I am currently trying to add the PayPal buy-now functionality to my custom created third-party shopping cart. Normally, these buttons only contain information about the specific items being bought which is inputted manually through the PayPal website for security reasons, however i also have the option of dynamically creating the information using PHP to inject the code - This is all fine but since the button was not created on the PayPal website it does not come with the standard encryption that protects it from tampering.
On the PayPal dev. website they outline the method of encryption which includes using OpenSSL to create the Private Key, Public Certificate, and as a way to encrypting the PayPal button code. Creating the keys and certificates sounds all fine but when it comes time to encrypt the button code itself, PayPal asks me to manually input a command into the downloaded OpenSSL program to have the encrypted code be outputted - This however is impossible for my shopping cart because of the fact that shopping cart contents are dynamic and change all the time thus i need to have a freshly encrypted button every time someone access' the shopping cart page.
QUESTION: So i was wondering if i could use a PHP function such as openssl_encrypt() to handle the encryption process instead of relying on manual operations. Is this possible? Is this even Safe?
Note: The downloaded OpenSSL software is located on my web-server along with the necessary keys
PS: This is my first time dealing with any sort of encryption or OpenSSL
Any ideas?
