Dynamic Paypal button encryption

Question

I\'m designing a Order Site using PHP & Mysql. In the final stage the user is given Paypal buttons to pay for the Orders he has made. So, the Item Name, Value are variab

Answer 1

From your post you seem very confused about what encryption means and what to apply it to. What is the threat model? (i.e. how can it be subverted).

There is no way you should expect that paypal will always process the order you sent to the client's browser. You MUST check what Paypal did process.

You can be better assured of the integrity of the order after it leaves your site, e.g. by adding a hash of the order to the order number (and a salt!) you send to Paypal. This should allow you to verify the order without reference to the PLU/stored order (as long as the script processing the return from paypal knows the salt).