iDEAL Advanced v3 driver for the WordPress payment processing library.
Title | Language | Version | Date |
---|---|---|---|
iDEAL Merchant Integration Guide | EN | 3.3.1 |
2015-02 |
iDEAL Merchant Integratie Gids | NL | 3.3.1 |
2015-02 |
iDEAL Merchant Integration Guide | EN | 3.3.1 |
2012-11 |
Rabobank - Handleiding iDEAL Professional | NL | 3.0 |
2019-02 |
iDEAL Merchant Integratie Gids (NL) | NL | 3.6 |
2020-10-09 |
iDEAL Merchant Integration Guide (EN) | NL | 3.6 |
2020-10-09 |
All messages that are sent by the Merchant to the Acquirer (DirectoryRequest, TransactionRequest and StatusRequest) have to be signed by the Merchant. Messages are signed in accordance with the "XML Signature Syntax and Processing (2nd Edition) W3C Recommendation” of 10 June 20084, with the following settings and restrictions applied:
The entire XML message5 must be signed.
For the purpose of generating the digest of the main message, the inclusive canonicalization algorithm must be used6. This method of canonicalization of the main message is not (always) explicitly indicated in the iDEAL XML messages. For this reason this transform has not been included in the example messages in this document. Merchants are not required to explicitly indicate this transform in their messages.
For the purpose of generating the signature value, the exclusive7 canonicalization algorithm must be used.
The syntax for an enveloped8 signature must be used. The signature itself must be removed from the XML message using the default transformation prescribed for this purpose.
For hashing purposes the SHA-2569 algorithm must be used.
For signature purposes the RSAWithSHA25610 algorithm must be used. RSA keys must be 2,048 bits long.
The public key must be referenced using a fingerprint of an X.509 certificate. The fingerprint must be calculated according to the following formula HEX(SHA-1(DER certificate)) 11.
Note: the key reference is backwards compatible with all previous versions of iDEAL.
Note: According to Base64 specifications line breaks are allowed to be inserted after each 76 characters using a CR/LF12.
In general Merchants don’t need to have extensive knowledge of RSA since most programming languages have libraries available that implement XML Digital Signature processing. It is strongly recommended to use these standard libraries. Standard functionality for creation and verification of RSAWithSHA256 digital signatures is available in commonly used software platforms, from the following versions and higher: PHP version 5.3.0, Microsoft .NET version 3.5 sp1 en Java version 1.6 u18.
This functionality may also be available in earlier versions of these platforms and in other platforms (e.g. Python, Ruby).
For information about creating the public and private key pair please refer to paragraph 8.4.
4 http://www.w3.org/TR/xmldsig-core/
5 XML Signature reference to the signed info URI is left blank, see example messages in Appendix B
6 http://www.w3.org/TR/2001/REC-xml-c14n-20010315
7 http://www.w3.org/2001/10/xml-exc-c14n
8 http://www.w3.org/TR/xmldsig-core/#sec-EnvelopedSignature
9 http://www.w3.org/2001/04/xmlenc#sha256
10 http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-SHA256
11 See example messages in Appendix B
12 http://tools.ietf.org/html/rfc2045#section-6.8