Python package to verify and decrypt Google Pay tokens
Project description
Google Pay token decryption
A Python package to decrypt Google Pay tokens according to the Google Pay docs using the pyca/cryptography package.
System requirements
- Python 3.8+
Usage
-
Install the package using Pip:
pip install google-pay-token-decryption. -
Get latest Google root signing keys here.
-
Get your merchant ID/recipient ID from the Google Pay business console. It should be in the format "merchant:". In Google's test environment it is always "merchant:12345678901234567890".
-
Generate your merchant private and public keys by following this documentation.
-
Create a new
GooglePayTokenDecryptorobject and decrypt a token using thedecrypt_tokenmethod:
from google_pay_token_decryption import GooglePayTokenDecryptor
# Instantiate using the a list of root signing keys, your recipient ID and private key
root_signing_keys = [{
"keyValue": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/1+3HBVSbdv+j7NaArdgMyoSAM43yRydzqdg1TxodSzA96Dj4Mc1EiKroxxunavVIvdxGnJeFViTzFvzFRxyCw==",
"keyExpiration": "32506264800000",
"protocolVersion": "ECv2",
}]
recipient_id = "someRecipient"
private_key = "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgCPSuFr4iSIaQprjjchHPyDu2NXFe0vDBoTpPkYaK9dehRANCAATnaFz/vQKuO90pxsINyVNWojabHfbx9qIJ6uD7Q7ZSxmtyo/Ez3/o2kDT8g0pIdyVIYktCsq65VoQIDWSh2Bdm"
decryptor = GooglePayTokenDecryptor(root_signing_keys, recipient_id, private_key)
# Verify and decrypt a token
encrypted_token = {
"signature": "MEYCIQCbtFh9UIf1Ty3NKZ2z0ZmL0SHwR30uiRGuRXk9ghpyrwIhANiZQ0Df6noxkQ6M652PcIPkk2m1PQhqiq4UhzvPQOYf",
"intermediateSigningKey": {
"signedKey": "{\"keyValue\":\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/1+3HBVSbdv+j7NaArdgMyoSAM43yRydzqdg1TxodSzA96Dj4Mc1EiKroxxunavVIvdxGnJeFViTzFvzFRxyCw==\",\"keyExpiration\":\"1879409613939\"}",
"signatures": [
"MEQCIFBle+JsfsovRBeoFEYKWFAeBYFAhq0S+GtusiosjV4lAiAGcK9qfVpnqG6Hw8cbGBQ79beiAs6IIkBxBfeKDBR+kA=="
]
},
"protocolVersion": "ECv2",
"signedMessage": "{\"encryptedMessage\":\"PeYi+ZnJs1Gei1dSOkItdfFG8Y81FvEI7dHE0sSrSU6OPnndftV/qDbbmXHmppoyP/2lhF+XsH93qzD3u46BRnxxPtetzGT0533rIraskTj8SZ6FVYY1Opfo7FECGk57FfF8aDaCSOoyTh1k0v6wdxVwEVvWqG1T/ij+u2KWOw5G1WSB/RVicni0Az13ModYb0KMdMws1USKlWxBfKU5PtxibVx4fZ95HYQ82qgHlV4ToKaUY7YWud1iEspmFsBMk0nh4t1hVxRzsxKUjMV1915qD5yq7k5n9YPao2mR9NJgLPDktsc4uf9bszzvnqhz3T1YID43QwX16yCyn/YxNVe3dJ1+S+BGyJ+vyKXp+Zh4SlIua2NFLwnR06Es3Kvl6LlOGasoPC/tMAWYLQlGsl+vHK3mrMZjC6KbOsXg+2mrlZwL+QOt3ih2jIPe\",\"ephemeralPublicKey\":\"BD6pQKpy7yDebAX4qV0u/AfMYNQhOD+teyoa/5SsxwTGCoC1ZKHxNMb5BXvRmBcYGPNTx8+fAkEwzJ8GqbX/Q7E=\",\"tag\":\"8gFteCvCuamX1RmL7ORdHqleyBf0N55OfAs80RYGgwc=\"}"
}
decrypted_token = decryptor.decrypt_token(encrypted_token)
print(decrypted_token)
"""
{
"messageExpiration": "32506264800000",
"messageId": "AH2EjtfkY514K5lmPF4NOP9lMR5tPedsjQR719hIzI-zB1g0A-TBlYInGQuEVQeIWGlajqEpvSyrl3r_iN0RxoV9RYjxqnzG-kXmcBNkferp4NfNjVqxYrVT0e5JRzU3dQjkb0tQWOxN",
"paymentMethod": "CARD",
"paymentMethodDetails": {
"expirationYear": 2026,
"expirationMonth": 12,
"pan": "4111111111111111",
"authMethod": "PAN_ONLY"
}
}
"""
Contributing
See Contributing
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for google-pay-token-decryption-0.1.0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9ff28de40f6342095a5272189d93b6e3590716ba5e40d2bf946ec3664f9cf627 |
|
| MD5 | b713019d469cfbf561d9205cde2166e3 |
|
| BLAKE2b-256 | aaf23e87b3dc514c338e745ae484ebf23f6e41e776f0ce52333af24860a582e7 |
Close
Hashes for google_pay_token_decryption-0.1.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0a27266fbadf3df7344af8df502c88b8935fdaa21e72b8342979bd6e97c62d6a |
|
| MD5 | 089bd355072783f63427f7b7af520183 |
|
| BLAKE2b-256 | f10b09a1ddb196f33d3f254b029e33e7e241b7fc4a9bf9b0519bee391948ae40 |
