Blog

  • Paytm Checksum Verifcation

    Posted by Abhishek Saini | Last Updated: 11-Jan-17

    After requesting the paytm transaction request api,paytm return the response of the transaction to the callback url . Once the response is received on the server side,we must verify the Checksumhash received .Verification of checksumhash ensures that the transaction was successfull and not tampered with.

    This is how you can simply verify checksum using node js.

    Create a file and save as crypt.js

    "use strict";
    
    var crypto = require('crypto');
    var util = require('util');
    
    //var config = require('./pg').paytmnew;
    
    var crypt = {
      iv: '@@@@&&&&####$$$$',
    
      encrypt: function (data,custom_key) {
        var iv = this.iv;
        var key = custom_key;
        var algo = '256';
        switch (key.length) {
        case 16:
          algo = '128';
          break;
        case 24:
          algo = '192';
          break;
        case 32:
          algo = '256';
          break;
    
        }
        var cipher = crypto.createCipheriv('AES-' + algo + '-CBC', key, iv);
        //var cipher = crypto.createCipher('aes256',key);
        var encrypted = cipher.update(data, 'binary', 'base64');
        encrypted += cipher.final('base64');
        return encrypted;
      },
    
      decrypt: function (data,custom_key) {
        var iv = this.iv;
        var key = custom_key;
        var algo = '256';
        switch (key.length) {
        case 16:
          algo = '128';
          break;
        case 24:
          algo = '192';
          break;
        case 32:
          algo = '256';
          break;
        }
        var decipher = crypto.createDecipheriv('AES-' + algo + '-CBC', key, iv);
        var decrypted = decipher.update(data, 'base64', 'binary');
        try {
          decrypted += decipher.final('binary');
        } catch (e) {
          util.log(util.inspect(e));
        }
        return decrypted;
      },
    
      gen_salt: function (length, cb) {
        crypto.randomBytes((length * 3.0) / 4.0, function (err, buf) {
          var salt;
          if (!err) {
            salt = buf.toString("base64");
          }
          //salt=Math.floor(Math.random()*8999)+1000;
          cb(err, salt);
        });
      },
    
      /* one way md5 hash with salt */
      md5sum: function (salt, data) {
        return crypto.createHash('md5').update(salt + data).digest('hex');
      },
      sha256sum: function (salt, data) {
        return crypto.createHash('sha256').update(data + salt).digest('hex');
      }
    };
    
    module.exports = crypt;
    
    (function () {
      var i;
    
      function logsalt(err, salt) {
        if (!err) {
          console.log('salt is ' + salt);
        }
      }
    
      if (require.main === module) {
        var enc = crypt.encrypt('One97');
        console.log('encrypted - ' + enc);
        console.log('decrypted - ' + crypt.decrypt(enc));
    
        for (i = 0; i < 5; i++) {
          crypt.gen_salt(4, logsalt);
        }
      }
    
    }());
    

    Now create a service which have method to verify checksum.

      var crypt = require('./crypt');   //use crypt.js 
      var crypto = require('crypto');
    
    function verifychecksum(params, key) {
    if (!params) console.log("params are null");
    var data = paramsToString(params, false);
    //TODO: after PG fix on thier side remove below two lines
    if (params.CHECKSUMHASH) {
    params.CHECKSUMHASH = params.CHECKSUMHASH.replace('\n', '');
    params.CHECKSUMHASH = params.CHECKSUMHASH.replace('\r', '');
    var temp = decodeURIComponent(params.CHECKSUMHASH);
    var checksum = crypt.decrypt(temp, key);
    var salt = checksum.substr(checksum.length - 4);
    var sha256 = checksum.substr(0, checksum.length - 4);
    var hash = crypto.createHash('sha256').update(data + salt).digest('hex');
    if (hash === sha256) {
    return true;
    } else {
    util.log("checksum is wrong");
    return false;
    }
    } else {
    util.log("checksum not found");
    return false;
    }
    }
    
    function paramsToString(params, mandatoryflag) {
            var data = '';
            var flag = params.refund ? true : false;
            delete params.refund;
            var tempKeys = Object.keys(params);
            if (!flag) tempKeys.sort();
            tempKeys.forEach(function(key) {
                if (key !== 'CHECKSUMHASH') {
                    if (params[key] === 'null') params[key] = '';
                    if (!mandatoryflag || mandatoryParams.indexOf(key) !== -1) {
                        data += (params[key] + '|');
                    }
                }
            });
            return data;
        }
    
    // Paytm response like this
    
    var ver_param = {
    MID: 'wVhtoq05771472615938',
    ORDER_ID: 52,
    CUST_ID: '298233',
    TXN_AMOUNT: '1',
    CHANNEL_ID: 'WEB',
    INDUSTRY_TYPE_ID: 'Retail',
    WEBSITE: 'PaytmMktPlace',
    CHECKSUMHASH: '5xORNy+qP7G53XWptN7dh1AzD226cTTDsUe4yjAgKe19eO5olCPseqhFDmlmUTcSiEJFXuP/usVEjHlfMCgvqtI8rbkoUCVC3uKZzOBFpOw='
    };
    
    
     if (verifychecksum(ver_param,Merchant key)) {    // call your verifychecksum method
    console.log('verified checksum');
    } else {
    console.log("verification failed");
    }
    
    

     

     

     

     

     

    Thanks.

     

     

Tags: PAYTM

View All PostsLeave a Comment
comments powered by Disqus

Mobile Applications

Video Content

Bigdata & NoSQL

SaaS Applications

Miscellaneous

Archives


Alexa Certified Site Stats for www.oodlestechnologies.com