YetAnotherForum
Welcome Guest Search | Active Topics | Log In | Register

verify_sign Options
Previous Topic · Next Topic
mcppdev
#1 Posted : Wednesday, February 05, 2003 1:18:01 AM
Rank: Starting Member

Groups: Registered

Joined: 2/5/2003
Posts: 1
Location: ,
I have read in the on-line IPN pages and the PDF documentation that one should consider validating the "verify_sign" information that is posted with each IPN. After sending an e-mail to support and being redirected to this message board, I have still not found any information about this. Similarly, I was unable to find how to do this after following the suggestion to check out the Verisign links (I found a link to "get a test certificate" not how to "test a certificate") Has anyone out there used the "verify_sign" information?
Back to top
WWW  Report Abusive | Report SPAM
Sponsor  
 
Back to top  
paypal_pb
#2 Posted : Wednesday, February 05, 2003 4:46:10 AM
Rank: Starting Member

Groups: Registered

Joined: 9/16/2002
Posts: 2,960
Location: ,
Our sample code handles it: https://www.paypal.com/ipn

Patrick Breitenbach
PayPal, Inc.
Dev Net: https://www.paypal.com/pdn
Back to top
WWW  Report Abusive | Report SPAM
Rick2000
#3 Posted : Friday, February 07, 2003 5:01:44 AM
Rank: Starting Member

Groups: Registered

Joined: 2/7/2003
Posts: 3
Location: ,
No one at Paypal has been able to answer this question. As I see it, none of the code examples actually verify the 'verify_sign' parameter. For this, Verisign's public key is needed, and I have asked time an again to Paypal and to Verisign, where to find this key, but I keep getting erratic answers. Once we have that public key file, then using appropriate tools, it can be done.

Theoretically, the transaction id is what should be included in this field, encrypted with Paypal's private key. However, the manual says that it is actually Paypal's certificate, encrypted with Verign's private key. So I don't know how useful this could be.

However, in order to proceed as the manual says, we MUST have the file that contains Verisign's public key. As I understand it, this should be Verisign's digital certificate.

So, is there some Internet guru at Paypal willing to tell us where we can find Verisign's digital certificate?



Rick
Back to top
WWW  Report Abusive | Report SPAM
djo
#4 Posted : Friday, February 07, 2003 11:42:56 AM
Rank: Starting Member

Groups: Registered

Joined: 12/17/2002
Posts: 11
Location: ,
I asked this question a while ago (before I registered):

http://www.paypaldev.org...SearchTerms=verify_sign

and, as you can read, I got nowhere.
Back to top
WWW  Report Abusive | Report SPAM
paypal_pb
#5 Posted : Friday, February 07, 2003 5:02:03 PM
Rank: Starting Member

Groups: Registered

Joined: 9/16/2002
Posts: 2,960
Location: ,
The verify_sign is unrelated to Verisign or other SSL certificates.

Verifying SSL certs is extremely involved and very difficult to find information on. Some environments (Java 1.4 is the only one I know) perform it automatically.

Patrick Breitenbach
PayPal, Inc.
Dev Net: https://www.paypal.com/pdn
Back to top
WWW  Report Abusive | Report SPAM
Rick2000
#6 Posted : Friday, February 07, 2003 5:57:20 PM
Rank: Starting Member

Groups: Registered

Joined: 2/7/2003
Posts: 3
Location: ,
"A certificate is issued by a certificate authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting and decrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticated users can look up other users' public keys."

Taken from http://www.imagic.com.au...ommerce.htm#certificate

No doubt, the digital certificate CONTAINS the public key. There is a library in PHP (experimental) that can extract public keys from digital certificates, and also decrypt and encrypt using private/public keys. I'm almost sure that there are similar tools that can do this in a variety of environments.

In my view, our task now is to find Verign's public key, as the IPN manual states, and that public key is contained in Verisign's digital certificate.


Rick
Back to top
WWW  Report Abusive | Report SPAM
mauricioprado00
#7 Posted : Monday, January 03, 2011 1:17:50 PM
Rank: Starting Member

Groups: Registered

Joined: 1/3/2011
Posts: 1
Location: villa carlos paz
as patrick says:
[quote=paypal_pb]Our sample code handles it: https://www.paypal.com/ipn

Patrick Breitenbach
PayPal, Inc.
Dev Net: https://www.paypal.com/pdn[/quote]


the sample code validate this signature, by doing the callback to ssl://www.paypal.com:443/
(https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=developer/library_code_ipn_code_samples)
its there where the verify_sign its verified, you must do nothing but check that the return says "VERIFIED"



https://cms.paypal.com/c...developer/IPN_PHP_41.txt
Back to top
 Report Abusive | Report SPAM | Edit by user: Monday, January 03, 2011 1:18 PM | Reason: add link
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

YAFVision Theme by Jaben Cargman (Tiny Gecko)
Powered by YAF | YAF © 2003-2009, Yet Another Forum.NET
This page was generated in 0.359 seconds.