Integration Guide
Table Of Contents
- Preface
- How Website Payments Standard Works
- Using Your Merchant Account Profile and Tools
- The Account Profile Summary
- Branding PayPal’s Payment Pages
- Streamlining Purchases with Website Payment Preferences
- Blocking Certain Kinds of Payment
- Adding Your Credit Card Statement Name
- Getting Customer Contact Telephone Numbers
- Language Encoding Your Data
- Multi-User Access to Your PayPal Account
- PayPal-Supported Currencies
- Issuing Refunds
- Single-Item Payment: Buy Now and Donations
- Multiple-Item Payment: Shopping Cart
- Encrypted Website Payments
- Testing in the PayPal Sandbox
- Website Payments Standard HTML FORM Basics
- Website Payments Standard HTML Variables
- Country Codes
- Index
Encrypted Website Payments
Creating Your Public Certificate
5
86 November 2005 Website Payments Standard Checkout Integration Guide
Public Key Encryption Background
Public key encryption (asymmetric encryption) improves security and convenience by
allowing senders and receivers to have separate public and private encryption keys:
z The public key: The public key is the portion of an asymmetric cryptographic key that
receivers give senders who want to send them encrypted information. I
z The private key: The private key is the portion of an asymmetric cryptographic key
receivers keep secret and do not send to anyone. The public certificate: The public
certificate consists of the public key and identity information, such as a person's name,
which could be signed by a certificate authority (CA). The CA guarantees that the public
key belongs to the named entity.
z The encryption process: Sender use both their private key and the receivers’ public key to
encrypt the information. Receiver use their private key and the senders’ public key to
decrypt the information that was encrypted. This encryption process is also used with
digital signatures to verify the origin of the information.
Creating Your Public Certificate
For EWP, PayPal requires that you upload your public certificate to its website so that the
authenticity of the encrypted code can be verified.
PayPal accepts only X.509 public certificates, not public keys. The difference between a key
and a certificate is that a certificate includes the public key along with information about the
key, such as when the key expires and who the key belongs to. PayPal accepts public
certificates in OpenSSL PEM format from any established certificate authority, such as
VeriSign.
You can also create your own private key and public certificate using open source software
such as OpenSSL (
http://www.openssl.org), which is detailed in the following section.
Creating Your Private Key Using OpenSSL
Using the openssl program, enter the following command to create your private key. The
command generates a 1024-bit RSA private key that is stored in the file my-prvkey.pem:
openssl genrsa -out my-prvkey.pem 1024
Creating Your Public Certificate Using OpenSSL
The public certificate must be in PEM format. To create your certificate, enter the following
openssl command, which generates a public certificate in the file my-pubcert.pem:
openssl req -new -key my-prvkey.pem -x509 -days 365 -out my-pubcert.pem