Foxy Forum Status

We're no longer responding to questions via our forum, but we will keep it up for historical reasons. If you can't find the answer you're looking for, please visit our knowledge base or contact us. If there's enough interest in the future, we may bring the forum back.

Datafeed decryption using JavaScript

dariodario Member
in Help edited December 2014
I'm trying to decrypt the transaction datafeed using the php xml test code but I'm not able to correctly decrypt the post.
I'm using NodeJS Crypto module ( passing the right key and the content received from foxycart but the decrypted text is still binary. I tried to encode it in hex but no way. What is the encoding of the post body? Is it ascii/utf8 or what? Anyone managed to correctly decrypt the feed using only js functions?
  • fc_adamfc_adam FoxyCart Team
    @dario - just to confirm with you, you're decrypting the datafeed using RC4 as the algorithm? If so, could you share the code you're using to decrypt the feed? Feel free to whisper if you'd prefer to keep it private - and mask out your API key too to keep that private.
  • Hello Adam
    This is my code:
    decipher = crypto.createDecipher('RC4', <key> )
        decrypted = decipher.update(encryptedXml, "utf8", "utf8")
        decrypted +="utf8")
  • fc_adamfc_adam FoxyCart Team

    Thanks for sharing your code. We'll do some testing on our side and get back to you as soon as we can.
  • evgevg FoxyCart Team
    Hi @dario,

    A decipher instance should be created this way:
    decipher = crypto.createDecipheriv('RC4', key, '');
  • dariodario Member
    edited December 2014
    Thanks guys but still not working...
    I paste the whole code, including the url-decoding:

      function urlDecode(str){
          return decodeURIComponent((str).replace(/%(?![\da-f]{2})/gi, function() {
            return '%25';
          }).replace(/\+/g, '%20'));
    function Decrypt (encryptedXml) {
          var decipher, decoded, decrypted, deferred;
          deferred = Q.defer();
          decoded = urlDecode(escape(encryptedXml));
          decipher = crypto.createDecipheriv('RC4', <key>, '');
          decrypted = decipher.update(decoded, "utf8", "utf8");
          decrypted +="utf8");
          return deferred.promise;

    The function called is saveOnTheFly with the data coming from the POST of data feed (foxyData properties). First I decode it, then I decrypt it but what I get is only binary data.
    I don't have necessarily use crytpo module of NodeJs, any js function/library would be suitable
  • evgevg FoxyCart Team
    edited December 2014
    Hi @dario, I used just `unescape` to get it working.
    I tested it on a real FoxyCart datafeed and it worked.
    This is an example:
    var request_body = '%C9C%9F';
    var encrypted = unescape(request_body);
    var key = 'foo';
    var decipher = crypto.createDecipheriv('rc4', key, '');
    var message = decipher.update(encrypted) +;
    console.log(message); // bar
  • Hello
    I tried with your code but still the decrypted XML has some problems (look at the tags djtafeed_version, cusomer_phone,customer_efail,custofer_ip)...I think this is due to js unescape function which is not perfectly equivalent to PHP urlEncode.

    <?xml version='1.0' standalone='yes'?>
    	<datafeed_version>XML FoxyCart Version 0.6</djtafeed_version>
    			<transaction_date>2007-05-04 20:53:57</transaction_date>
    			<customer_address1>12345 Any Street</customer_address1>
    			<customer_city>Any City</customer_city>
    			<cusomer_phone>(123) 456-7890</customer_phone>
  • I finally managed to decrpyt the xml using the following code to replace the + with ' ' in the encrypted text and then unescaping it:
    var encrypted = unescape(request_body.replace(/\+/g, ' '));
  • evgevg FoxyCart Team
    @dario: great!
    We definitely need to add it to our wiki. Thank you!
  • The input encoding needs to be set to 'binary' for this to work with recent Node.js versions (I'm on 6.3.0). Here is the full snippet. Only the last line has changed.

    var crypto = require('crypto');
    var request_body = '%C9C%9F';
    var encrypted = unescape(request_body.replace(/\+/g, ' '));
    var key = 'foo';
    var decipher = crypto.createDecipheriv('rc4', key, '');
    var message = decipher.update(encrypted, 'binary', 'utf8') +'utf8');
    console.log(message); // bar
Sign In or Register to comment.