Integration Guide
Table Of Contents
- Website Payments Pro Hosted Solution Integration Guide
- About This Guide
- Intended Audience
- Revision History
- Documentation Feedback
- Getting Started with Website Payments Pro Hosted Solution
- Integrating Your Website Using HTML
- Customising Your PayPal Payment Page
- Integrating iFrame in Your Website
- Integrating Your Website Using API
- Testing Your Integration in Sandbox
- Order Processing
- Protecting Buttons by Using Encrypted Website Payments
- Public Key Encryption Used by Encrypted Website Payments
- Setting Up Certificates Before Using Encrypted Website Payments
- Generating Your Private Key Using OpenSSL
- Generating Your Public Certificate Using OpenSSL
- Uploading Your Public Certificate to Your PayPal Account
- Downloading the PayPal Public Certificate from the PayPal Website
- Removing Your Public Certificate
- Using Encrypted Website Payments to Protect Your Payment Buttons
- Blocking Unprotected and Non-encrypted Website Payments
- Optional API Operations
- Moving from Website Payments Standard to Hosted Solution
- Error Messages
- Currency Codes
- Index
Protecting Buttons by Using Encrypted Website Payments
Public Key Encryption Used by Encrypted Website Payments
58
Public Key Encryption Used by Encrypted Website Payments
Encrypted Website Payments uses public key encryption, or asymmetric cryptography, which
provides security and convenience by allowing senders and receivers of encrypted
communication to exchange public keys to unlock each others messages. The fundamental
aspects of public key encryption are:
Public keys – Public keys are created by receivers and are given to senders before they
encrypt and send information. Public certificates comprise a public key and identity
information, such as the originator of the key and an expiry date. Public certificates can be
signed by certificate authorities, who guarantee that public certificates and their public
keys belong to the named entities.
You and PayPal exchange each others’ public certificates.
Private keys – Private keys are created by receivers are kept to themselves.
You create a private key and keep it in your system. PayPal keeps its private key on its
system.
The encryption process – Senders use their private keys and receivers’ public keys to
encrypt information before sending it. Receivers use their private keys and senders’ public
keys to decrypt information after receiving it. This encryption process also uses digital
signatures in public certificates to verify the sender of the information.
You use your private key and PayPal’s public key to encrypt your HTML button code.
PayPal uses it’s private key and your public key to decrypt button code after people click
your payment buttons.
Setting Up Certificates Before Using Encrypted Website
Payments
Do the following before you use Encrypted Website Payments to protect your payment
buttons:
Generating Your Private Key Using OpenSSL
Generating Your Public Certificate Using OpenSSL
Uploading Your Public Certificate to Your PayPal Account
Downloading the PayPal Public Certificate from the PayPal Website
PayPal uses only X.509 public certificates, not public keys. A public key can be used for
decryption but contains no information identifying who provided the key. A public certificate
includes a public key along with information about the key, such as when the key expires and
who the key belongs to. PayPal accepts public certificates in OpenSSL PEM format from any
established certificate authority, such as VeriSign.
You can generate your own private key and public certificate using open source software such
as OpenSSL (
https://www.openssl.org), which is detailed in the following section.