Redsys with NodeJS and CryptoJS


I'm doing a project with NodeJS, and I'm developing the payment gateway.

The problem is that when generating the signature, it gives error SIS0042 - > The signature sent is not correct.

The firm generated it in the following way:

var merchant = new Buffer(JSON.stringify(this.generateMerchantParams(payment))).toString('base64');

var secretKey = new Buffer(secret, 'base64');

var cipher = _crypto.TripleDES.encrypt(order_id, secret);

var order_encoded = cipher.ciphertext.toString(_crypto.enc.Base64);

var hexMac256 = _crypto.HmacSHA256(merchant, _crypto.enc.Base64.parse(order_encoded));

With the signature (Ds_Signature: hexMac256 ), Ds_MerchantParameters ( merchant ), and Ds_SignatureVersion ( HMAC_SHA256_V1 ), we generate the form that redirects to the bank screen.

Can someone help me with this problem? Any help will be appreciated.

Thank you very much in advance.

asked by Joel Garcia 20.06.2017 в 18:28

1 answer


I have also been spending a lot of time figuring out how to implement this in Node.js. I leave the code that works. The hard part was realizing that RedSys does not want to "padding" in the 3DES and understand how CryptoJS stores its information.

// Base64 encoding of parameters
var merchantWordArray = cryptojs.enc.Utf8.parse(JSON.stringify(tpvdata));
var merchantBase64 = merchantWordArray.toString(cryptojs.enc.Base64);

// Decode key
var keyWordArray = cryptojs.enc.Base64.parse(merchant_key);

// Generate transaction key
var iv = cryptojs.enc.Hex.parse("0000000000000000");
var cipher = cryptojs.TripleDES.encrypt(tpvdata.DS_MERCHANT_ORDER, keyWordArray, {
  mode: cryptojs.mode.CBC,
  padding: cryptojs.pad.ZeroPadding

// Sign
var signature = cryptojs.HmacSHA256(merchantBase64, cipher.ciphertext);
var signatureBase64 = signature.toString(cryptojs.enc.Base64);

// Done, we can return response
var response = {
  signatureVersion: "HMAC_SHA256_V1",
  merchantParameters: merchantBase64,
  signature: signatureBase64
answered by 14.09.2017 в 00:27