ueHash

Defines the properties of the hash used to validate a source key.

Description

This object defines the properties of the hash used to validate a source key. This object is only required on source keys that have a pin assigned.

Pins are not meant to be stored by the application. Instead the application should prompt the end user for the pin. The pin may be cached temporarily, but should not be stored permanently unless appropriate security measures such as strong encryption are taken.

Please note that access to certain methods will require a pin. These features are restricted to sources with a pin to minimize the impact of a merchant's source key being stolen.

Properties

Type Name Description
string Type Hashing Function Used: Currently only "md5" and "sha1" are supported.
string Seed The data used to seed the hash: This value must be unique and cannot be reused. The system will reject the request if a Seed is reused. The reason for this is to minimize the damage if a HashValue is stolen. An intruder may manage to obtain a SourceKey and a HashValue, but will not be able to use the source key since the HashValue is based on a seed that cannot be reused.
string HashValue Hash string: The resulting hash. The hash is calculated by concatenating the SourceKey, the Seed and the Pin value. Do not place any characters in between these values. Once the values have been concatenated, calculate the hash string using the algorithm specified by Type.

Examples

.NET VB

    Dim hash As newtek.ueHash = New newtek.ueHash
    Dim sourcekey As String
      Dim pin As String

      ' The source key and pin are created by the merchant
      sourcekey = "e42SYc86C4uvlvyP62ow54Kv93SZsJVm"
      pin = "1234"

      token = New newtek.ueSecurityToken
      token.SourceKey = sourcekey

      ' To create the hash we must concat the sourcekey, seed and pin
      Dim rand As System.Random = New System.Random
      hash.Seed = Date.Now.ToUniversalTime & rand.Next()

      Dim prehashvalue As String
      prehashvalue = sourcekey & hash.Seed & pin

      ' Generate the md5 hash
      hash.Type = "md5"
      hash.HashValue = GenerateHash(prehashvalue)
      token.PinHash = hash

    Private Function GenerateHash(ByVal SourceText As String) As String
      'Instantiate an MD5 Provider object
      Dim md5 As New MD5CryptoServiceProvider

      'Compute the hash value from the source
      Dim ByteHash() As Byte = md5.ComputeHash(Encoding.Default.GetBytes(SourceText))

      'Instantiate a StringBuilder object
      Dim sb As New StringBuilder

      'Repack binary hash as hex
      For c As Integer = 0 To ByteHash.Length - 1
        sb.AppendFormat("{0:x2}", ByteHash(c))
      Next c

      'Return the hex hash
      Return sb.ToString
    End Function

.NET C

    MD5 md5Hasher = MD5.Create();

    // Convert the input string to a byte array and compute the hash.
    byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));

    // Create a new Stringbuilder to collect the bytes
    // and create a string.
    StringBuilder sBuilder = new StringBuilder();

    // Loop through each byte of the hashed data
    // and format each one as a hexadecimal string.
    for (int i = 0; i < data.Length; i++)
    {
        sBuilder.Append(data[i].ToString("x2"));
    }

    // Return the hexadecimal string.
    return sBuilder.ToString();