paymentmethodtoken in python

tink-crypto / tink

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

https://developers.google.com/tink

Apache License 2.0

13.5k stars 1.18k forks source link

paymentmethodtoken in python #552

Closed Bastien-BO closed 10 months ago

Bastien-BO commented 3 years ago

Help us help you

I'm working for a PSP and curently trying to add Gpay support for a python backend.

Is your feature request related to a problem?

The gpay doc ask to use tink to handle keysets and messages encryption/decryption with paymentmethodtoken. The only integration of it that i found is in java.

Describe the solution you'd like

Having a equivalent of paymentmethodtoken in Python.

Describe alternatives you've considered

Additional context

thaidn commented 2 years ago

Have you tried https://github.com/google-pay/tink-jni-examples/tree/master/TinkJNIPython?

Bastien-BO commented 2 years ago

@thaidn thanks for your reply,

I didn't know this package exist, thanks for it. Sadly since it's a bridge to the java lib i'm not going to use it.

I'm curently making my own lib that use simple python with PyCryptodome

thaidn commented 2 years ago

If you can share the code, I can help you review it.

On Wed, Nov 17, 2021 at 11:19 AM Bastien Bouchoux @.***> wrote:

@thaidn https://github.com/thaidn thanks for your reply,

I didn't know this package exist, thanks for it. Sadly since it's a bridge to the java lib i'm not going to use it.

I'm curently making my own lib that use simple python with PyCryptodome

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/google/tink/issues/552#issuecomment-971897040, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAB23AIYKZIN4M32PM5ASLUMP54PANCNFSM5HTEAZYA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

-- https://vnhacker.blogspot.com

Bastien-BO commented 2 years ago

thanks

i have to finish it first so hopefully in a week or two :+1:

Bastien-BO commented 2 years ago

in my quest of writing this lib I'm facing an issue with the message decryption part.

to give you more insight to were i am:

Verify intermediate signing key => done Verify payload signature => done Decrypt payload content => doing

I have a hard time understanding what operations are done in the encryptedMessage decryption process. My understanding is that this process start with decrypt:

private String unsealECV2(String sealedMessage) throws GeneralSecurityException {
    JsonObject jsonMsg = JsonParser.parseString(sealedMessage).getAsJsonObject();
    validateECV2(jsonMsg);
    String signedMessage = verifyECV2(jsonMsg);
    String decryptedMessage = decrypt(signedMessage);
    validateMessage(decryptedMessage);
    return decryptedMessage;
  }

Is that true or am i totaly missing the actual way it works ? I'm a bit confuse about kem and dem, i don't understand what they are doing.

morambro commented 10 months ago

Closing this due to inactivity. Please reopen this issue in https://github.com/tink-crypto/tink-py/issues if you have further questions/follow-up comments.