Related to my last question i have a new one.
What is a safer way to send encrypted data via https.
using signAndEncrypt function with openssl_pkcs7_encrypt and send return array via form element...
$encryptedData = "-----BEGIN PKCS7-----" . str_replace("\n", "", <br/> $encryptedDataReturn['encrypted_data']) ."-----END PKCS7-----"; $encryptedRequest=<<<PPHTML <html> <header> </header> <body onload="document.getElementById('paypal_form').submit();"> <br/><br/><br/><br/> <center> <h2>Please wait, your order is being processed and you will be redirected to the paypal website. </h2> </center> <form id="paypal_form" method="POST" action="{$this->gatewayUrl}"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="encrypted" value="$encryptedData"> </form> </body> </html>PPHTML;
or using curl like this
2.
$curlOptions = array (
CURLOPT_URL => Config::MERCHANT_SANDBOX_SIGNATURE_ENDPOINT,
CURLOPT_VERBOSE => 1,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_CAINFO => $this->publicCertificate,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_POST => 1,
CURLOPT_HEADER => true,
CURLOPT_POSTFIELDS => http_build_query($data)
);
$ch = curl_init();
curl_setopt_array($ch,$curlOptions);
//Sending our request - $response will hold the API response
$response = curl_exec($ch);
I'am trying to find the safest way to send data to the paypal api.
First i mixed both of the functions, and added the encrypted nvp to the CURLOPT_POSTFIELDS. But that gave me a bunch of errors from paypal. So i have done a double encryption. When i leave the postfields unencrypted, the paypal api gives me success.
My Questions:
1. Is it secure enough, to use curl with public certificate ?
2. Is it possible to use the pkcs7 encryption (or similar encryption) with curl?
3. Am I right in assuming that it isnt possible to encrypt the postfields, before send data via curl/https to paypal, because when i do that, paypal give me failure responses?
Please help.
Greetings ninchen
