How to Update Authorize.Net Direct Post from MD5 to SHA-512 in Magento
Are you Magento store owner using any of the below versions and using Authorize.Net Direct Post payment method with MD5 based hash?
- Magento Commerce 1.X.X
- Magento Open Source 1.X.X
- Magento Commerce 2.X.X
- Magento Open Source 2.X.X
- Magento Commerce (Cloud) 2.X.X
If yes, continue reading this important post!
However, if you installed Magento SUPEE 11155 patch, you don’t need to worry as this solution is already resolved in the security patch!
Uptill now, Magento used the MD5 based hash to implement the Authorize.Net Direct Post payment method. But not anymore after Authorize.net announced MD5 Hash End of Life & Signature Key Replacement!
After this announcement, the store owners will not be able to process secure payments using the Authorize.net Direct Post.
Authorize.Net is phasing out the MD5 based hash use for transaction response verification in favor of the SHA-512 based hash utilizing a Signature Key. It will stop supporting the MD5 based hash key use from June 28, 2019.
Not to worry, as Magento provides the patch that merchants need to apply and replace the existing MD5 hash with a Signature Key (SHA-512) in the Magento Admin configuration settings.
On March 14, 2019, Authorize. net will stop supporting MD5 based hash usage. Magento has released a patch to replace the existing MD5 hash with a SHA-512. For information on applying this patch please see the Magento Help Center. https://t.co/OvuyQ6qNBh
— Magento (@magento) March 1, 2019
Follow the below steps to continue using the Authorize.Net Direct Post in the Magento stores!
Steps to Update Authorize.Net Direct Post from MD5 to SHA – 512 in Magento:
Implement each of the above steps as below:
- Apply the patch
Download the zip file for your Magento Version for the patch installation. You can also download these Pre Patched files from GitHub. Unzip the downloaded files and add them to your root Magento folder.
Magento Version Patch Files Magento 2.3.0 Magento CE-2.3.0 Magento 2.2.6 to Magento 2.2.7 Magento CE-2.2.6-CE-2.2.7 Magento 2.2.0 to Magento 2.2.5 Magento CE-2.2.0-CE-2.2.5 Magento 2.1.0 to Magento 2.1.9 Magento CE-2.1.0-CE-2.1.9 Magento 1.5.0 to Magento 1.9.4.0 Magento CE-1.5.0.1-CE-1.9.4.0 Note: If you use Magento Commerce Cloud, apply the patch and deploy. For more information, visit Apply custom patches.
- Get a new signature key
Follow the below steps to get a new signature key. To know more about the signature key, visit here.- Log into the Merchant Interface at https://account.authorize.net.
- Click Account from the main toolbar.
- Go to Settings in the main left-side menu.
- Click API Credentials & Keys.
- Select New Signature Key. Review the options available.
- Click Submit and continue.
- Request and enter the PIN for verification.
- Your new Signature Key will be displayed that is to be copied to add to your Magento Admin configuration.
- Update Magento admin configuration
- Log in to the admin panel.
- Go to Stores > Configuration.
- Click Sales > Payment Methods.
- Expand the Authorize.net Direct Post section.
- In the Signature Key enter the SHA-512 Signature Key.
- Click Save Config.
For Magento 1:
For Magento 2:
After the successful signature key update, you can enjoy capturing secure online payments using the Authorize.NetDirect Post!
Note: With the upcoming Magento 2.3.1 release, Magento will include the new Authorize.Net extension to replace the Direct Post. If you are not going to update to Magento 2.3.1 anytime soon, follow the above method to update Authorize.Net Direct Post from MD5 to SHA – 512 in Magento stores.
You may post any issues in this method in the Comments below and I’d be happy to help. Or, you may contact us for professional help with Authorize.net Direct Post transaction key update.
Don’t forget to flash 5 stars!
Thank you!
5(based on 19 Reviews) - Get a new signature key
27 Comments
Applied Patch and successfully add a signature key, but an order is still using MD-5 Key and in Magento admin still say update your authorization module. Any reason behind this?
You may not have installed the patch properly. And the Magento message will keep showing until you read/delete it.
Why do your patched files differ from the patch itself?
We have provided Pre-patched files which are easy to install which you can do using FTP as well which is helpful. The Patch files provided by Magento needs to be added using SSH.
Meetanshi, MD5 will affect the stores that are built with a Magento versions below 2.3. Hence,
Magento Commerce 1.X.X
Magento Open Source 1.X.X
Magento Commerce 2.X.X
Magento Open Source 2.X.X
Magento Commerce (Cloud) 2.X.X
is kind of miss-leading.
Magento versions that will be affected are
Magento Open Source versions below 2.3.
Magento Commerce versions below 2.3
Magento Commerce (Cloud) versions below 2.3
Hi Manohara,
Thank you for the concern but please follow this official Magento Notice: https://support.magento.com/hc/en-us/articles/360024368392-Update-Authorize-Net-Direct-Post-from-MD5-to-SHA-512
I am getting php error message after installing and trying to place order. I am running on 5.3 php, could that be an issue with this patch?
The PHP-FPM error log is showing:
[09-Mar-2019 01:55:58 UTC] PHP Fatal error: Can’t use method return value in write context in /chroot/home/jimcolem/jimcolemanstore.com/html/app/code/core/Mage/Authorizenet/Model/Directpost.php on line 392
[09-Mar-2019 01:56:04 UTC] PHP Fatal error: Can’t use method return value in write context in /chroot/home/jimcolem/jimcolemanstore.com/html/app/code/core/Mage/Authorizenet/Model/Directpost.php on line 392
[09-Mar-2019 01:56:13 UTC] PHP Fatal error: Can’t use method return value in write context in /chroot/home/jimcolem/jimcolemanstore.com/html/app/code/core/Mage/Authorizenet/Model/Directpost.php on line 392
Hi Chris,
The issue is with the php version. It would work only with php7+ versions.
Hi,
thanks for the documentation.
I used a bitnami installation of Magento Commerce 2.2.7. has one of you access to the Magento Commerce 2.x patch?
or can I apply the CE patch?
Thanks and kind regards
Hi FS,
You can use the CE 2.2.7 patch even for the Magento Commerce.
I downloaded the patch files for M2.1.7 and had compilation errors :
I had to revert.
Hi Robert,
Please share the compilation errors with me.
Hi Sanjay,
Here is my compilation error :
Compilation was started.
Repositories code generation… 1/7 [====>———————–] 14% 1 sec 76.8 MiBPHP
Parse error: syntax error, unexpected ‘:’, expecting ‘;’ or ‘{‘ in /home/steel17/domains/steelcitymachines.ca/private_html/steel/vendor/magento/module-authorizenet/Model/Directpost/Request.php on line 195
You might be using the wrong version of PHP while running the compilation command. The return type declaration it is failing on requires PHP7+.
So we have to have API Login ID, Transaction Key and Signature key in admin panel settings in Magento only ? We have to leave Merchant MD5 value blank?
Hi Anil,
You need to get a new Signature Key and add it to your Magento Admin configuration.
To get the Signature key:
To Update Magento Admin Configuration:
You have to keep the MD5 value blank as it has no more concern after the patch installation.
Hi
I have successfully downloaded and applied the patch. But when i execute php magento setup:di:compile following error occurs
[RuntimeException]
Class Magento\Sales\Api\PaymentFailuresInterface does not exist in [Magento\Authorizenet\Model\Directpost\Interceptor]
I have confirmed it multiple times by reverting back the Authorize net module in vendor. Any fixes?
Hi Karthik,
Revert the patch and download the patch for your version and try installing the patch using SSH.
Yes, your patch not working with magento 2.1.x version can you explain why ?
Hi Sourav,
Revert the patch and download the patch for your version and try installing the patch using SSH.
Hi again, I have another site which I have to put the Signature Key. This site is with Magento 1.9
I tried to download the zip file from : https://meetanshi.com/blog/wp-content/uploads/2019/03/CE-1.5.0.1-CE-1.9.4.zip
but I got an error page.
If you can get back to me it would be appreciated.
Regards,
Robert
Hey Robert,
What issue are you getting? Can you please show me the error? Are you unable to download the zip?
Hi,
I have downloaded the file : CE-2.0.0-CE-2.3.0.zip
I did the extraction.
I lost the site and the admin panel.
I opened Putty to re-index with SSH CLI-commands
The first mistake was on line 1108 of directpost.php : private function getOrderFromResponse(): \Magento\Sales\Model\Order
Putty suggested to use ; or {
I put ; instead of :
When I re-indexed the mistake now is : namespace Magento\Authorizenet\Model;
It say’s that it must be the first instance. But it is !!!
I put the old directpost.php so I could see the website and the admin panel. Now I freeze when I try to checkout, witch is normal.
Can you help ?
Regards,
Robert
I am using Magento 2.1.7
Hi Robert,
You need to compile current Magento store using
bin/magento setup:di:compilecommand.I initiated the compile command and got this error :
PHP Parse error: syntax error, unexpected ‘:’, expecting ‘;’ or ‘{‘ in /home/steel17/domains/steelcitymachines.ca/private_html/steel/vendor/magento/module-authorizenet/Model/Directpost.php on line 1018
Hi – what about if you use the M1 authorize.net method? Is that affected at all? It is ambiguous in the Magento instructions as it is mentioned as AIM – https://support.magento.com/hc/en-us/articles/360024368392 – under Issue
Magento implements the Authorize.Net Direct Post payment method, using Authorize.Net’s AIM (Advanced Integration Method) and DPM (Direct Post method) APIs, which use MD5 based hash.
Authorize.net will stop supporting MD5 based hash usage on March 14, 2019. Starting from this date, Magento Open Source, Magento Commerce and Magento Cloud merchants will not be able to process payments using Authorize.Net Direct Post payment method. To be able to continue successfully process payments using these methods, merchants need to apply the patch provided by Magento and replace the existing MD5 hash with a Signature Key in the Magento Admin configuration settings.
Hi Duncan,
Using M1 Authorize.Net will affect your Magento and thus, you need to install this patch for your Magento 1 version.