Hi,

I have generated the INI letter, sent it to the bank and bank has confirmed account is activated.
I am now trying the next step.

giving the correct details in the parameters below
e = Epics::Client.new(File.open('/tmp/my.key'), 'passphrase', 'url', 'host', 'user', 'partner')
e.HPB

but it is failing with following error at e.HPB
Nokogiri::XML::XPath::SyntaxError
Undefined namespace prefix: .//ds:Modulus

hello :)

I'm trying to connect to french Bank but when i submit keys to the bank
I got

e.INI
Epics::Error::BusinessError: EBICS_ONLY_X509_SUPPORT - With respect to certificates, the bank system only supports the evaluation of X.509 data

Any help plz and thx

Hello,
i would like to know how would one be able to make use of this client? without know ruby.

Or compiling this somehow!

Hi,

I noticed during the development of a C54 feature (basically a copy of your C53 implementation) that the multi segment responses aren't supported currently (also seen your comment in 468fa7c).

Are you already working on the support for multipart responses or do you have any plans for it?
I may also be able to contribute some code if it makes sense.

Cheers, Klaus

Hello epics community,

I ask my self, if the impementation of ebics ordertype CDZ (cdz.rb) has undergone an error. Reading the ebics compendium, the order type should provide "Payment Status Report for Direct Debit". In my understanding this means an action type client "download" from ebics bank server.
But epics client.rb

def CDZ(document) upload(Epics::CDZ, document) end

implements an upload from client to bank. Is this correct ?
If so, could someone point out, why ?

regards,
Peter

We have problems with hash verification in INI letter. I try to check official documentation and algorithm used in this library looks according to spec. But when i try algorithm on example letters in spec it doesn't match on 2/3 letters. Spec file link EBICS_Specification_2.5_final-16-05-2011.pdf. Algorithm for calculation is specified on page 55. Example letters are on pages 272,273,274.
Calculation i used to get hashes

require 'openssl'
require 'base64'

# 11.5.1.2 With version A005/A006 of the electronic signature - THIS IS OK

e = "10001"
n = "9b864d2e729e9e039478eb9641e627c6f298b9b54dacb2b899c6137c6a67a39356b0c0e2bb22d5f14a4e3eb5e0509a416ea5958f75cfa304f9ba3218bfed24ecb6065e628042f97ac1322cf3753fd592722ca283e8b5471259f64bcda64ed87f7b56dad9573279b47b6679c9f718407ecfac5c46146ab7701d47d051e781622b49d7095f47a44ca33f6704024b403d71aa5f3ea230537730710a96dd62be6cbf4027280c9fffe06d0a8c5ee075e230a449136508e5a911e37d1cff7fb931181f"
Base64.decode64(Base64.encode64(digester.digest([ e.gsub(/^0*/,''), n.gsub(/^0*/,'')].map(&:downcase).join(" "))).strip).unpack("H*").join.upcase.scan(/.{2}/).join(" ")
# resulting hash 
# => "D4 7A 24 27 5C 5F D8 0D 50 1B CF 28 C5 38 FE 1F 51 DD 24 8B 3E 5C 72 D5 CD 47 9D 82 79 0C EF 52"
# this is matching ini letter

# 11.5.2 Initialisation letter for HIA (example) - THIS IS WRONG

e = "10001"
n = "b79d3af06815ac6eabbff3a1d438a3d14dd6742ccb6d0052d50ca2b0bf22bd088ff45b3eb567b5f5aed639690141d0698bd5f6ea03f14b595684de9313d807fb2613054b04f22765da265135485064b368ca7ce7fdb01234cf3794eece7bb62d796c7973fd9a09a0678231250a42dc962c44d9f0cb13a46675eb39263030d6a011ac699a1908a540a713f861ca3e78e784531a4c27ab66628343e1b281d67083"
Base64.decode64(Base64.encode64(digester.digest([ e.gsub(/^0*/,''), n.gsub(/^0*/,'')].map(&:downcase).join(" "))).strip).unpack("H*").join.upcase.scan(/.{2}/).join(" ")
# resulting hash 
#  => "F6 EB EC 19 67 65 2F 60 7E 1D 8C A3 E0 81 A4 C4 34 E7 14 4D C3 C7 A1 03 E5 8C 1F D9 CD 5D 7D 00" 
# this doesn't match provided hash in HIA letter
# B8 3C B0 19 66 C9 9C 6E 2C A5 BA 6A 2B 56 01 92 35 2A B4 91 53 E9 0B BA 34 C1 5E B5 9F 4A 64 F7

e = "10001"
n = "c1c64130af7a7c4c370748b0bdc1fd068b560652cf2c889afb240399a4221763568dea84fe53402eb1d9ff3a8edd7af494955344a3d9b52660ecb109fed970f3d96e407477169b851f5365a3452dc6975d7f9d0b22d91b3c6fc91b7b4411c269f01bb8252ccab613530dbd4602a211e7db31ffe05d78b111c44aa707a7da6c05c7a342593f1340ecce4874b6d5934dc7a28aa12cb862bf2ac962f9952b646bd739a35a99f84b1b898c81742a5ac4a5a3ab0b03b7a282fb3ba7fd63442ae8e1620d1aea32a141e69d3b8ccb9ddee7f92f4205bf721f9ca3b08bf7e948c5395f03d76a3532280173d7308d83b62111c86b9f43600109ab2996b26c935ea036379d"
Base64.decode64(Base64.encode64(digester.digest([ e.gsub(/^0*/,''), n.gsub(/^0*/,'')].map(&:downcase).join(" "))).strip).unpack("H*").join.upcase.scan(/.{2}/).join(" ")
 # resulting hash 
# =>  "5C 01 88 FD 60 2A 27 EE 74 E3 6B 49 EB B9 45 AC FC 93 B7 D3 73 36 47 EA 55 AE 04 71 CB 01 CA 2A"
# this doesn't match provided hash in HIA letter
# 9D 2D C0 AF 55 6E D4 D9 04 00 BB 23 AF C8 1B AB 91 A3 7A 2E 97 A9 31 6D D0 01 79 5F C6 D0 CD 54

Has anybody any idea what could be wrong? Is specification examples wrong or i am missing something in algorithm part of how to calculate hashes in INI letters?

On Ubuntu 14.04 LTS, I installed epics this way: gem install --user-install epics and when I do :

require 'epics'
e = Epics::Client.setup("my-super-secret", "https://ebics.sandbox", "SIZBN001", "EBIX", "EPICS")

I get this error (user is my local username, and my_file.rb is the name of my script) :

/home/user/.gem/ruby/1.9.1/gems/epics-1.1.1/lib/epics/client.rb:59:in `setup': uninitialized constant Epics::Client::Client (NameError)
    from my_file.rb:2:in `<main>'

We've run into an odd issue while upgrading our application to ruby 3.1: CDB messages are refused by the bank with a '090004' Return code (EBICS_INVALID_ORDER_DATA_FORMAT). A CDB message with the same gem versions and same order data is accepted when issued from ruby 3.0.

Trying to debug the issue with the IT of the bank in question did not yield very precise results, unfortunately, as the server side cause of the rejection wasn't covered by their logging. The best esitmate of the bank is, that the value of the OrderData attribute cannot be decompressed due to it being invalid.

My suspicion on the other hand is, that this may have something to do with the OpenSSL versions used by ruby 3.0 (OpenSSL 1.1) and ruby 3.1 (OpenSSL 3.0).

Before I go poking things with a stick to see what squeaks, are you aware of any issues regarding ruby 3.1 that may cause OrderData to become unreadable to upstream? Or maybe some pointers where it would be sensible to start more detailed debugging? I have logs of the ebics messages in the relevant communications, in case they would help.

Hi,
faraday has released version 1.0 a few days ago. Since then a new installation of epics is not working anymore because of breaking changes in faraday.
It seems to be related to the changes of #73

Hey,
i´m new on ruby and currently I try to integrate ebics with this gem. I just followed the introduction placed in the readme and get this error: uninitialized constant Ebics::Client

any ideas?

thanks
ternes3

Hey,

we have run into a problem following the Getting started Guide.

When initially submitting the keys to our bank, we are getting the following error:

> e.INI

Nokogiri::XML::XPath::SyntaxError: ERROR: Undefined namespace prefix: //ds:DigestValue
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/nokogiri-1.8.1/lib/nokogiri/xml/searchable.rb:198:in `evaluate'
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/nokogiri-1.8.1/lib/nokogiri/xml/searchable.rb:198:in `xpath_impl'
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/nokogiri-1.8.1/lib/nokogiri/xml/searchable.rb:179:in `xpath_internal'
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/nokogiri-1.8.1/lib/nokogiri/xml/searchable.rb:154:in `xpath'
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/epics-1.5.1/lib/epics/signer.rb:30:in `digest_node'
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/epics-1.5.1/lib/epics/signer.rb:12:in `digest!'
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/epics-1.5.1/lib/epics/middleware/xmlsig.rb:10:in `call'
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/faraday-0.13.1/lib/faraday/rack_builder.rb:141:in `build_response'
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/faraday-0.13.1/lib/faraday/connection.rb:387:in `run_request'
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/faraday-0.13.1/lib/faraday/connection.rb:174:in `post'
        from /usr/local/rvm/rubies/ruby-2.3.4/lib/ruby/2.3.0/forwardable.rb:204:in `post'
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/epics-1.5.1/lib/epics/client.rb:94:in `INI'
        from (irb):16
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/railties-4.2.9/lib/rails/commands/console.rb:110:in `start'
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/railties-4.2.9/lib/rails/commands/console.rb:9:in `start'
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/railties-4.2.9/lib/rails/commands/commands_tasks.rb:68:in `console'
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/railties-4.2.9/lib/rails/commands/commands_tasks.rb:39:in `run_command!'
        from /usr/local/rvm/gems/ruby-2.3.4@global/gems/railties-4.2.9/lib/rails/commands.rb:17:in `<top (required)>'
        from bin/rails:4:in `require'
        from bin/rails:4:in `<main>'

Hi,

I was trying to transfer the sepa file but it's not working with Sparkasse Wuppertal and Sparkasse Pforzheim

I did
e = Epics::Client.new(key, secret, server, a, b, c)
e.HPB
e.CCT("sepa.xml")

Bank replied that they received an error message in their system that corrupt file is received however file is not received. The Sepa.xml is verified separately and checked by the bank to be correct.

Please suggest.

When inheriting from CCT, CCS order_type and order_attributes should be included in the Nokogiri template of CCT.

class Epics::CCS < Epics::CCT
  def order_attribute -> not used
    "DZHNN"
  end

  def order_type -> not used
    'CCS'
  end
end

CCT.rb

class Epics::CCT < Epics::GenericUploadRequest
  def header
    Nokogiri::XML::Builder.new do |xml|
      xml.header(authenticate: true) {
        xml.static {
          xml.HostID host_id
          xml.Nonce nonce
          xml.Timestamp timestamp
          xml.PartnerID partner_id
          xml.UserID user_id
          xml.Product("EPICS - a ruby ebics kernel", 'Language' => 'de')
          xml.OrderDetails {
            xml.OrderType 'CCT'
            xml.OrderAttribute 'OZHNN'
            xml.StandardOrderParams
          }
          xml.BankPubKeyDigests {
            xml.Authentication(client.bank_x.public_digest, Version: 'X002', Algorithm: "http://www.w3.org/2001/04/xmlenc#sha256")
            xml.Encryption(client.bank_e.public_digest, Version: 'E002', Algorithm: "http://www.w3.org/2001/04/xmlenc#sha256" )
          }
          xml.SecurityMedium '0000'
          xml.NumSegments 1
        }
        xml.mutable {
          xml.TransactionPhase 'Initialisation'
        }
      }
    end.doc.root
  end
end

Fix, by adding order_type and order_attribute methods in CCT like in CCS and include it in Nokogiri fields instead of hardcoding so that inheriting classes will replace them with their own in the template.

Found the answer. That X001Digest and E001Digest uses from bank for Verification hashes from client side.

It seems that @railslove removed the authors of this gem from the repository - probably by accident.
Sadly nobody @railslove takes care of the maintenance of the gem and has abandoned it.

Please at least transfer ownership of this repository to one of the gem authors.

//cc @tmschndr @stephanpavlovic @bonflintstone

Hi,

we just found your nice gem. So we tried downloading account statements using C53.

e = Epics::Client.new(key, "secret", "https://server", "a", "b", "c")
c53 = e.C53(Date.today.prev_day(2), Date.today.prev_day)
puts c53

That's the output (of course I wiped out some data):

PK?F?ఁ?
?
42015-07-24_C53_EUR_13.xml<?xml version='1.0' encoding='UTF-8' ?><Document xmlns='urn:iso:std:iso:20022:tech:xsd:camt.053.001.02'>WIPED OUT</Document>PK??F?ఁ?
?
42015-07-24_C53_EUR_13.xmlPKb

Is it an issue with our bank? Can you verify that C53 works for you?

it is missing the html/head/body tags :)

I tried to upgrade to the latest Heroku-22 Stack, which ships with OpenSSL 3 and got the following error:

OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key: unsupported
  from vendor/ruby-3.1.2/lib/ruby/3.1.0/openssl/pkey.rb:348:in `initialize'
  from vendor/ruby-3.1.2/lib/ruby/3.1.0/openssl/pkey.rb:348:in `new'
  from vendor/ruby-3.1.2/lib/ruby/3.1.0/openssl/pkey.rb:348:in `new'
  from epics (1.8.1) lib/epics/key.rb:8:in `initialize'
  from epics (1.8.1) lib/epics/client.rb:260:in `new'
  from epics (1.8.1) lib/epics/client.rb:260:in `block in extract_keys'
  from epics (1.8.1) lib/epics/client.rb:259:in `each'
  from epics (1.8.1) lib/epics/client.rb:259:in `each_with_object'
  from epics (1.8.1) lib/epics/client.rb:259:in `extract_keys'
  from epics (1.8.1) lib/epics/client.rb:12:in `initialize'

Heroku mentions this:

In addition, OpenSSL 3 drops default support for a number of legacy/insecure cryptographic algorithms. If you see TLS/SSL related failures connecting from your application to external services, it is likely that those servers are running outdated/insecure software or configurations, that will need to be fixed by the maintainers of those services.

I wonder if this is an issue with the Bank servers as it is failing with the same error on all the different ones I connect to, which tends to point to an implementation problem in epics.

Hi team,

Thanks again for this amazing gem.

Can you please specify in you documentation which version of EBICS do this library support ? (1.1, 2.4.2, 3.0 ????)

Thanks

Having followed the getting started instructions in the README, I can successfully generate keys, but then fail on calling the Epics::Client.INI method. It fails with undefined method xpath for nil:NilClass at this line.

If I roll back to the latest commit on which the tests did not break, it works.

Therefore Pull-Requests were closed and re-opened again.

https://github.com/railslove/epics/pulls

Hi,

I try to implement EBICS on PHP and got the proble,
Have you an address of demo-server for test ebics protocol? Or how do you testing requests?

We have been using epics for years to download files through C52 and C53.

For a slightly different use case we wanted to use epics now to pass in pain.001.001.03 files (generated through sepa_king) through the CCT action.

However we keep getting an invalid signature error (error code 28 at FIDUCIA/ATRUVIA).

That means we managed to successfully upload the file, so the general authentication worked.
The file could be correctly decrypted, however it lacked the corresponding signature (I suppose A006)

In the readme a few banks are listed where epics works correctly.
It does not however list which order types are executed there.
Now I am wondering whether for the cases with the banks where it worked, the order types CCT, CDD, or CDB where amongst those that are executed.

Do you happen to have any more information on that?

I would love to know whether I am just doing something wrong or whether epics actually has an issue here.

Hello again :-),
now, after the initialization process finished, I try to fetch the available methods of my bank.
But when i try to get e with e = Epics::Client.new(keys, 'passphrase', 'url', 'host', 'user', 'partner') it run into following error: OpenSSL::Cipher::CipherError

any ideas?

thanks
ternes3

Nice gem. 👍
Have you thought of supporting HBCI as well?
Could be really useful....

Hey @tobischo, now that you have the RubyGems access it would be great to see a new release. Thanks a lot!

We make writing banking applications fun and easy. so we need some happy maskot.

Hi Team,

Thank you so much for having this product developed, this was very helpful for generating the ini letter for the bank.
Now Im trying to send a HPB request and it throws below error, any idea what is this related to? The bank has already confirmed that the User is now Initialised

in `block in call': EBICS_AUTHENTICATION_FAILED - Authentication signature error (Epics::Error::TechnicalError)

Hello,

Maybe someone can help me with PHP analog of client.

Is this script

        $rsa = new \phpseclib\Crypt\RSA();
        $rsa->setPassword($password);
        $rsa->loadKey($privateKey, \phpseclib\Crypt\RSA::PRIVATE_FORMAT_PKCS1);
        $rsa->setHash('sha256');
        $rsa->setMGFHash('sha256');
        $rsa->setSignatureMode(\phpseclib\Crypt\RSA::SIGNATURE_PSS);
        $sign = $rsa->sign($data);

OpenSSL changed the API and the n= accessors are no longer available and set_key must now be used.
I guess we have to check if set_key is defined and then use that new API otherwise the old.

See:
ruby/openssl@7ea72f1#diff-915017dbfe6a2e8cd9741502cfe8f759
nov/json-jwt@aa09a07#diff-e64230ecda134ae0f937388155746d86R102

@tobischo is currently mainly maintaining this library and has done great work in pushing it forward.
He should get access to the Rubygems project to be able to release the long awaited version 2.0

After invoking INI request to the bank I try integrate with, I got 'EBICS_ONLY_X509_SUPPORT' error message. Although this is one of the standard error codes, I'm not sure what does it mean and how to fix it? I'll be more than happy for any clues about this.

I would vote to handle the case of no available statements differently. It should not raise an error, but return an empty array. We could catch the exception.

Hi guys,

I was testing your library with the great https://iso20022test.credit-suisse.com/ testing accounts.

But I have got that error on client.HPB step:

OpenSSL::PKey::PKeyError: rsa#set_key= is incompatible with OpenSSL 3.0
from /Users/frokusek/.asdf/installs/ruby/3.1.3/lib/ruby/gems/3.1.0/gems/epics-2.0.0/lib/epics/client.rb:110:in `set_key'

Is that a known issue ?

Thanks for your help 🙏

ruby -> ruby 3.1.3p185 (2022-11-24 revision 1a6b16756e) [arm64-darwin21]
openssl-> LibreSSL 2.8.3
epics -> 2.0.0

As per email request, we could think of adding numerical error codes to our exceptions. I am not sure if I am a big fan of it. But what do you guys think?

Hi railslove team,

I have an ebics key created a couple of years ago with epics. It contains an "#USER": {}, which confuses the current version of epics. Running Epics::Client.new will trigger

NoMethodError: undefined method `unpack1' for {}:Hash
/usr/lib64/ruby/2.6.0/base64.rb:74:in `strict_decode64'
/home/leonard/.gem/ruby/2.6.0/gems/epics-1.8.1/lib/epics/client.rb:280:in `decrypt'
/home/leonard/.gem/ruby/2.6.0/gems/epics-1.8.1/lib/epics/client.rb:260:in `block in extract_keys'
/home/leonard/.gem/ruby/2.6.0/gems/epics-1.8.1/lib/epics/client.rb:259:in `each'
/home/leonard/.gem/ruby/2.6.0/gems/epics-1.8.1/lib/epics/client.rb:259:in `each_with_object'
/home/leonard/.gem/ruby/2.6.0/gems/epics-1.8.1/lib/epics/client.rb:259:in `extract_keys'
/home/leonard/.gem/ruby/2.6.0/gems/epics-1.8.1/lib/epics/client.rb:12:in `initialize'

Deleting the "#USER": {}, field in the key file avoids the error.