How to use sample code to access encryption and decryption, refer to this document and use the sample code, the access of encryption and decryption will be very simple. For further details, please check the technical solution. WeChat public platform provides sample codes in 5 languages: C++, PHP, Java, Python and C#. The class name and interface name of each language are the same. The following takes C++ as an example: Function Description Constructor
Decryption function
Encryption Function
How to use In safe mode or compatible mode, two new parameters encrypt_type and msg_signature will be added to the URL. encrypt_type indicates the encryption type, and msg_signature indicates the signature of the message body. If there is no encrypt_type parameter on the URL or its value is raw, it means no encryption; when encrypt_type is aes, it means aes encryption (currently there are only two values, raw and aes). Public account developers use this parameter to determine whether the messages sent by the WeChat public platform are encrypted. The encryption and decryption methods in compatible mode and secure mode are exactly the same. The XML message body in compatible mode has several more plaintext fields than that in secure mode. For details, please refer to the "Detailed Technical Solution for Message Encryption and Decryption". Instantiating an object Use the constructor to instantiate an object and pass in the public account's token, appid, and EncodingAESKey. Decryption In security mode or compatible mode, the official account receives the following encrypted message body (“…” indicates the plaintext field in compatible mode):
Call the DecryptMsg interface and pass in the parameters received on the URL: msg_signature (note: not signature, but msg_signature), timestamp, nonce and the received encrypt_msg. If the call is successful, sMsg is the output result, and its content is the following plain text xml message body:
#p# Public account processing message Generate the XML message body that needs to be replied to the WeChat public platform. Assume that the reply contains the following content:
Packet encryption Call the EncryptMsg interface and pass in the res_msg, timestamp, and nonce that need to be replied to the WeChat public platform. If the encryption is successful, sEncryptMsg is the ciphertext message body, and the content is as follows:
Precautions The length of EncodingAESKey is fixed to 43 characters, selected from az, AZ, 0-9, a total of 62 characters. The public account can be modified in the server configuration of the developer center of the public platform For security reasons, the public platform website provides the function of modifying the EncodingAESKey (modify when the EncodingAESKey may be leaked), so it is recommended that the public account save the current and last EncodingAESKey. If the current EncodingAESKey fails to decrypt, try to use the last EncodingAESKey to decrypt. When replying, the key that successfully decrypts is used to encrypt the corresponding reply. In compatible mode, the message body contains both plain text and cipher text. The message body will increase to about 3 times the previous size. Developers should check the system to prevent reception errors caused by longer messages and increased URL parameters. If there is no encrypt_type parameter on the URL or its value is raw, then the reply is in plain text, otherwise it is in cipher text. During the compatible mode, the public account can reply in plain text or cipher text (do not reply in both types) Function error return code #p#Download sample codeWeChat public platform provides developers with sample codes in 5 languages (including C++, PHP, Java, Python and C# versions) Click to download../static/assets/a5a22f38cb60228cb32ab61d9e4c414b.zip WeChat public platform interface debugging toolClick to enter http://mp.weixin.qq.com/debug Technical Solution 1. The length of EncodingAESKey is fixed at 43 characters, selected from az, AZ, 0-9, a total of 62 characters. The public account can be modified in the server configuration of the developer center of the public platform; 2. AES key: AESKey = Base64_Decode (EncodingAESKey + "="), the end of EncodingAESKey is padded with a character "=", and Base64_Decode is used to generate a 32-byte AESKey; 3. AES uses CBC mode, the key length is 32 bytes, and the data is padded with PKCS#7; PKCS#7: K is the number of key bytes (32), buf is the content to be encrypted, and N is the number of bytes. Buf needs to be padded to an integer multiple of K. (KN%K) bytes are padded at the end of buf, and the content of each byte is (K- N%K); For details, see: http://tools.ietf.org/html/rfc2315 5. For security reasons, the public platform website provides the function of modifying EncodingAESKey (modify when EncodingAESKey may be leaked), so it is recommended that the public account save the current and previous EncodingAESKey. If the AESKey generated by the current EncodingAESKey fails to decrypt, try to use the previous AESKey to decrypt. When replying, the AESKey that successfully decrypts is used to encrypt the corresponding reply; 6. In compatible mode, the message body contains both plain text and cipher text, and the message body will increase to about 3 times as much as before. Developers should check the system to prevent reception errors caused by longer messages and increased URL parameters. 7. The WeChat team provides sample codes in multiple languages (including PHP, Java, C++, Python, and C#). Please use the sample codes as much as possible. (../static/assets/a5a22f38cb60228cb32ab61d9e4c414b.zip) The following takes ordinary text messages as an example to explain in detail the method and process of encrypting and decrypting the message body on the public platform. The encryption and decryption of other ordinary messages and event messages can be deduced in the same way. Public accounts receive user messages Message body encryption The existing message is in plain text and has the following format:
During compatible mode, both plaintext and ciphertext are preserved, and the message format is as follows:
In secure mode, the message body contains only ciphertext in the following format:
The AES-encrypted buf consists of a 16-byte random string, a 4-byte msg_len (network byte order), msg, and $AppId, where msg_len is the length of msg and $AppId is the AppId of the public account. AESKey = Base64_Decode(EncodingAESKey + "="), 32 bytes Add the parameter encrypt_type to the URL. When the value of encrypt_type is raw, it means no encryption. When the value of encrypt_type is aes, it means aes encryption (currently there are only two values, raw and aes). No encrypt_type parameter also means no encryption Message body signature In order to verify the legitimacy of the message body, the public platform adds a message body signature, which developers can use to verify the authenticity of the message body and decrypt the verified message body. Add parameter to the url: msg_signature msg_signature=sha1(sort(Token, timestamp, nonce, msg_encrypt)) Message body verification and decryption The developer first verifies the correctness of the message body signature, and then decrypts the message body after the verification is passed. Verification 1. The developer calculates the signature, dev_msg_signature=sha1(sort(Token, timestamp, nonce, msg_encrypt)) 2. Compare dev_msg_signature and msg_signature on the URL to see if they are equal. If they are equal, verification is successful. The decryption method is as follows:
The public account replies to the user If there is no encrypt_type in the URL or its value is raw, then the reply is in plain text, otherwise it is encrypted according to the above encryption algorithm. During the compatible mode, the public account can reply in plain text or cipher text (do not reply in both types) Signature and encryption of reply message body Existing message formats:
Encrypted message format:
Among them, msg_encrypt=Base64_Encode(AES_Encrypt [random(16B)+ msg_len(4B) + msg + $AppId]) random(16B) is a 16-byte random string; msg_len is the length of msg, which occupies 4 bytes (network byte order); $AppId is the AppId of the public account AESKey = Base64_Decode(EncodingAESKey + "="), 32 bytes msg_signature=sha1(sort(Token, timestamp, nonce, msg_encrypt)) Timestamp and nonce can be filled back with the value in the request or regenerated |
<<: Overview of the public platform message body signature and encryption and decryption solution
>>: Message signing and encryption/decryption - Developer Q&A
Everyone who has attended junior high school know...
Nowadays, more and more companies and projects ar...
In recent times, the skyrocketing prices of a num...
Guiyang, December 20 (Xinhua) -- The 2021 FAST Op...
At present, 5G is penetrating and changing human ...
Beijing time, August 30 morning news, according t...
Fame brings gossip. As a hot-selling entrepreneur...
How much does it cost to be an agent for a paper ...
At 1:00 a.m. Beijing time on May 19 (10:00 a.m. l...
Whether at home, in the elevator, on the subway, ...
When we do website optimization, we must combine ...
Share outline: 1. ASO optimization 2. How to do b...
March 27 to April 2, 2023 is the 7th China Anesth...
How to choose a suitable headset for the new smar...
[[423112]] September 10 news: Thanks to IT Home n...