DIBS payment provider supports SHA-256
In CommercePaymentGateways source code version 12.15.1 , we made changes in DIBS payment gateway.
In previous versions, DIBS payment uses MD5 keys to secure the communication between the Commerce website and the DIBS server. However, it's less secure.
DIBS also support sha-256 encryption, using HMAC key. From version 12.15.1, our DIBS payment gateway uses HMAC key for encryption. The entire payment request is encrypted and verified at DIBS server. In case the payment data (for example the total amount, or currency) doesn't match the encrypted value, then the transaction is rejected.
The new API supports almost payment functions, comparing to the old API. Except the methods for split auth and split capture. And the merchant account need to contact DIBS support to enable the HMAC key. But overall, it's good and ensure the safety of transactions.
In case you still want the old API (with MD5 keys), then simply get the old package of CommercePaymentGateways. Then follow the DIBS installation guide here. We updated the steps for both old and new versions.
Hope this helps.