MIGS VPC Integration E5000: Cannot form a matching secure hash based on the merchant's request using either of the two merchant's secrets

Question

I am using Migs Virtual Payment Client Integration and Using 2-Party (API method).

Error : E5000: Cannot form a matching secure hash based on the merchant's request using either of the two merchant's secrets

In the Reference Guide it is Stated to use HMac Sha256 for Generating a SecureHash Parameter that is sent in the Request and MIGS will Decode that request accordingly.

Questions :

a) I want to know that the Request i am creating is proper or not (i.e All the Parameters which are passed are in correct order).

b) Also let me know that if i am missing Some Parameters to send in the Request to create SecureHash and in Final Request.

c) Also check the functions that are used for generating the SecureHash are proper or not.

Please let me know if i am doing some Mistake .

Below are the Related Details.

1) Request to generate SecureHash :"vpc_AccessCode=XXXXXXXX&vpc_Amount=100&vpc_CardExp=1810&vpc_CardNum=5313581000123430&vpc_Command=pay&vpc_MerchTxnRef=TC_2014712466141&vpc_Merchant=TESTMXXXXXXXX&vpc_OrderInfo=TC_2014712466141&vpc_Version=1"

2) Demo SecureHashSecret = "CD14026NOT5E91GG5D1MOM4972440CDE"

3) SECURE Hash generated from Above Request and SecureHashSecret

"CCD0D0113315403E375791E99AFA3F8906EE47C0ED6818464368420048DC541E"

4) Test URL : "https://migs.mastercard.com.au/vpcdps"

5) Final Request to Send on above URL

"vpc_AccessCode=XXXXXXXX&vpc_Amount=100&vpc_CardExp=1310&vpc_CardNum=5313581000123430&vpc_Command=pay&vpc_MerchTxnRef=TC_2014712466141&vpc_Merchant=TESTMXXXXXXXX&vpc_OrderInfo=TC_2014712466141&vpc_Version=1&vpc_SecureHash=CCD0D0113315403E375791E99AFA3F8906EE47C0ED6818464368420048DC541E&vpc_SecureHashType=SHA256"

6) I am using the Below Code For Sending the Request and Getting the Response.

System.Net.WebClient webClient = new System.Net.WebClient();

        webClient.Headers.Add("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");

        byte[] response = webClient.UploadData(hfVirtualPaymentClientURL.Value.Trim(), "POST", Encoding.ASCII.GetBytes(strRequest));



        string responseData = System.Text.Encoding.ASCII.GetString(response, 0, response.Length);

7) Functions used to Generate SecureHash

public static string ToHMACSHA256(string input, string key)

{

    ASCIIEncoding encoding = new ASCIIEncoding();

    byte[] keyByte = encoding.GetBytes(key);

    byte[] inputBytes = encoding.GetBytes(input);

    HMACSHA256 hmacsha256 = new HMACSHA256(keyByte);

    byte[] hashmessage;

    hashmessage = hmacsha256.ComputeHash(inputBytes); 

    return ByteToString(hashmessage);

}

private static string ByteToString(byte[] buff)

{

    string sbinary = "";

    for (int i = 0; i < buff.Length; i++)
      { 
          sbinary += buff[i].ToString("X2"); // hex format
      }

    return (sbinary);

}

Please get me the Solutions for the Above Error Asap. Thanks in Advance

Thanks & Regards

Sunny Pathai

Deny [Uncheck] the "Enforce Secure Hash" Setting from the Account to by pass the Hashing. and use the Latest Test Cards. old Test cards are not working — Sunny Pathai, Jan 31 '15 at 06:40
I am getting the same issue, have you resolved the issue ? I am trying to do using python and there is no any document is available to refer for changing md5 to sha256 — Jeenit khatri, Nov 18 '16 at 12:07

score 2 · Answer 1 · edited May 23 '17 at 11:45

I'm getting the same issue in PHP, but I successfully correct it.

The error seems to occurred because of an error while hashing my datas.
=> see capturing error messages from migs payment

To correct the issue, I use these class https://github.com/Tmeister/banamexgateway/blob/master/VPCPaymentConnection.php
(and you have to import this one too to in your lib https://github.com/Tmeister/banamexgateway/blob/master/PaymentCodesHelper.php)

$conn = new VPCPaymentConnection();
$secureSecret = '';
// Set the Secure Hash Secret used by the VPC connection object
$conn->setSecureSecret($secureSecret);
// Instanciate your VPC post data
$paymentdata = array(
    "vpc_AccessCode" => '',
    "vpc_Amount" => '',
    "vpc_Command" => '',
    "vpc_Locale" => '',
    "vpc_MerchTxnRef" => '',
    "vpc_Merchant" => '',
    "vpc_OrderInfo" =>'',
    "vpc_ReturnURL" => '',
    "vpc_Version" => ''
);
// Add VPC post data to the Digital Order
foreach ($paymentdata as $key => $value) {
    $conn->addDigitalOrderField($key, $value);
}
// Obtain a one-way hash of the Digital Order data and add this to the Digital Order
$secureHash = $conn->hashAllFields();
$conn->addDigitalOrderField("vpc_SecureHash", $secureHash);
$conn->addDigitalOrderField("vpc_SecureHashType", "SHA256");
// Obtain the redirection URL and redirect the web browser
$link_to_mastercard = $conn->getDigitalOrder('https://migs.mastercard.com.au/vpcpay');

score 0 · Answer 2 · answered Jan 31 '15 at 06:42

0

Deny [Uncheck] the "Enforce Secure Hash" Setting from the Account to by pass the Hashing. and use the Latest Test Cards. old Test cards are not working

answered Jan 31 '15 at 06:42

Sunny Pathai

53
1
1
7

This can be a security risk as the purpose of checking the secure hash is to validate the "digital signature". – Kenston Choi Dec 07 '17 at 07:49

MIGS VPC Integration E5000: Cannot form a matching secure hash based on the merchant's request using either of the two merchant's secrets

2 Answers2