When integrating Alipay payments into a mobile application, we need to sign the payment information using the keys created in the Alipay Developer Site. The private and public keys obtained there are in plain text format, and to be able to use them with the GeneXus' Cryptography data types, we need to create a PFX file (Personal Information Exchange) from the private key.
This process needs to be executed only once for each application, and consists of a series of steps:
The first step is to convert the plain text private key into RSA format, which only adds a header, a footer and line breaks. A procedure named ConvertPrivateKey is included within the Alipay API, with the code needed to perform this action. The output of the first step is a *.pem file
Here we start to use OpenSSL commands. Using the file obtained in step 1 the following command needs to be executed:
openssl rsa -in Alipay_RSA_Converted.pem -out Alipay_RSA_Key.pem
The output is another *.pem file.
The following command needs to be executed:
openssl req –config openssl\bin\openssl.cfg -new -x509 -key Alipay_RSA_Key.pem -pubkey -out Alipay_X509.cer -days 365
In this step, some information needed for the certificate will be asked from the user (Name, Company, Email, Country, etc.). The output is a *.cer file.
The following command needs to be executed:
openssl pkcs12 -export -in Alipay_X509.cer -inkey Alipay_RSA_Key.pem -out Alipay_PKCS12.pfx
The user will be asked for a password for the PFX file. The PFX file generated and the password will be used later when developing the integration in GeneXus.
A utility is available to simplify the PFX file generation process. It can be downloaded from here.
The entire process can be executed with only one command:
AlipayGeneratePFX –f|-k keylocation
where
|
-f
|
Indicates that the path to a file containing the private key will be used
|
|
-k
|
Indicates that the private key value will be used
|
|
keylocation
|
if -f is specified, this is the key file path;
if -k is specified, this is the key value
|