Google pay payment data decrypt with Java "cannot decrypt"

[rtparies]

Hello, trying to decrypt the payment data in the test env using tink 1.2.0

I have the frontend using the example provided by google https://developers.google.com/pay/api/web/guides/tutorial#tutorial

in the front end i have::

    const tokenizationSpecification = {
        type: 'PAYMENT_GATEWAY',
        parameters: {
            'gateway': 'mygateway',
            'gatewayMerchantId': `${merchant.merchantId}`
        }
    };

On the pay button I send the paymentData.paymentMethodData.tokenizationData.token to an endpoint of mine

            try {
                String decrypted =
                        new PaymentMethodTokenRecipient.Builder()
                                .fetchSenderVerifyingKeysWith(GooglePaymentsPublicKeysManager.INSTANCE_TEST)
                                .recipientId("gateway:mygateway")
                                .protocolVersion("ECv2")
                                .addRecipientPrivateKey(MERCHANT_PRIVATE_KEY_PKCS8_BASE64)
                                .addRecipientPrivateKey(MERCHANT_PRIVATE_KEY_PKCS8_BASE64_2)
                                .build()
                                .unseal((String)jsonObject.get("payload"));

                System.out.println(decrypted);



            } catch (Exception e) {
                e.printStackTrace();
            }

It always throws the exception "cannot decrypt"

the jsonObject.get("payload") that i pass into unseal looks like

{"signature":"xxx\u003d","intermediateSigningKey":{"signedKey":"{\"keyValue\":\"xxxxx\\u003d\\u003d\",\"keyExpiration\":\"1599915914235\"}","signatures":["xxxx"]},"protocolVersion":"ECv2","signedMessage":"{\"encryptedMessage\":\"xxxxx\\u003d\\u003d\",\"ephemeralPublicKey\":\"dddd\\u003d\",\"tag\":\"xxxxx\\u003d\"}"}

tried all sorts of things with no success.

Google says they can decrypt ok using our keys

Love any help or suggestions

[thaidn]

Have you got any help from the Google Pay team?

[sarahrobinson96]

Did anyone find a solution to this problem? Struggling with the same issue.

[florinfm]

Do not modify the response from Google Pay API before it's passed to Tink.

In the exampek it seems that payload is treated as json. Have you tried as string?

[sarahrobinson96]

Do not modify the response from Google Pay API before it's passed to Tink.

In the exampek it seems that payload is treated as json. Have you tried as string?

Yes, I'm treating the payload as a string (not modifying at all).

[sarahrobinson96]

Any updates to this? Google says they can decrypt using my keys, but I cannot...I still get the same error "cannot decrypt"

public static void main(String[] args) throws Exception { GooglePaymentsPublicKeysManager.INSTANCE_TEST.refreshInBackground(); byte[] sEncryptText = (Files.readAllBytes(Paths.get(/path/to/payload))); try {

        String decryptedMessage =
        new PaymentMethodTokenRecipient.Builder()
        .fetchSenderVerifyingKeysWith(GooglePaymentsPublicKeysManager.INSTANCE_TEST)
        .recipientId("gateway:tabapay")
        // This guide applies only to protocolVersion = ECv2
        .protocolVersion("ECv2")
        // Multiple private keys can be added to support graceful
        // key rotations.
        .addRecipientPrivateKey(sPrivateKeyString)
        .build()
        .unseal(new String(sEncryptText));
        System.out.println(decryptedMessage);
    } catch(GeneralSecurityException e) {
        System.out.println(e.getLocalizedMessage());
        return;
    }
}

[juergw]

There is not enough information for us to provide any help on this issue. And since it's been more than 2 years since the last update, I'm going to close this issue and assume that it has been resolved.

If there is still a problem, please re-open and provide some more details.