Unable to decrypt apple pay token

Question

Enabling an apple pay support in web app and processing the payment via Cybersource payment gateway.

Apple Payment token received as part of payment has been sent to cybersource for payment processing.

CyberSource is saying token is not valid and unable to decrypt. Cybersource is expecting token length to arround 3000 to 5000.

Token Reeived from apple is around 500.

Here is the token , its length is 425 . What am i missing here. What is the minimum length of Apple Pay token, Can you share any reference to payment token length.

"8d5eLdUWgmd8RutsBaxdBsJhnpxUe2lYC/B7cgtgwASHa5+kz7hmNLhqH3+eKGlEW3hwOlTGPoY64Pe/vWhd3EjKPwltYqfz9wyZqQjWV5wYUHjFEUtUYeHmnf0O1KVpP656IncK/jNT+vgm2sTiUxBLWTyCZmnBQsiDjjaD0eEQLB7aNQ2nVdEpEDjXcZhl0JjwXS1hQ3KH2Hcvk+1UduiBx1jXYlBSPuCSEP8Q3slTdEbFQf9LF2rerN3WavaqeBClf5PqtluuUJkRdwoR80SQ9vEk3KpKmaFvOZaaJXCrkurhxklje5ZJUyrMrKwSU7HvswDnHvPqT1Wyk3SD/EDa5/61/hZfeMtDtLvAsuN8nq2h3gER2lya3BxZCV0qWeuzqy4IAw0r7u19Bq2+8OTwY6pPkx6cQDyS/4jO"

Thanks

Wallet

13k

Posted by

NotANameTest

Reply

Add a Comment

Answer 1

It depends....quoting off the 'net:

What is an Apple Pay PKPaymentToken?

The PKPaymentToken is an encrypted data package created by the Apple Pay server using your public key. This package contains several components including the network token and a cryptogram.

What is the cryptogram?

The cryptogram returned by Apple Pay is a component of the PKPaymentToken that is unique to the transaction and acts as a security key. It is 40 characters in length and created using the merchant’s public key supplied to Apple during the merchant registration process.

What is a network token?

A network token is a surrogate value for a PAN that is between 13 and 19 digits (typically format preserving) and is MOD-10 compliant (passes Luhn check). All network tokens will use BIN ranges designated for tokens and never overlap or conflict with a real PAN.

>CyberSource is saying token is not valid and unable to decrypt

Confirm your process:

- h ttp://apps.cybersource.com/library/documentation/dev_guides/apple_payments/SO_API/Apple_Pay_SO_API.pdf

- https://developer.apple.com/library/content/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html#//apple_ref/doc/uid/TP40014929-CH8-SW1

Posted by

KMT

Add a Comment

Answer 2

Hi, here we are having same issue. We uploaded CSR to "Apple Pay Payment Processing Certificate" section but when we submit request to cybersource we get Unable to decrypt encrypted_payment_data.

Do you have found the solution?

Posted by

d.colaianni

Add a Comment

Answer 3

Any Solution...????

Posted by

sandy_cool

Add a Comment

Answer 4

You need to take the entire paymentToken received from onpaymentauthorized, get the paymentData, then base64 encode

response will look like this

`Payment Token: { "paymentData": { "version": "EC_v1", "data": "UwXPzQeEmi+IgZp9Tz6lEhLNmXmZrQ2FqdNYs671/sE/3rqOpcKrZOGPHu9JMGIHZZOFkbVPAQ919wmLfWLXKIvqxbpAzJoc1F9NjtZmWpiqJELCzPTbdi+OmQrggnBAw8fd7FwVY19bNDoqtN5g4lSeV2Gs1nTzRjvWb7W17+J5dlq/cOK0RCD/O8mjwYQ5axrZc6WrWXoAhdwsNf9dLqdTeCPEW2rkccikmr2670DFYhSMyF+JrG4aHmDBY7v8EHgvkdd2fjPB92Qh4j4UEa0i6/oOZ4VC7u3svNYEwGEBXbjMkpQr4UPfkuxGaxTvAJBg3ra+x6WGIEAwzHKkoenIf9NkBbFJmHdJ5ZD1GbzL7b8cBilnL/si3/sSmGMgI7m68noFIKetDZwlN9P2+5RnofcECN5FM/aR5vpzrA==", "signature": "MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCAMIID5DCCA4ugAwIBAgIIWdihvKr0480wCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTIxMDQyMDE5MzcwMFoXDTI2MDQxOTE5MzY1OVowYjEoMCYGA1UEAwwfZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtU0FOREJPWDEUMBIGA1UECwwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgjD9q8Oc914gLFDZm0US5jfiqQHdbLPgsc1LUmeY+M9OvegaJajCHkwz3c6OKpbC9q+hkwNFxOh6RCbOlRsSlaOCAhEwggINMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUI/JJxE+T5O8n5sT2KGw/orv9LkswRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDA0LWFwcGxlYWljYTMwMjCCAR0GA1UdIASCARQwggEQMIIBDAYJKoZIhvdjZAUBMIH+MIHDBggrBgEFBQcCAjCBtgyBs1JlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDYGCCsGAQUFBwIBFipodHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS8wNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVhaWNhMy5jcmwwHQYDVR0OBBYEFAIkMAua7u1GMZekplopnkJxghxFMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBh0EAgUAMAoGCCqGSM49BAMCA0cAMEQCIHShsyTbQklDDdMnTFB0xICNmh9IDjqFxcE2JWYyX7yjAiBpNpBTq/ULWlL59gBNxYqtbFCn1ghoN5DgpzrQHkrZgTCCAu4wggJ1oAMCAQICCEltL786mNqXMAoGCCqGSM49BAMCMGcxGzAZBgNVBAMMEkFwcGxlIFJvb3QgQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE0MDUwNjIzNDYzMFoXDTI5MDUwNjIzNDYzMFowejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8BcRhBnXZIXVGl4lgQd26ICi7957rk3gjfxLk+EzVtVmWzWuItCXdg0iTnu6CP12F86Iy3a7ZnC+yOgphP9URaOB9zCB9DBGBggrBgEFBQcBAQQ6MDgwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDQtYXBwbGVyb290Y2FnMzAdBgNVHQ4EFgQUI/JJxE+T5O8n5sT2KGw/orv9LkswDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS7sN6hWDOImqSKmd6+veuv2sskqzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZXJvb3RjYWczLmNybDAOBgNVHQ8BAf8EBAMCAQYwEAYKKoZIhvdjZAYCDgQCBQAwCgYIKoZIzj0EAwIDZwAwZAIwOs9yg1EWmbGG+zXDVspiv/QX7dkPdU2ijr7xnIFeQreJ+Jj3m1mfmNVBDY+d6cL+AjAyLdVEIbCjBXdsXfM4O5Bn/Rd8LCFtlk/GcmmCEm9U+Hp9G5nLmwmJIWEGmQ8Jkh0AADGCAYwwggGIAgEBMIGGMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUwIIWdihvKr0480wDQYJYIZIAWUDBAIBBQCggZUwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwNjE3MTI1MDM1WjAqBgkqhkiG9w0BCTQxHTAbMA0GCWCGSAFlAwQCAQUAoQoGCCqGSM49BAMCMC8GCSqGSIb3DQEJBDEiBCBTS7/cJTkqoPngqDvEXQixx62F3leq4oEk+vRLItaWeTAKBggqhkjOPQQDAgRHMEUCIA+MBrjOk3i/zTJ6xiHOOKUtN6dfYdqgstciP/bP0lg9AiEA+vXLBd0Xlhbe03b3AJbHW7XotUu3gt3clMpsv6e//0EAAAAAAAA=", "header": { "ephemeralPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEL7u/GO5+iFC5hK0516IgX6DKmPB0xTi3oQ1nWCdTc5DXQuAP4XMep40jGRb7UCoaEXgPx5vvRuxshadS7PP4+w==", "publicKeyHash": "ilecVF58bpB8qio67Y0Okg5Hl6eirw2Y1v1KUCsdVgQ=", "transactionId": "92fc14bc748dd361f563d0a0a24fddb5d96715ef9a491b546274ed5e05463c2b" } }, "paymentMethod": { "displayName": "Visa 0492", "network": "Visa", "type": "debit" }, "transactionIdentifier": "92FC14BC748DD361F563D0A0A24FDDB5D96715EF9A491B546274ED5E05463C2B" }

JS send to backend as applepay_data '&applepay_data=' + encodeURIComponent(JSON.stringify(token.paymentData));

Java example to base64 encode String applePayToken = reqParms.getString("applepay_data",null); byte[] encodedBytes = Base64.encodeBase64(applePayToken.getBytes(StandardCharsets.UTF_8)); applePayToken = new String(encodedBytes,StandardCharsets.UTF_8);

That is what you need to send to Cybersource, if you are just sending part of token.paymentData it won't work

Posted by

jbcle

This solved my problem :) thank you good sir

—
medi86
Could you shorten this a bit? The huge block of text really makes it hard to dig through these responses.

—
kthprog

Add a Comment

Answer 5

Hello @jbcle @NotANameTest @medi86 @d.colaianni

I'm currently integrating Apple Pay with the CyberSource Decryption Rest API (Authorization). I followed the process of generating a CSR from my CyberSource Business Account and uploaded it to the Apple Developer account to obtain the apple payment processing certificate.

However, I'm encountering an error from the CyberSource Rest API stating "Unable to Decrypt the Encrypted Data." It's important to note that I'm only sending the base64 encoded value of the payment data object from the token, e.g. base64Encode(token.paymentData).

I would greatly appreciate any assistance or suggestions you can provide regarding the possible cause of this issue or if there's anything important that I might have overlooked. Thank you.

Posted by

chandra_Sekhar

You need to JSON serialize the data as a string before encoding it. Also make sure that you are using the correct environment/domain associated wit the merchant certificate that is generating your session during the merchant validation step. If the merchant ID does not match in CyberSource then it cannot be decrypted.

—
kthprog

Add a Comment

Answer 6

I fixed this by removing the 'supportsEMV' option. It seems like CyberSource is not able to decrypt EMV data in the payload, or the test cards are sending invalid EMV data.

Posted by

kthprog

Add a Comment

Unable to decrypt apple pay token

Replies