I am trying to connect my system to a banks payment system. The problem is, their documentation was mostly not correct, if it wasn’t a complete disaster.

In the documentation of 3D secure system, the bank asks me to fill out a html form and submit it to their system. The form should include some data AND a SHA1 hash of the data with the data. I tried many times but the bank’s system returned “Hash not correct” error all the time.

After some inspection on their example C# code, I found a function they used to get hash results. The problem is function was doing some other stuff to the data rather than just hashing them. And bigger problem is I cannot find out what this piece of code is doing to the string that hashed.

public static string CreateHash(string notHashedStr)
    {
        SHA1 sha1 = new SHA1CryptoServiceProvider();
        byte[] notHashedBytes = System.Text.Encoding.ASCII.GetBytes(notHashedStr);
        byte[] hashedByte = sha1.ComputeHash(notHashedBytes);
        string hashedStr = System.Convert.ToBase64String(hashedByte);

        return hashedStr;
    }

I have nearly no experience on .Net framework and also I am on a mac, so I cannot test the code easily, and MSDN is definitely not for me(I am a Ruby developer most of the time, and I know enough C). If anyone can explain what these functions do to the string to be hashed, i’ll be very glad.