# 针对开放Api加密规则主要分为俩种
# 1. 针对放款和收单业务对外API
- 加密规则采用非对称加密和对称加密俩种算法
- 对称加密主要针对于接口传输数据进行加密,使用秘文进行网络传输
- 非对称加密主要针对于参数签名,在传输数据种需要对重要参数进行签名
# 2. 针对其余对外接口和与商户的回调通知API
- 加密规则只采用非对称加密算法
- 只针对于参数进行签名,在传输数据种需要对重要参数进行签名和验签
# IDR 加解密示例
# 非对称加密 - 参数签名和验签
class RSAUtils
{
/**
* 加密方法,对数据字符串进行加密,返回加密后的数据
*
* @param string $originString 要加密的数据
*
* @return string
*
*/
public function generateSign(string $originString, string $privateKey)
{
// $privateContent = file_get_contents($privateKey);
// $privateKey = "-----BEGIN RSA PRIVATE KEY-----\n".
// wordwrap($privateContent, 64, "\n", true).
// "\n-----END RSA PRIVATE KEY-----";
openssl_sign($originString, $sign, $privateKey, OPENSSL_ALGO_SHA1);
$sign = base64_encode($sign);
if (is_resource($privateKey)) {
openssl_free_key($privateKey);
}
return $sign;
}
/**
* 对签名数据进行验签
*
* @param string $data 要解密的数据
*
* @return bool
*
*/
public function verifySign(string $toVerify, string $publicKey, $sign = null)
{
// $publicKey = file_get_contents($publicKey);
$publicKey = openssl_get_publickey($publicKey);
$isVerify = 1 === openssl_verify($toVerify, base64_decode($sign), $publicKey, OPENSSL_ALGO_SHA1);
if (is_resource($publicKey)) {
openssl_free_key($publicKey);
}
return $isVerify;
}
}
# 对称加密
class AESUtils
{
private $secretkey;
private $options;
public function __construct($secretkey)
{
$this->secretkey = $secretkey;
$this->options = OPENSSL_RAW_DATA;
}
/**
* 加密方法,对数据进行加密,返回加密后的数据
*
* @param string $data 要加密的数据
*
* @return string
*
*/
public function encrypt($data)
{
$aesValue = openssl_encrypt($data, 'AES-128-ECB', $this->secretkey, $this->options);
return base64_encode($aesValue);
}
/**
* 解密方法,对数据进行解密,返回解密后的数据
*
* @param string $data 要解密的数据
*
* @return string
*
*/
public function decrypt($data)
{
$data = base64_decode($data);
return openssl_decrypt($data, 'AES-128-ECB', $this->secretkey, $this->options);
}
}
# JAVA 加解密示例
# 非对称加密 - 参数签名和验签
public class SignRSAUtils {
/**
* 签名算法
*/
public static final String SIGN_ALGORITHMS = "SHA1WithRSA";
/**
* RSA签名
*
* @param content 待签名数据
* @param privateKey 商户私钥
* @param encode 字符集编码
* @return 签名值
*/
public static String sign(String content, String privateKey, String encode) {
try {
PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec(Base64.decode(privateKey));
KeyFactory keyf = KeyFactory.getInstance("RSA");
PrivateKey priKey = keyf.generatePrivate(priPKCS8);
java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS);
signature.initSign(priKey);
signature.update(content.getBytes(encode));
byte[] signed = signature.sign();
return Base64.encode(signed);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/**
* RSA签名
* @param content 待签名数据
* @param privateKey 签名密钥
* @return String 签名值
*/
public static String sign(String content, String privateKey) {
try {
PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec(Base64.decode(privateKey));
KeyFactory keyf = KeyFactory.getInstance("RSA");
PrivateKey priKey = keyf.generatePrivate(priPKCS8);
java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS);
signature.initSign(priKey);
signature.update(content.getBytes());
byte[] signed = signature.sign();
return Base64.encode(signed);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/**
* RSA验签名检查
*
* @param content 待签名数据
* @param sign 签名值
* @param publicKey 分配给开发商公钥
* @param encode 字符集编码
* @return 布尔值
*/
public static boolean verifySign(String content, String sign, String publicKey, String encode) {
try {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
byte[] encodedKey = Base64.decode(publicKey);
PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));
java.security.Signature signature = java.security.Signature
.getInstance(SIGN_ALGORITHMS);
signature.initVerify(pubKey);
signature.update(content.getBytes(encode));
boolean bverify = signature.verify(Base64.decode(sign));
return bverify;
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
/**
* RSA验签名检查
*
* @param content 待签名数据
* @param sign 签名值
* @param publicKey 分配给开发商公钥
* @return 布尔值
*/
public static boolean verifySign(String content, String sign, String publicKey) {
try {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
byte[] encodedKey = Base64.decode(publicKey);
PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));
java.security.Signature signature = java.security.Signature
.getInstance(SIGN_ALGORITHMS);
signature.initVerify(pubKey);
signature.update(content.getBytes());
boolean bverify = signature.verify(Base64.decode(sign));
return bverify;
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
}
# 对称加密
public class CryptAESUtils {
/**
* 加密算法
*/
private static final String AES_TYPE = "AES";
/**
* AES - 对称加密
*
* @param secret 密钥
* @param content 加密内容
* @return String 加密秘文
*/
public static String AESEncrypt(String secret, String content) {
byte[] encrypt = null;
try {
Key key = generateKey(secret);
Cipher cipher = Cipher.getInstance(AES_TYPE);
cipher.init(Cipher.ENCRYPT_MODE, key);
encrypt = cipher.doFinal(content.getBytes());
} catch (Exception e) {
e.printStackTrace();
return null;
}
return new String(Base64.encodeBase64(encrypt));
}
/**
* AES - 对称解密
*
* @param secret
* @param encryptData
* @return String 解密秘文
*/
public static String AESDecrypt(String secret, String encryptData) {
byte[] decrypt = null;
try {
Key key = generateKey(secret);
Cipher cipher = Cipher.getInstance(AES_TYPE);
cipher.init(Cipher.DECRYPT_MODE, key);
decrypt = cipher.doFinal(Base64.decodeBase64(encryptData));
} catch (Exception e) {
e.printStackTrace();
return null;
}
return new String(decrypt).trim();
}
/**
* AES - 获取密钥
*
* @param key
* @return
* @throws Exception
*/
private static Key generateKey(String key) throws Exception {
try {
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), AES_TYPE);
return keySpec;
} catch (Exception e) {
e.printStackTrace();
throw e;
}
}
}