XML Notifications Encryption

⟵ Back to XML Help

Some vendors want to ensure that XML requests are coming from us. There are a couple of ways to do this.

First, you can set up a username and password requirement on your end and include the information in the link to automatically log in.
For example: “https://user:password@server.mycompany.com/notification”

Second, We can also encrypt the XML when sending to you and you would have to decrypt it on your end before parsing. In order to have our system send encrypted XML notifications, you need to upload a passphrase file under your vendor account. The passphrase can be set to whatever encryption key you decide. Here is some more information regarding encrypted XML notifications:

If a file named XMLRegistrationKey.passphrase exists in the vendor’s file area, the contents of the file will form the pass phrase to encrypt the body of registration key requests.
If XMLOrderNotification.passphrase exists, it will be used to encrypt the body of the order notification request.

The encryption used is Blowfish/CBC/PKCS5Padding. The pass phrase is salted with 0x02,0x13,0x33,0x71,0xBA,0x96,0x54,0xAF. After encryption the body is Base64 encoded.

NOTE: When answering encrypted requests, the reply back should NOT be encrypted.

Example of decrypting the message body sent by BMT Micro:

import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

public class BMTBodyDecrypter {
    public static final String decrypt (String stPassPhrase, String stData) throws Exception {
        if (Security.getProvider ("BC") == null) {
            Security.addProvider (new org.bouncycastle.jce.provider.BouncyCastleProvider ());
            }
        final byte[] iv = { (byte)0x02, (byte)0x13, (byte)0x33, (byte)0x71, (byte)0xBA, (byte)0x96, (byte)0x54, (byte)0xAF };
        IvParameterSpec salt = new IvParameterSpec (iv);
        SecretKey skeySpec = new SecretKeySpec (stPassPhrase.getBytes (), "Blowfish");
        Cipher c = Cipher.getInstance ("Blowfish/CBC/PKCS5Padding", "BC");
        c.init (Cipher.DECRYPT_MODE, skeySpec, salt);
        return (new String (c.doFinal (Base64.decodeBase64 (stData.getBytes ()))));
        }
    } 


⟵ Back to XML Help

Skip to toolbar