MD5 signature creation

Question

User-284642143 posted

Im trying to build a MD5 signature hexadecimal value (32 chars long) from a set of fields. I used this code https://stackoverflow.com/questions/20750062/what-is-meaning-of-tostringx2

public string CalculateMD5Hash(string input)
{

// Primeiro passo, calcular o MD5 hash a partir da string
MD5 md5 = System.Security.Cryptography.MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
byte[] hash = md5.ComputeHash(inputBytes);

// Segundo passo, converter o array de bytes em uma string haxadecimal
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
sb.Append(hash[i].ToString("X2"));
}
return sb.ToString();
}

Which doesnt work. I changed X2 to X which according to that thread is a single hex but still doesnt work. Never really used Crytography but would anyone know how/what to change?

Answer 1

User753101303 posted

Hi,

It should convert each byte to its hexadecimal representation to show a "human readable" value (ie something like 10AF45A6 etc...)

You try to create this MD5 value for which kind of string? I would use Unicode (or UTF8 ?) rather than ASCII. Rather than "doesn't work" tell us what happens. If this is not a runtime error you could give us a test string with the output you get and the one you expect.

Edit: you could use https://en.wikipedia.org/wiki/MD5#MD5_hashes for testing if you get the same output. Not sure what you want to do if this is not an ASCII string

Answer 2

User-284642143 posted

I tried changing to Unicode but same issue.

In short im trying to send my form to a payment provider. I obtain a few fields and then have to encrypt them in MD5. Just in case i misinterpret the requirement, here is the link i am following http://support.worldpay.com/support/kb/bg/htmlredirect/htmlredirect.htm?_ga=2.213491860.1063996753.1551262171-2020011060.1551262171#rhtml/Enhancing_security_with_MD5.htm%3FTocPath%3D_____10 

Under "If you use a bespoke setup" point 5, is what im trying to do. The error is the MD5 could not be verified when landing on the payment page.

Answer 3

User753101303 posted

Try perhaps x2 (not X2) to get a result with lowercase values as shown in their documentation.

"MD5 could not be verified" sounds rather like it can't be checked rather than a signature that doesn't match ? You defined a "secret" in their portal as suggested by the documentation ?

I tried with their Lions&2Tigers&3Panthers:123.00:GBP:ABC123 string but for now I don't find the signature found later in their doc. If using "The quick brown fox jumps over the lazy dog" I do get the expected hash shown on the wikipedia page.

For now you don't have any non ASCII character including in your secret ?

Answer 4

User-284642143 posted
I'm sure I don't, it's just special characters, numbers. Only thing I might have done wrong is maybe have a space somewhere in the string. I will test this theory and report back.

Answer 5

User-284642143 posted

I managed to get the MD5 for "The quick brown fox jumps over the lazy dog" as 9e107d9d372bb6826bd81d3542a419d6.

I tried using this same method but same error for the transaction.

Reading the above link, i decided to see what happens if i MD5 "Lions&2Tigers&3Panthers:123.00:GBP:ABC123" i ASSUMED the value i would be looking for is 58e41db32a6f2ff9c3c96eea6583ffbd but the value produced was completely different.

I dont know if the value is random on their site, but will play around to see if i can generate the same hash in case that resolves it but welcome any further ideas.

Answer 6

User753101303 posted

Try again maybe with multiple encoding (Unicode, UTF8 etc...) but IMO they are not using a value that matches.

You found this error message in the doc? I'm not sure if it means that the MD5 value is wrong or if for some reason it couldn't check the signature (not sent or apparently you have to configure the list of fields you want to hash you just must make sure you post the exact same values with the same exact field names etc...)

If you can what if you try with a single field for a start ?

Answer 7

User-284642143 posted

Finally got it working!!

The problem could have been a combination of things and possibly the documentation not being correct or i didn't interpret in the way suggested.

1. I deleted all the fields and password and started afresh on their portal.
2. Re-entered one field with new password and tested - didnt work
3. Their description stated to use the password AS the instID with all parameters all being in order, this doesnt work in that manner.
4. I added the MD5 password first, THEN any fields i listed within their portal (of course updating my code to reflect the exact same fields. To me i was reading as if point 3 and 4 were related, but theyre not.

PatriceSC - Thanks for your help and getting me in the right direction. Cheers