Payment Error: "Specified key is a known weak key for 'TripleDES' and cannot be used."

Hello again.
I was testing the cart payment system and when I put in an actual credit card to make an actual purchase
I got the subj. error: "Specified key is a known weak key for 'TripleDES' and cannot be used. "
What does that mean and what do I do?

Thanks,
- Ilya

Please take a look at this : https://www.nopcommerce.com/boards/topic.aspx?topicid=1463

Hope it helps

Mike,
Thanks. I did see that thread before posting my question, but I'm not sure what the upshot of all of that is.
Are there step by step directions of how to avoid the problem or is the problem endemic for nopCommerce?
We need to accept credit cards. Not manually.  Does nopCommerce not offer that option with our PayPal Web
Payment Pro processing?  

/soap box mode on/

I am sorry if I am obtuse, but geez, somebody @ nop has got to realize that if they
want wide distribution of the product, it's got to be usable by a wide audience.  And that means not having to
alter raw code for simple customization AND having simple to follow instructions for BASIC stuff.  
Accepting credit cards is as basic as it gets for an eCart, or am I wrong?  I've been sitting here for the last
several days pulling out whatever gray hair I have left trying to figure nop out.  HELP!

/soap box mode off/
- ilya

ok tell me exactly what payment method you're looking for

If Credit card ? Then you wanna go for "Manual Processing" ?

What credit card method you're using right now  (that lead to that error message)?

In Manual Processing you can have 3 options:
Pending (Safest option to avoid fraud credit cards)
Authorized
Authorized and Captured (Paid)


You can use paypal :

Paypal Standard
Paypal Express
Paypal Direct

Mike,
Thanks again for your lightening-fast responses.
I am using non-manual credit card processing.  In fact I have all the "credit card" options in 1.5 ver shut off as
they all appear to be manual.  

I am using 1. PayPal Express and 2. PayPal Direct.  I have PayPal Standard disabled as per nop instructions.
When I check out, having entered address info, credit card number info, etc. I get the subject message as I click the "confirm" button.

I hope that clears up the chain of events. Thanks again.
Eagerly waiting for the verdict :),
- Ilya

Ok first let me explain you few things about paypal method:

Seems like you want to use Paypal Express checkout method

as it is mentioned in the instructions (in paypal Express) that :

If you select Paypal Express, do not select Paypal Standard
If you select Paypal Express, you should enable Paypal Direct too

BUT for now don't go with instructions,

just active the PAYPAL EXPRESS and DE-ACTIVE paypal direct ( you don't need direct, trust me)

don't worry about express it will work you dont need direct along with express

Just to remind you (You need Business account in order to use paypal, you have business account ?)

talking about real payment, if you're in testing phase, i don't recommend you to use actual paypal account to avoid unnecessary payments . In order to test paypal express, open a sandbox account, it is for developers

(Let me know if you need any help with paypal setup)
------------------------------

Now let's talk about credit card

what exactly you mean by all credit cards have manual processing ? what do you want in credit card payment ? when customer will enter his/her credit card details, you want to get the payment instantly ? or what ?

abcd_12345 wrote:

Yeah, Mike, I'm with you so far. I have done exactly that when I get the error message.

abcd_12345 wrote:
OK, I just tried this after reading your post. The VISA option disappeared altogether from the payment options as I tried to check out.  I was forced into PayPal or cash/bank check.  That's not quite satisfactory as I would like to see VISA/MC/AMEX logos all displayed during the checkout phase.  In fact, I'd prefer them plastered all over the site as they are in all the model sites, but that's another issue.

abcd_12345 wrote:
I do have a business paypal account; it's have been approved for WebsitePaymentPro.  I've been working to configure it tonight with the API credentials, etc.  

abcd_12345 wrote:
Yeah, Mike, I should've tested everything in the Sandbox first. I had tried that Sandbox in the past with another, earlier version of my website, and wrongly decided to take a shortcut this time and test buy an item.  Turns out, PayPal rebels when the buyer and the seller are using the same account. Kinda like calling yourself on the same phone, I guess.  However, before you "took away" my CC option with disabling the direct PayPal option, that was not the issue.

Does that clear things up on what I'm doing and why?

abcd_12345 wrote:

What I meant was that in nopCommerce 1.5 when you select "Payment" and go to the Manage Credit Cards option, you see a choice of the 4 types of cards: VISA, MC, APEX and Discover, right? But under the configuration details, it offers none.  It allows for manual entering/processing of the customer info once they punch it in.  By automatic processing I want PayPal (or another web banker) option of removing me from the payment process chain. I want the customer to enter the information, the information to be cleared by an ACH, for me to be notified that a payment has been made and will clear within x hours.  That's instantly enough and that's what I want.  I think that's how 99% of the eCommerce sites operate.

Thanks again, Mike.
- Ilya

ilya wrote:

ok ilya, sorry but seems like you're confused with the payment methods, take it easy don't get confused, i am right here to help you, if you have any questions, just ask me.

you said after you un-checked the PayPal Direct, VISA option disappeared ? But VISA is not at all related with paypal, paypal is different payment method that is connected with your bank account, VISA payment means credit card payment which is completely different from paypal.


ilya wrote:

I have never tried it (i only tested business account) but You can try WebsitePaymentPro account in place of business account in paypal express, but as paypal won't allow you to use same account for buyer and same account for seller or business owner. You have to have a buyer's account and you have to have some money in it and i don't think you would like to transfer real money just for testing, and it takes time when you open paypal account it requires verifications etc, it's better if you sandbox trust me then you can test your website unlimited times for make sure everything is working which you can;t do with real money. Open sandbox account, create demo buyer account and business account, use API credentials of sandbox and test paypal express

ilya wrote:

Well you won't see anything in  the configuration credit card option because that's not how it works and that now how an e-commerce website works,

For a normal e-commerce website you gotta have payment options like paypal (for secure checkout) and payment by credit cards like AMEX/VISA/MASTER CARD etc (for those who doesn't have paypal accounts- everybody cannot have paypal account),

ok let's do one thing:

Go to  Admin section > Configuration > Payment > Payment Methods

FOR NOW make sure only 2 options are checked or active

Manual Processing  Credit Card  ACTIVE    Edit   (Click on EDIT and in the configuration select "Pending")
PayPal Express  PayPal Express  ACTIVE    Edit  (Click Edit and in configuration add sandbox APT Credentials)

let's make rest of the options IN-ACTIVE ok

save it and try to check out, and for testing credit card, DONT USE ACTUAL CREDIT CARD, you can find testing credit card numbers free online, just google for it

(Reason i asked you to select "Pending": you gotta understand the fact that e-commerce website is a business website not a credit card machine that get's you money in your account in an instance by using credit card. For security reasons it's always good to go for "Pending" options as it lets you make the order as paid or cancel. Lets says you are authorizing credit cards online , and later on while transfering money to your account from the given credit card number you found out that it was a fraud credit card ? well the order was already completed due to authorized payment so you can't do anything about it. By selecting payment whenever you receive any order, you can go to admin section and first use the provided credit card details once you get the money approve the order, if for any reason credit card is not working , just cancel the order)

abcd_12345 wrote:

Mike, I am going to go into italics to make it a bit easier to follow.  When I unchecked PayPal Direct, Credit Card payment option disappeared. I have a feeling that's because one of the attributes of the PPDirect is "Credit Card". In fact, if you go into Edit Payment Method under System Info for name = PPDirect, Visible Name = "Credit Card".  So, it appears that nopCommerce considers PPDirect as a VISA/AMEX/etc. kind of payment. I am assuming that's the method/name that allows PayPal to process credit cards, but I may be wrong there.  However, that's not really important, imho.  The point is, PayPal Direct apparently is a way for nopCommerce to accept credit cards.

ilya wrote:

abcd_12345 wrote:

afair, that is exactly what I am doing, save for the sandbox. I have a couple of sandbox acc's opened; I will have to look them up and play with that tomorrow.  

ilya wrote:

abcd_12345 wrote:
I think we are on the same wavelength here, Mike. I will say that where we probably do differ is my opinion that having a decision fork at Payments that splits into "Manage Credit Cards" and "Manage Payment Methods" is a bit misleading logically. On its face it appears to separate CC's from other e-money processing options. In fact, what it actually does, is separate MANUAL credit card processing by the nopCommerce store owner from the more automated ways found in the "Payment Methods".  Although, Payment Methods does offer COD and check payment, vast majority of them are geared towards various ACH's relevant for their appropriate regions of the globe.  That's my reading of the options. Do you agree?

abcd_12345 wrote:

I will get back to you on that, prob. tomorrow some time.
Thanks again,
- Ilya

Mike,
Implemented your last suggestion and tried the checkout with only those two options enabled.  Still get the same error in red: "Specified key is a known weak key for 'TripleDES' and cannot be used." when I click the "Confirm" button.

- Ilya