SHA-IN/-OUT Signatur

I have to encode/decode my URL-Parameters with SHA-1 when sending the cc-clearing to the cc-clearing company (and receiving their information back). Do you have a tutorial and/or functions on how to do this? Thanks for any help.

SHA-1 is true encryption and not a HASH, so it doesn't have a decryption option. I think they probably use a hashing algorithm like RIJNDAEL to allow decryption.

Hi Ray. From what I understand is that I call an URL with a string containing the order-information to the cc-company and also in a hidden field, a encrypted digest that is being built based on the String and a passphrase that is stored also on the cc-company's server. They to also encrypt the string and compare their result with the value in the hidden field that I have to create.

After the client enters the cc-information and submits his data, the same procedure goes the other way back.

Maybe you can have a look in the attached documentation, chapter "Appendix: SHA"?

Thanks in advance

You just need encryption, not decryption. They are just going to encrypt the same values you do and make sure they match, which verifies they haven't been tampered with.

Thanks Ray. As they need a hidden field value, I guess I have to send the form via POST and add the string in the form action?

You would just add a hidden form element to the page and have it SHA1 encrypted when you post it to them.