MD5 Calculation

DIBS offers MD5-key control in order to secure that the data sent between your system and DIBS system has not been tampered with, due to communication errors, hacking or interfering malware. The control works for both the request from your system to DIBS and for the response from DIBS back to your system. As default the MD5-key control is optional, but can be made mandatory by activating the functionality in the DIBS Administration

You can find your md5 key pair in DIBS Admin in the following menu:

Integration / MD5 Keys

Description

Transfer to the DIBS server

FlexWin utilizes MD5-key control, and before calling it an MD5-key can be calculated by the shop based on critical parameters in the request as well as a set of private keys found in the DIBS Administration. When DIBS receives a request with an MD5-key, a corresponding calculation is done internally, and if the calculated key matches the received key, the request is approved, and otherwise rejected.

MD5 flow

  1. The shop calculates the MD5-key
  2. The MD5-key is sent as a parameter along with the call to FlexWin
  3. DIBS calculates the MD5-key with the same algorithm and compares the result to the key parsed in the call to Flexwin
  4. If the keys match, the payment is accepted (by DIBS), otherwise the payment is rejected

Keep in mind that the orderid must always be unique when using MD5 keys. 

Calculation algorithm

The following algorithm should be used when calculating the MD5-key for the request to FlexWin. In the algorithm, key1 and key2 denote the shop specific secret keys found in the DIBS administration, and parameters marked with *your* denotes the parameter values for the specific request.

md5key = MD5(key2 + MD5(key1 + merchant=<merchant>&orderid=<orderid>&‌currency=<currency>&amount=<amount>));

$parameter_string = '';
$parameter_string .= 'merchant=' . $yourMerchantID;
$parameter_string .= '&orderid=' . $yourOrderID;
$parameter_string .= '&currency=' . $yourCurrency;
$parameter_string .= '&amount=' . $yourAmount;

$md5key = MD5($key2 . MD5($key1 . $parameter_string) );
parameter_string = '';
parameter_string += 'merchant=' + yourMerchantID;
parameter_string += '&orderid=' + yourOrderID;
parameter_string += '&currency=' + yourCurrency;
parameter_string += '&amount=' + yourAmount;

md5key = MD5(key2 + MD5(key1 + parameter_string) );

Note: The Javascript example is meant for debugging purposes only, and the MD5 calculation should never be done on client side.

When using Split Auth the correct approach to amounts when calculating md5 and using split amounts should be:
given 3 amounts, amount1=10, amount2=100, and amount3=1000
use the following "amount part" for the string to calculate md5: amount=1110

Response from the DIBS server

If a transaction/ticket authroization is successfull a response to the accepturl (and if configured, also to the callbackurl and cancelurl) will be sent with an 'authkey' parameter. Depending on the transaction type the calculation is completed in one of two ways.

Authkey flow

  1. Before responding to the shop, DIBS will, depending on the transaction type, calculate the value of the 'authkey' using the algorithm below.
  2. When the shop has received the response, the same calculation of the 'authkey' should be done by the shop.
  3. If the key calculated by the shop and the key sent by DIBS doesn't match, the transaction should be rejected. Furthermore, if the returned transaction ID is not unique (a response has already been received for the transaction), the response should also be rejected.

Apart from authkey verification, it should be checked that the amount and currency matches the original order made using the order ID.

Calculation algorithm

The following algorithm should be used when calculating the authkey returned from Flexwin. In the algorithm, key1 and key2 denote the shop specific secret keys found in the DIBS administration, and parameters marked with *your* denotes the parameter values for the specific variable.

Please note that the when specifying the currency, it must be in the numeric format and if calcfee is used, the amount used to calculate the authkey should include the fee. See the ISO4217 standard for more information.

Normal transaction 'authkey' calculation:

$parameter_string = '';
$parameter_string .= 'transact=' . $yourTransactionID;
$parameter_string .= '&amount=' . $yourAmount;
$parameter_string .= '&currency=' . $yourCurrency;

$md5key = MD5($key2 . MD5($key1 . $parameter_string) );
parameter_string = '';
parameter_string += 'transact=' + yourTransactionID;
parameter_string += '&amount=' + yourAmount;
parameter_string += '&currency=' + yourCurrency;

md5key = MD5(key2 + MD5(key1 + parameter_string) );

Ticket transaction 'authkey' calculation:

$parameter_string = '';
$parameter_string .= 'transact=' . $yourTransactionID;
$parameter_string .= '&preauth=true';
$parameter_string .= '&currency=' . $yourCurrency;

$md5key = MD5($key2 . MD5($key1 . $parameter_string) );
parameter_string = '';
parameter_string += 'transact=' + yourTransactionID;
parameter_string += '&preauth=true';
parameter_string += '&currency=' + yourCurrency;

md5key = MD5(key2 + MD5(key1 + parameter_string) );

Note: When using the calcfee functionality, the amount value must be set to the sum of the base amount and the fee.

The Javascript examples are meant for debugging purposes only, and the MD5 calculation should never be done on client side.

 

 

Examples

Consider the following call to FlexWin.

<FORM NAME="RedirForm" ACTION="https://payment.architrade.com/paymentweb/start.action" METHOD="POST" CHARSET="UTF-8">
    <input type="hidden" name="merchant" value="90000001" />
    <input type="hidden" name="amount" value="100" />
    <input type="hidden" name="accepturl" value="https://www.yourSecurePage.com/accept.pml" />
    <input type="hidden" name="orderid" value="12345678" />
    <input type="hidden" name="currency" value="208" />
    <input type="hidden" name="md5key" value="158a668ebc50d3c2fe1a393692a883f3" />
</FORM>

The MD5-keys for the calculations are:

k1 = Gh0VOYNRW5?F%vCqt}BR~lPMrk4VT&o6
k2 = -UbXVIo#n8~~1GO~vr;}XG_1{qu21Gc2

The calculations of the "md5key" value is as follows. First of all the string from the parameter values is created:

parameterString = merchant=90000001&orderid=12345678&currency=208&amount=100

Next the first MD5 hash calculation is made:

innerMD5 = MD5(k1 + parameterString)
innerMD5 = MD5('Gh0VOYNRW5?F%vCqt}BR~lPMrk4VT&o6merchant=90000001&orderid=12345678&currency=208&amount=100')
innerMD5 = c3caca2a1b3029bde0449936e5078a04

The second MD5 hash calculation is now completed:

md5key = MD5(k2 + innerMD5)
md5key = MD5('-UbXVIo#n8~~1GO~vr;}XG_1{qu21Gc2c3caca2a1b3029bde0449936e5078a04')
md5key = 158a668ebc50d3c2fe1a393692a883f3

Thus calculating the 'md5key' for a normal transaction through a hosted solution.

The following transaction call is made to FlexWin.

<FORM NAME="RedirForm" ACTION="https://payment.architrade.com/paymentweb/start.action" METHOD="POST" CHARSET="UTF-8">
    <input type="hidden" name="merchant" value="90000001" />
    <input type="hidden" name="amount" value="100" />
    <input type="hidden" name="accepturl" value="https://www.yourSecurePage.com/accept.pml" />
    <input type="hidden" name="orderid" value="12345678" />
    <input type="hidden" name="currency" value="208" />
    <input type="hidden" name="md5key" value="158a668ebc50d3c2fe1a393692a883f3" />
</FORM>

Consider the following response data.

data = approvalcode=123456&transact=760478797&authkey=9635f527c1115d32ff1148214dd8a80f

The MD5 keys for the calculations are:

k1 = Gh0VOYNRW5?F%vCqt}BR~lPMrk4VT&o6
k2 = -UbXVIo#n8~~1GO~vr;}XG_1{qu21Gc2

The calculations of the "authkey" value is as follows. First the string from the parameter values is created:

parameterString = transact=760478797&amount=100&currency=208

Next the first MD5 hash calculation is made:

innerMD5 = MD5(k1 + parameterString)
innerMD5 = MD5('Gh0VOYNRW5?F%vCqt}BR~lPMrk4VT&o6transact=760478797&amount=100&currency=208')
innerMD5 = 236289e528d625e82cfd70bf0a5b707a

The second MD5 hash calculation is now completed:

authkey = MD5(k2 + innerMD5)
authkey = MD5('-UbXVIo#n8~~1GO~vr;}XG_1{qu21Gc2236289e528d625e82cfd70bf0a5b707a')
authkey = 9635f527c1115d32ff1148214dd8a80f

Thus calculating the 'authkey' for a normal transaction through a hosted solution.

The following transaction call is made to FlexWin.

<FORM NAME="RedirForm" ACTION="https://payment.architrade.com/paymentweb/start.action" METHOD="POST" CHARSET="UTF-8">
    <input type="hidden" name="merchant" value="90000001" />
    <input type="hidden" name="amount" value="100" />
    <input type="hidden" name="accepturl" value="https://www.yourSecurePage.com/accept.pml" />
    <input type="hidden" name="orderid" value="12345678" />
    <input type="hidden" name="currency" value="208" />
    <input type="hidden" name="preauth" value="208" />
    <input type="hidden" name="md5key" value="158a668ebc50d3c2fe1a393692a883f3" />
</FORM>

Consider the following response data.

data = approvalcode=123456&transact=760478797&authkey=17c3092efdda67472bd75a11f5d25a30

The MD5 keys for the calculations are:

k1 = Gh0VOYNRW5?F%vCqt}BR~lPMrk4VT&o6
k2 = -UbXVIo#n8~~1GO~vr;}XG_1{qu21Gc2

The calculations of the "authkey" value is as follows. First the string from the parameter values is created:

parameterString = transact=760478797&preauth=true&currency=208

Next the first MD5 hash calculation is made:

innerMD5 = MD5(k1 + parameterString)
innerMD5 = MD5('Gh0VOYNRW5?F%vCqt}BR~lPMrk4VT&o6transact=760478797&preauth=true&currency=208')
innerMD5 = ade2798bc8c6337e48b51224e9c5783c

The second MD5 hash calculation is now completed:

authkey = MD5(k2 + innerMD5)
authkey = MD5('-UbXVIo#n8~~1GO~vr;}XG_1{qu21Gc2ade2798bc8c6337e48b51224e9c5783c')
authkey = 17c3092efdda67472bd75a11f5d25a30

Thus calculating the 'authkey' for a ticket transaction through a hosted solution.

Calculation tool

Use this tool to test your md5 calculation -- Under construction

Do you have a question or need help?
Follow us
DIBS Payment Services
Stockholm +46 (0)8-527 525 00
Göteborg +46 031-600 800
København +45 7020 3077
Oslo +47 21 55 44 00