Integration Guide

Table Of Contents
Securing Your PayPal Payments Standard Buttons
Protecting Payment Buttons by Using Encrypted Website Payments
8
344 June 2012 PayPal Payments Standard Integration Guide
Public keys – Public keys are created by receivers and are given to senders before they
encrypt and send information. Public certificates comprise a public key and identity
information, such as the originator of the key and an expiry date. Public certificates can be
signed by certificate authorities, who guarantee that public certificates and their public
keys belong to the named entities.
You and PayPal exchange each others’ public certificates.
Private keys – Private keys are created by receivers are kept to themselves.
You create a private key and keep it in your system. PayPal keeps its private key on its
system.
The encryption process – Senders use their private keys and receivers’ public keys to
encrypt information before sending it. Receivers use their private keys and senders’ public
keys to decrypt information after receiving it. This encryption process also uses digital
signatures in public certificates to verify the sender of the information.
You use your private key and PayPal’s public key to encrypt your HTML button code.
PayPal uses its private key and your public key to decrypt button code after people click
your payment buttons.
Setting Up Certificates Before Using Encrypted Website Payments
Do the following before you use Encrypted Website Payments to protect your payment
buttons:
Generate your private key.
Generate your public certificate.
Upload your public certificate to your PayPal account.
Download the PayPal public certificate from the PayPal website.
PayPal uses only X.509 public certificates, not public keys. A public key can be used for
decryption but contains no information identifying who provided the key. A public certificate
includes a public key along with information about the key, such as when the key expires and
who owns the key. PayPal accepts public certificates in OpenSSL PEM format from any
established certificate authority, such as VeriSign.
You can generate your own private key and public certificate using open source software such
as OpenSSL (
https://www.openssl.org), which is detailed in the following section.
Generating Your Private Key Using OpenSSL
Using the openssl program, enter the following command to generate your private key. The
command generates a 1024-bit RSA private key that is stored in the file my-prvkey.pem:
openssl genrsa -out my-prvkey.pem 1024