Unable to decrypt apple pay token

Enabling an apple pay support in web app and processing the payment via Cybersource payment gateway.

Apple Payment token received as part of payment has been sent to cybersource for payment processing.


CyberSource is saying token is not valid and unable to decrypt. Cybersource is expecting token length to arround 3000 to 5000.


Token Reeived from apple is around 500.


Here is the token , its length is 425 . What am i missing here. What is the minimum length of Apple Pay token, Can you share any reference to payment token length.


"8d5eLdUWgmd8RutsBaxdBsJhnpxUe2lYC/B7cgtgwASHa5+kz7hmNLhqH3+eKGlEW3hwOlTGPoY64Pe/vWhd3EjKPwltYqfz9wyZqQjWV5wYUHjFEUtUYeHmnf0O1KVpP656IncK/jNT+vgm2sTiUxBLWTyCZmnBQsiDjjaD0eEQLB7aNQ2nVdEpEDjXcZhl0JjwXS1hQ3KH2Hcvk+1UduiBx1jXYlBSPuCSEP8Q3slTdEbFQf9LF2rerN3WavaqeBClf5PqtluuUJkRdwoR80SQ9vEk3KpKmaFvOZaaJXCrkurhxklje5ZJUyrMrKwSU7HvswDnHvPqT1Wyk3SD/EDa5/61/hZfeMtDtLvAsuN8nq2h3gER2lya3BxZCV0qWeuzqy4IAw0r7u19Bq2+8OTwY6pPkx6cQDyS/4jO"


Thanks

It depends....quoting off the 'net:


What is an Apple Pay PKPaymentToken?

The PKPaymentToken is an encrypted data package created by the Apple Pay server using your public key. This package contains several components including the network token and a cryptogram.


What is the cryptogram?

The cryptogram returned by Apple Pay is a component of the PKPaymentToken that is unique to the transaction and acts as a security key. It is 40 characters in length and created using the merchant’s public key supplied to Apple during the merchant registration process.


What is a network token?

A network token is a surrogate value for a PAN that is between 13 and 19 digits (typically format preserving) and is MOD-10 compliant (passes Luhn check). All network tokens will use BIN ranges designated for tokens and never overlap or conflict with a real PAN.

>CyberSource is saying token is not valid and unable to decrypt

Confirm your process:

- h ttp://apps.cybersource.com/library/documentation/dev_guides/apple_payments/SO_API/Apple_Pay_SO_API.pdf

- https://developer.apple.com/library/content/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html#//apple_ref/doc/uid/TP40014929-CH8-SW1



Hi, here we are having same issue. We uploaded CSR to "Apple Pay Payment Processing Certificate" section but when we submit request to cybersource we get Unable to decrypt encrypted_payment_data.


Do you have found the solution?

Any Solution...????

You need to take the entire paymentToken received from onpaymentauthorized, get the paymentData, then base64 encode

response will look like this

`Payment Token: { "paymentData": { "version": "EC_v1", "data": "UwXPzQeEmi+IgZp9Tz6lEhLNmXmZrQ2FqdNYs671/sE/3rqOpcKrZOGPHu9JMGIHZZOFkbVPAQ919wmLfWLXKIvqxbpAzJoc1F9NjtZmWpiqJELCzPTbdi+OmQrggnBAw8fd7FwVY19bNDoqtN5g4lSeV2Gs1nTzRjvWb7W17+J5dlq/cOK0RCD/O8mjwYQ5axrZc6WrWXoAhdwsNf9dLqdTeCPEW2rkccikmr2670DFYhSMyF+JrG4aHmDBY7v8EHgvkdd2fjPB92Qh4j4UEa0i6/oOZ4VC7u3svNYEwGEBXbjMkpQr4UPfkuxGaxTvAJBg3ra+x6WGIEAwzHKkoenIf9NkBbFJmHdJ5ZD1GbzL7b8cBilnL/si3/sSmGMgI7m68noFIKetDZwlN9P2+5RnofcECN5FM/aR5vpzrA==", "signature": "MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCAMIID5DCCA4ugAwIBAgIIWdihvKr0480wCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTIxMDQyMDE5MzcwMFoXDTI2MDQxOTE5MzY1OVowYjEoMCYGA1UEAwwfZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtU0FOREJPWDEUMBIGA1UECwwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgjD9q8Oc914gLFDZm0US5jfiqQHdbLPgsc1LUmeY+M9OvegaJajCHkwz3c6OKpbC9q+hkwNFxOh6RCbOlRsSlaOCAhEwggINMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUI/JJxE+T5O8n5sT2KGw/orv9LkswRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDA0LWFwcGxlYWljYTMwMjCCAR0GA1UdIASCARQwggEQMIIBDAYJKoZIhvdjZAUBMIH+MIHDBggrBgEFBQcCAjCBtgyBs1JlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDYGCCsGAQUFBwIBFipodHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS8wNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVhaWNhMy5jcmwwHQYDVR0OBBYEFAIkMAua7u1GMZekplopnkJxghxFMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBh0EAgUAMAoGCCqGSM49BAMCA0cAMEQCIHShsyTbQklDDdMnTFB0xICNmh9IDjqFxcE2JWYyX7yjAiBpNpBTq/ULWlL59gBNxYqtbFCn1ghoN5DgpzrQHkrZgTCCAu4wggJ1oAMCAQICCEltL786mNqXMAoGCCqGSM49BAMCMGcxGzAZBgNVBAMMEkFwcGxlIFJvb3QgQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE0MDUwNjIzNDYzMFoXDTI5MDUwNjIzNDYzMFowejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8BcRhBnXZIXVGl4lgQd26ICi7957rk3gjfxLk+EzVtVmWzWuItCXdg0iTnu6CP12F86Iy3a7ZnC+yOgphP9URaOB9zCB9DBGBggrBgEFBQcBAQQ6MDgwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDQtYXBwbGVyb290Y2FnMzAdBgNVHQ4EFgQUI/JJxE+T5O8n5sT2KGw/orv9LkswDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS7sN6hWDOImqSKmd6+veuv2sskqzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZXJvb3RjYWczLmNybDAOBgNVHQ8BAf8EBAMCAQYwEAYKKoZIhvdjZAYCDgQCBQAwCgYIKoZIzj0EAwIDZwAwZAIwOs9yg1EWmbGG+zXDVspiv/QX7dkPdU2ijr7xnIFeQreJ+Jj3m1mfmNVBDY+d6cL+AjAyLdVEIbCjBXdsXfM4O5Bn/Rd8LCFtlk/GcmmCEm9U+Hp9G5nLmwmJIWEGmQ8Jkh0AADGCAYwwggGIAgEBMIGGMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUwIIWdihvKr0480wDQYJYIZIAWUDBAIBBQCggZUwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwNjE3MTI1MDM1WjAqBgkqhkiG9w0BCTQxHTAbMA0GCWCGSAFlAwQCAQUAoQoGCCqGSM49BAMCMC8GCSqGSIb3DQEJBDEiBCBTS7/cJTkqoPngqDvEXQixx62F3leq4oEk+vRLItaWeTAKBggqhkjOPQQDAgRHMEUCIA+MBrjOk3i/zTJ6xiHOOKUtN6dfYdqgstciP/bP0lg9AiEA+vXLBd0Xlhbe03b3AJbHW7XotUu3gt3clMpsv6e//0EAAAAAAAA=", "header": { "ephemeralPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEL7u/GO5+iFC5hK0516IgX6DKmPB0xTi3oQ1nWCdTc5DXQuAP4XMep40jGRb7UCoaEXgPx5vvRuxshadS7PP4+w==", "publicKeyHash": "ilecVF58bpB8qio67Y0Okg5Hl6eirw2Y1v1KUCsdVgQ=", "transactionId": "92fc14bc748dd361f563d0a0a24fddb5d96715ef9a491b546274ed5e05463c2b" } }, "paymentMethod": { "displayName": "Visa 0492", "network": "Visa", "type": "debit" }, "transactionIdentifier": "92FC14BC748DD361F563D0A0A24FDDB5D96715EF9A491B546274ED5E05463C2B" }

JS send to backend as applepay_data '&applepay_data=' + encodeURIComponent(JSON.stringify(token.paymentData));

Java example to base64 encode String applePayToken = reqParms.getString("applepay_data",null); byte[] encodedBytes = Base64.encodeBase64(applePayToken.getBytes(StandardCharsets.UTF_8)); applePayToken = new String(encodedBytes,StandardCharsets.UTF_8);

That is what you need to send to Cybersource, if you are just sending part of token.paymentData it won't work

Hello @jbcle @NotANameTest @medi86 @d.colaianni

I'm currently integrating Apple Pay with the CyberSource Decryption Rest API (Authorization). I followed the process of generating a CSR from my CyberSource Business Account and uploaded it to the Apple Developer account to obtain the apple payment processing certificate.

However, I'm encountering an error from the CyberSource Rest API stating "Unable to Decrypt the Encrypted Data." It's important to note that I'm only sending the base64 encoded value of the payment data object from the token, e.g. base64Encode(token.paymentData).

I would greatly appreciate any assistance or suggestions you can provide regarding the possible cause of this issue or if there's anything important that I might have overlooked. Thank you.

I fixed this by removing the 'supportsEMV' option. It seems like CyberSource is not able to decrypt EMV data in the payload, or the test cards are sending invalid EMV data.

Unable to decrypt apple pay token
 
 
Q