(JavaScript) ClickBank Decrypt Instant Notification
Demonstrates how to decrypt a ClickBank instant notification. See Instant Notification Service for more information and alternative code snippets.
var success = false;
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// secret key from your ClickBank account
var secretKey = "MY_SECRET_KEY";
var jsonStr = "{\"notification\":\"BASE64_NOTIFICATION\",\"iv\":\"BASE64_IV\"}";
var json = new CkJsonObject();
success = json.Load(jsonStr);
// Get the encrypted notification (binary) and IV from the JSON.
var bdNotif = new CkBinData();
var bdIv = new CkBinData();
success = bdNotif.AppendEncoded(json.StringOf("notification"),"base64");
success = bdIv.AppendEncoded(json.StringOf("iv"),"base64");
// Get an SHA1 digest (as a hex string) of the secret key.
// A SHA1 digest is 20 bytes. Therefore the hex string is 40 chars.
// Treat each us-ascii char as a binary byte of the secret key.
// 256-bit AES needs a 256-bit key, which is 32-bytes. Therefore
// use the 1st 32 us-ascii chars of the hex SHA1 as the AES secret key.
var crypt = new CkCrypt2();
// Because we're using the hex string as the actual AES key, it matters whether the hex is uppercase or lowercase.
// We want lowercase.
crypt.EncodingMode = "hex_lower";
crypt.HashAlgorithm = "sha1";
var hexSha1 = crypt.HashStringENC(secretKey);
console.log(hexSha1);
// Treat the hex string as binary data for the AES key..
var bdKey = new CkBinData();
bdKey.AppendString(hexSha1,"us-ascii");
bdKey.RemoveChunk(32,8);
crypt.KeyLength = 256;
crypt.CryptAlgorithm = "aes";
crypt.CipherMode = "cbc";
// We can use any encoding because were just getting the binary bytes in an encoding, and then setting from the same encoding.
// We'll just use base64..
crypt.SetEncodedIV(bdIv.GetEncoded("base64"),"base64");
crypt.SetEncodedKey(bdKey.GetEncoded("base64"),"base64");
crypt.DecryptBd(bdNotif);
console.log("Decrypted: " + bdNotif.GetString("utf-8"));
|
