden email]>

> My AIM tag has nothing to do with SIM.  They're totally
> different methods.  The only thing they share in common is that
> Authorize.net deprecated both.
>
> https://developer.authorize.net/api/upgrade_guide/
>
> If you ignore that advice, you can try to hobble along to get
> your SIM method to work.
>
> First check available ciphers with `openssl dgst --help`.
>
> If HMAC-SHA512 is not listed, or the command does not run, then
> you need to install a more recent version of openssl, preferably
> via brew.
>
> Next try `echo 'string_to_hash' | openssl dgst -sha512`.  It
> should output a hash.  Note it for comparison later.
>
> Nest install [shell] and configure os_process (which the
> Language Guide thoroughly documents).
>
> After you've got that all set up, then this will get you a hash.
>
>      #hash = shell('echo -n ' + #string_to_hash + ' |
> /path/to/openssl dgst -sha512')
>
> --steve
>
>
> On 2/22/19 at 8:00 AM, [hidden email] (Mike Ealy) pronounced:
>
>> Hi All,
>>
>> Authorize.net is ending the life of HMAC-MD5 and moving to HMAC-SHA512. What
>> are my options for generating a fingerprint from HMAC-SHA512 using Lasso 8
>> on a Mac running OS 10.11?
>>
>> I have been using Authorize.net's Server Integration Method (SIM) for years
>> now. That means I collect some information about my customer (name, address,
>> etc.) and then pass the transaction to Authorize where credit card details
>> are entered. Upon successfully charging the card (or not), Authorize passes
>> the transaction back to my site where I take over again.
>>
>> In order to continue connecting with Authorize in this way, I need to
>> upgrade the transaction fingerprint so that it uses HMAC-SHA512 instead of
>> HMAC-MD5. I've been using the Lasso Encrypt_HMAC tag as follows.
>>
>> [var:'x_fp_hash'=(Encrypt_HMAC: $transactionkey, $x_login + '^' +
>> $x_fp_sequence + '^' + ($utc_timestamp) + '^' + $x_amount + '^', -cram)]
>>
>> I know I've been procrastinating this move, but Authorize.net has stopped
>> extending this rollout and is finally bringing HMAC-MD5 to a close. Mac OS
>> 10.11 does support TLSv1.2 so I there may be a possible solution with
>> os_process and curl.
>>
>> Steve Piercy wrote:
>>> Lasso 8 can use TLS v1.2. Use os_process and shell
>>> to invoke curl, and the operating system must
>>> support TLS v1.2.  My AuthorizeNet_AIM tag supports it.
>>> It's easy, and the benefits in security and ease
>>> of use of curl are totally worth it.
>>
>> I read Steve's github for implementing AuthorizeNet_AIM at
>> https://github.com/stevepiercy/AuthorizeNet_AIM , but I'm not sure how to
>> put all these pieces in place to get it working. Since I'm using SIM instead
>> of AIM will Steve's tag even work for me? I'll keep at it but in the
>> meantime, if someone could point me in the right direction I would certainly
>> appreciate it.
>>
>> Thanks,
>> Mike Ealy
>>
>>
>>
>>
>>
>> #############################################################
>>
>> This message is sent to you because you are subscribed to
>> the mailing list Lasso [hidden email]
>> Official list archives available at http://www.lassotalk.com
>> To unsubscribe, E-mail to: <[hidden email]>
>> Send administrative queries to  <[hidden email]>
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Steve Piercy              Website Builder              Eugene, OR
> <[hidden email]>               <http://www.stevepiercy.com/>
>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>   the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

>I was able to create an -sha512 hash using your guidance. Thanks Steve! I'll
>try to move to the Accept Hosted option with Authorize. Seems over my head
>at first look. I'm going to try to stick with the payment form hosted by
>Authorize where they will pass the transaction back to my site after
>processing the cc. Advice from anyone who has implemented the Accept Hosted
>option with Lasso 8 would be appreciated.
>
>Mike
>
>
>
>>My AIM tag has nothing to do with SIM.  They're totally
>>different methods.  The only thing they share in common is that
>>Authorize.net deprecated both.
>>
>>https://developer.authorize.net/api/upgrade_guide/
>>
>>If you ignore that advice, you can try to hobble along to get
>>your SIM method to work.
>>
>>First check available ciphers with `openssl dgst --help`.
>>
>>If HMAC-SHA512 is not listed, or the command does not run, then
>>you need to install a more recent version of openssl, preferably
>>via brew.
>>
>>Next try `echo 'string_to_hash' | openssl dgst -sha512`.  It
>>should output a hash.  Note it for comparison later.
>>
>>Nest install [shell] and configure os_process (which the
>>Language Guide thoroughly documents).
>>
>>After you've got that all set up, then this will get you a hash.
>>
>>#hash = shell('echo -n ' + #string_to_hash + ' |
>>/path/to/openssl dgst -sha512')
>>
>>--steve
>>
>>
>>On 2/22/19 at 8:00 AM, [hidden email] (Mike Ealy) pronounced:
>>
>>> Hi All,
>>>   Authorize.net is ending the life of HMAC-MD5 and moving to
>>>HMAC-SHA512. What
>>> are my options for generating a fingerprint from HMAC-SHA512 using Lasso 8
>>> on a Mac running OS 10.11?
>>>   I have been using Authorize.net's Server Integration
>>>Method (SIM) for years
>>> now. That means I collect some information about my customer (name, address,
>>> etc.) and then pass the transaction to Authorize where credit card details
>>> are entered. Upon successfully charging the card (or not), Authorize passes
>>> the transaction back to my site where I take over again.
>>>   In order to continue connecting with Authorize in this
>>>way, I need to
>>> upgrade the transaction fingerprint so that it uses HMAC-SHA512 instead of
>>> HMAC-MD5. I've been using the Lasso Encrypt_HMAC tag as follows.
>>>   [var:'x_fp_hash'=(Encrypt_HMAC: $transactionkey, $x_login
>>>+ '^' +
>>> $x_fp_sequence + '^' + ($utc_timestamp) + '^' + $x_amount + '^', -cram)]
>>>   I know I've been procrastinating this move, but
>>>Authorize.net has stopped
>>> extending this rollout and is finally bringing HMAC-MD5 to a close. Mac OS
>>> 10.11 does support TLSv1.2 so I there may be a possible solution with
>>> os_process and curl.
>>>   Steve Piercy wrote:
>>>> Lasso 8 can use TLS v1.2. Use os_process and shell
>>>> to invoke curl, and the operating system must
>>>> support TLS v1.2.  My AuthorizeNet_AIM tag supports it.
>>>> It's easy, and the benefits in security and ease
>>>> of use of curl are totally worth it.
>>>   I read Steve's github for implementing AuthorizeNet_AIM at
>>> https://github.com/stevepiercy/AuthorizeNet_AIM , but I'm not sure how to
>>> put all these pieces in place to get it working. Since I'm using SIM instead
>>> of AIM will Steve's tag even work for me? I'll keep at it but in the
>>> meantime, if someone could point me in the right direction I would certainly
>>> appreciate it.
>>>   Thanks,
>>> Mike Ealy
>>>       #############################################################
>>>   This message is sent to you because you are subscribed to
>>> the mailing list Lasso [hidden email]
>>> Official list archives available at http://www.lassotalk.com
>>> To unsubscribe, E-mail to: <[hidden email]>
>>> Send administrative queries to  <[hidden email]>
>>
>>-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>>Steve Piercy              Website Builder              Eugene, OR
>><[hidden email]>               <http://www.stevepiercy.com/>
>>
>>
>>#############################################################
>>
>>This message is sent to you because you are subscribed to
>>the mailing list Lasso [hidden email]
>>Official list archives available at http://www.lassotalk.com
>>To unsubscribe, E-mail to: <[hidden email]>
>>Send administrative queries to  <[hidden email]>
>
>
>
>#############################################################
>
>This message is sent to you because you are subscribed to
>the mailing list Lasso [hidden email]
>Official list archives available at http://www.lassotalk.com
>To unsubscribe, E-mail to: <[hidden email]>
>Send administrative queries to  <[hidden email]>