解密流程
返回解密流程说明
返回数据和请求数据是相同的格式,按照请求流程的逆推进行解密以及验签。为了数据安全,首信易支付接口用了两种解密方法、一种签名方法、一种验签方法以及一 种排序方法,分别是:CFCA 私钥证书解密、AES 解密、SHA1 签名、CFCA 公钥验签和键名首字母排序,
首信易的五种语言 demo 分别都提供了各个方法,具体用法:
1.返回示例:
返回头:
<![CDATA[
{
"merchantId": "890000593",
"requestId": "1556592332569",
"ContentType" : "application/vnd.5upay-v3.0+json",
"encryptKey":"OsYlS3vP1I+m5csUDTSbi801evXvMDsMejLHtqIqbtA5QTdPTjvCE2q4NLFek53Sqo0HxjcHxxgbX5QMEM7y0VMmeUmaLJ7BK/
R3Zc5xtHkWE/AbO8ErG7oXgORZ6JVakeRlDG8sSVTT2Duvy38RsXUQC4Vj4VHgxsLq398vfYQZgf9O8FPfSc+m7g8MGhbbuqMSbOWBH1lDKnCkpl
93XSiWFYHICt7aO/P9avhqlSVJDQg2KpwMld6Mfag5hgz/LTE7DfwyueH6VxIU7rrUkelWZSbO3ULUg7G5okRAFvXJPqfTnkRnQ+qTsK3QOpb98X
laR+tjuYqzTWs+/mUVg=="
}
]]>
返回体:
<![CDATA[
PoE9VSppnI/ixnoi7j2/LE0o28NGVdREh6TfZXXPS0Z0xZTs8Iy9FOoL2lDYOOGfoNNb3YRGtQ1y1ggUykbBaMRh8ipd7njD8XgH0suhx0nyKcSuUBG
S6vkCV3rI+0cJyjENozstB7vhAv31LxOoWyhrBCim/9mnyMomi6jEZS0xdQizUu4TcgJsQL2wXCecHdoD6C6PzLS+oSpizoBC6OtMMuD3aPR/tU5zzZE
dhofU/r1Bof8CuWulV4sCNr8X5EsduZs3uu3dnLsLEJNDjqplN7dGYga492DMg5KHqm8yAOGkiLAyR2jEspHz0ICVdB7RSS6RTDrtqAVzEIw2zrAYyOo
oTMbKOPkh720eFjkRc3iBw5TLfry9ZP4/sBtCzeOvcKw5rxGWiV6RIzxmftUFfsZLAA45DAil6+qryNU7cvS6UupxFiJLykkg88HvZRCGXuY4RxMhTT9
xMT4Vt+emA3RkYHr4U5Z+jUmvx1AjzQs6VBEoqmiFtM5vwHVkkF+e6JYV3d8BVeWyWCcYWYR0h9WYOdvnozsLv5NAQZtFYLbON7krN9abvqUa1Nwn+fo
8f+kQpyQAqhhLbqx/r2V9jvaIWXYyUzo0oLIH8eL2WvWBPDXMeipo0c0erwxqL3cGI1jxsAvrpAHPoGxYaeRCdWWIWDG2l6hHwiER/pZKp16k0JSOsJV
apgWvbPFAd/kfoP6SHuRG/dNjgahiS+tK/QUrV+X8D16Q7uixBJ15/Gwg/b2QSC88Dvs9t14UmYqtqVYFZAo4u5O718r4yA20nk8bZCd9Zwv+Hy6IEg1
MYXCvrQEb6SY5JzCymLPOLq07Mi1a5IZ1c9KGWY2gi6UaXFEHGVCLt8ITlHhG5V8NCo8+uMB3l4vFKNAMRC21tc1Z7dFdD29vnU+2sa2oa86JGMDLbe+
MXgVEpWsmFouGhcq1uU+xDSgTKlhm87TW0waUihBX/VnmCPrpV0YQgIN/RZMnWAHEf78cWx4UMXEqi+eqJer27CuKG8L2k6sCImskWdIBvVXRpHrEsDq
ZnzsBDQuQ5f0kPjljqXjhk/vLzYy+READjUwVpKDhwkvPd2JT+j+UZBg+shYia0UNpPc0GdvFCgz0unqZUIhkEf9dHXQBzu+pyIMOFspxvf9O41Otj+Y
/cDCxeqIP+KlxJrxLrxr6g868VpWKffKEMivuMZMo528QV0/xUyivzUBxep4OCq6x8zB6poGRaap50PAvbMPEZ9FDJdrSpMkZcGJ5c9w+ET/Pu2xBEv1
Pk7ykfyv2FPgM0vfh+xvjhLvAa0YPXvM7xbeB35LQ2iA54T/voza91sNhMowoR7ZcS0xK6+bp+VDCJfAK6kP4dwvCg==
]]>
同步返回时Partnerid参数在请求头中,异步通知时Partnerid参数在请求体内
2.CFCA 私钥解密:
该方法的用处是将商户上传到商户后台的 CFCA 公钥加密的 encryptKey 进行解密,得到十六位的 aes 密钥。
返回的请求头 encryptKey:
OsYlS3vP1I+m5csUDTSbi801evXvMDsMejLHtqIqbtA5QTdPTjvCE2q4NLFek53Sqo0HxjcHxxgb X5QMEM7y0VMmeUmaLJ7BK/RR3Zc5xtHkWE/AbO8E
rG7oXgORZ6JVakeRlDG8sSVTT2Duv y38RsXUQC4Vj4VHgxsLq398vfYQZgf9O8FPfSc+m7g8MGhbbuqMSbOWBH1lDKnCkpl93XSi WFYHICt7aO/P9a
vhqlSVJDQg2KpwMld6Mfag5hgz/LTE7DfwyueH6VxIU7rrUkelWZSbO3ULUg 7G5okRAFvXJPqfTnkRnQ+qTsK3QOpb98XlaR+tjuYqzTWs+/mUVg==
解密后得到的 aes 密钥:
w4deov41ogHO7eFi
3.AES 解密:
该方法的用处是将首信易方面随机生成的 aes 密钥加密的数据进行解密,得到原数据。
返回的请求体 data:
IsMowPkfHQd/x4w7uq3PQpCrCSir9e1B4075S03gQ0svH2LtOcPogsODNGPdrf5YL9AMvslQOj3i
GfS8pkfxxsyYienxAWrwNpu0b49LveB8CvJXBaYOETIbRTYtJ2NaEvJp6vySUo+L0vQZuOb6hxL
ALr8nU/zk4cZiS2KvGtP1tTR1If64Xfut1qNITtQv
解密后:
<![CDATA[
{
“redirectUrl”:”https://payment.5upay.com/receipt/redirect/index/2c9553496a684fe9016a6c53228d7
cf1/2c9553496a684fe9016a6c5322af7cf3”,
”merchantId”:”890000595”,
”requestId”:”1556595531274”,
”paymentOrderId”:”2c9553496a684fe9016a6c53228d7cf1”,
”status”:”REDIRECT”,
”hmac”:”PhbbgXjh6641/cQ6qfy5Dq10h/2TEH1XJiRLKAmtCDUy/hR0K+KRUvJ3bskYVATF3aDrHPBUz+RZjkWjBUgEd9E/7jrHVjAt/WHKl
wwlId1svUcY3oUvJPuh28fHTC8mZ6uOBFLQ5N Vy+sT6A6m2g5OWJ//LQMU05WO77mIt62C60qqFRpdXkcfGdkJapyatUFKIJB8S5EKOeGkDusj6
wMWSIR+Uhrgrzx/pv6BtUmRv2F1syxRK5BjdLWp/bVUl4bxKjCo/JKW8cRmz2ou/ZbchL3uQxJhjwzJoITEJ1PZmUN5B1yJurtQXR3C62MLCeXFV
NFaOP6qC9VbQ8Ewcxh==”
}
]]>
4.键名首字母排序:
该方法的主要作用是将去掉了 hmac 的原数据 json 按照键名首字母进行从 a-z的顺序进行排序,并按照排好的顺序进行拼接键值,各键值中间用#号隔开,例:
排序前:
<![CDATA[
{
“redirectUrl”:
“https://payment.5upay.com/receipt/redirect/index/2c9553496a684fe9016a6c53228d7cf1/2c9553496
a684fe9016a6c5322af7cf3”,
“merchantId”: “890000595”,
“requestId”: “1556595531274”,
“paymentOrderId”: “2c9553496a684fe9016a6c53228d7cf1”,
“status”: “REDIRECT”
}
]]>
排序后:
<![CDATA[
890000595#2c9553496a684fe9016a6c53228d7cf1#https://payment.5upay.com/receipt/redirect/index
/2c9553496a684fe9016a6c53228d7cf1/2c9553496a684fe9016a6c5322af7cf3#1556595531274#RED
IRECT#
]]>
5.SHA1 签名:
该签名方法用于对数据进行初步摘要。例:
签名前:
<![CDATA[
890000595#2c9553496a684fe9016a6c53228d7cf1#https://payment.5upay.com/receipt/redirect/index
/2c9553496a684fe9016a6c53228d7cf1/2c9553496a684fe9016a6c5322af7cf3#1556595531274#RED
IRECT#
]]>
签名后:
<![CDATA[
UmfW5oHZqRwSY5XKdINdfh57FK4=
]]>
6.CFCA 公钥验签:
该方法的主要作用是商户方面使用首信易提供的统一 CFCA 公钥对首信易方面返回的 hmac 数据进行验签,以保证数据没有被篡改。