# There are mainly two encryption rules for open API
# 1. For loan and acquiring business external APIs
- The encryption rules adopt both asymmetric encryption and symmetric encryption algorithms.
- Symmetric encryption mainly encrypts the transmission data of the interface and uses ciphertext for network transmission.
- Asymmetric encryption mainly signs important parameters during parameter transmission.
# 2. For other external interfaces and callback notification APIs with merchants
- The encryption rules only adopt asymmetric encryption algorithms.
- Only sign the parameters, and important parameters need to be signed and verified during data transmission.
# IDR Encryption and Decryption Example
# Asymmetric encryption - parameter signature and verification
class RSAUtils
{
/**
* Encryption method, encrypt the data string and return the encrypted data
*
* @param string $originString data to be encrypted
*
* @return string
*
*/
public function generateSign(string $originString, string $privateKey)
{
// $privateContent = file_get_contents($privateKey);
// $privateKey = "-----BEGIN RSA PRIVATE KEY-----\n".
// wordwrap($privateContent, 64, "\n", true).
// "\n-----END RSA PRIVATE KEY-----";
openssl_sign($originString, $sign, $privateKey, OPENSSL_ALGO_SHA1);
$sign = base64_encode($sign);
if (is_resource($privateKey)) {
openssl_free_key($privateKey);
}
return $sign;
}
/**
* Verify signature data
*
* @param string $data data to be decrypted
*
* @return bool
*
*/
public function verifySign(string $toVerify, string $publicKey, $sign = null)
{
// $publicKey = file_get_contents($publicKey);
$publicKey = openssl_get_publickey($publicKey);
$isVerify = 1 === openssl_verify($toVerify, base64_decode($sign), $publicKey, OPENSSL_ALGO_SHA1);
if (is_resource($publicKey)) {
openssl_free_key($publicKey);
}
return $isVerify;
}
}
# Symmetric encryption
class AESUtils
{
private $secretkey;
private $options;
public function __construct($secretkey)
{
$this->secretkey = $secretkey;
$this->options = OPENSSL_RAW_DATA;
}
/**
* Encryption method, encrypt data and return encrypted data
*
* @param string $data data to be encrypted
*
* @return string
*
*/
public function encrypt($data)
{
$aesValue = openssl_encrypt($data, 'AES-128-ECB', $this->secretkey, $this->options);
return base64_encode($aesValue);
}
/**
* Decryption method, decrypt the data and return the decrypted data
*
* @param string $data data to be decrypted
*
* @return string
*
*/
public function decrypt($data)
{
$data = base64_decode($data);
return openssl_decrypt($data, 'AES-128-ECB', $this->secretkey, $this->options);
}
}
# JAVA Encryption and decryption example
# Asymmetric Encryption - Parameter Signature and Signature Verification
public class SignRSAUtils {
/**
* signature algorithm
*/
public static final String SIGN_ALGORITHMS = "SHA1WithRSA";
/**
* RSA signature
*
* @param content data to be signed
* @param privateKey Merchant private key
* @param encode character set encoding
* @return signature value
*/
public static String sign(String content, String privateKey, String encode) {
try {
PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec(Base64.decode(privateKey));
KeyFactory keyf = KeyFactory.getInstance("RSA");
PrivateKey priKey = keyf.generatePrivate(priPKCS8);
java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS);
signature.initSign(priKey);
signature.update(content.getBytes(encode));
byte[] signed = signature.sign();
return Base64.encode(signed);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/**
* RSAsignature
* @param content data to be signed
* @param privateKey signing key
* @return String signature value
*/
public static String sign(String content, String privateKey) {
try {
PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec(Base64.decode(privateKey));
KeyFactory keyf = KeyFactory.getInstance("RSA");
PrivateKey priKey = keyf.generatePrivate(priPKCS8);
java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS);
signature.initSign(priKey);
signature.update(content.getBytes());
byte[] signed = signature.sign();
return Base64.encode(signed);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/**
* RSA signature check
*
* @param content data to be signed
* @param sign signature value
* @param publicKey assigned to developer public key
* @param encode character set encoding
* @return boolean value
*/
public static boolean verifySign(String content, String sign, String publicKey, String encode) {
try {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
byte[] encodedKey = Base64.decode(publicKey);
PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));
java.security.Signature signature = java.security.Signature
.getInstance(SIGN_ALGORITHMS);
signature.initVerify(pubKey);
signature.update(content.getBytes(encode));
boolean bverify = signature.verify(Base64.decode(sign));
return bverify;
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
/**
* RSA signature check
*
* @param content data to be signed
* @param sign signature value
* @param publicKey assigned to developer public key
* @return Boolean value
*/
public static boolean verifySign(String content, String sign, String publicKey) {
try {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
byte[] encodedKey = Base64.decode(publicKey);
PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));
java.security.Signature signature = java.security.Signature
.getInstance(SIGN_ALGORITHMS);
signature.initVerify(pubKey);
signature.update(content.getBytes());
boolean bverify = signature.verify(Base64.decode(sign));
return bverify;
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
}
# Symmetric encryption
public class CryptAESUtils {
/**
* encryption algorithm
*/
private static final String AES_TYPE = "AES";
/**
* AES - symmetric encryption
*
* @param secret key
* @param content encrypted content
* @return String encrypted secret
*/
public static String AESEncrypt(String secret, String content) {
byte[] encrypt = null;
try {
Key key = generateKey(secret);
Cipher cipher = Cipher.getInstance(AES_TYPE);
cipher.init(Cipher.ENCRYPT_MODE, key);
encrypt = cipher.doFinal(content.getBytes());
} catch (Exception e) {
e.printStackTrace();
return null;
}
return new String(Base64.encodeBase64(encrypt));
}
/**
* AES - symmetric decryption
*
* @param secret
* @param encryptData
* @return String Decipher the ciphertext
*/
public static String AESDecrypt(String secret, String encryptData) {
byte[] decrypt = null;
try {
Key key = generateKey(secret);
Cipher cipher = Cipher.getInstance(AES_TYPE);
cipher.init(Cipher.DECRYPT_MODE, key);
decrypt = cipher.doFinal(Base64.decodeBase64(encryptData));
} catch (Exception e) {
e.printStackTrace();
return null;
}
return new String(decrypt).trim();
}
/**
* AES - get key
*
* @param key
* @return
* @throws Exception
*/
private static Key generateKey(String key) throws Exception {
try {
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), AES_TYPE);
return keySpec;
} catch (Exception e) {
e.printStackTrace();
throw e;
}
}
}