请求加密流程


为了数据安全,首信易支付接口用了两种加密方法、两种签名方法以及一种排序方法,分别是:CFCA公钥证书加密、AES加密、SHA1签名、CFCA私钥证书签名和键名首字母排序,首信易的三种语言demo分别都提供了各个方法,具体用法:

1.键名首字母排序:

该方法的主要作用是将原数据json按照键名首字母进行从a-z的顺序进行排序,并按照排好的顺序进行拼接键值,各键值中间用#号隔开,例:

排序前:
{ "merchantId": "890000593", "orderAmount": "1", "orderCurrency": "CNY", "requestId": "1556592332569", "notifyUrl": "https://sdk.5upay.com/sdk/onlinepay/notify", "callbackUrl": "https://sdk.5upay.com/sdk/onlinepay/callback", "remark": "备注", "paymentModeCode": "", "productDetails": [{ "name": "", "quantity": 1, "amount": 1, "receiver": "", "description": "" }], "payer": { "name": "付款人姓名", "idType": "IDCARD", "idNum": "232201198701280426", "bankCardNum": "6222021001116245702", "phoneNum": "18800000000", "email": "cs@cc.com" }, "hmac": "Wf7yNZUdruKx7Q1P6bwv6dhu05o13wYfp0S7zC7GP0aolLdjYqjNbR2n4gXinH7Tr1B3 GyOEJ2B6SDa3xEebBl8cd7m/Msng3jY bB1Nzo23nHkIQec329Xuh19kr0SQB+xdMAbX7Dzt dDweNMEnH+5pJLgbDjSyMocF9jBkhShvX5g1VdBpfK05ZTqRNaGcLrLgwMh4QlPtJhvq TBtOikZtIylinHiVaaXnbsR9WGg5fsmtRly3Cf6LW/XbJUuyh6O92eArAV1CXOEuKy04+qIkSW0bQ==" }

'#' 符号尾加首不加,排序后:

https://sdk.5upay.Com/sdk/onlinepay/callback#890000593#https://sdk.5upay.com/sdk/onlinepay/notify#1#cny# 6222021001116245702#cs@cc.com#132201198701280426#IDCARD#付款人姓名#18800000000#1#1#备注#1556592332569#

SHA1签名:

该签名方法用于对数据进行初步摘要。例:

签名前:
https://sdk.5upay.com/sdk/onlinepay/callback#890000595#https://sdk.5upay.com/sdk/onlinepay/notify#1#CNY#6222 021001116245702#cs@cc.com#132201198701280426#IDCARD#付款人姓名#18800000000#1#1#备注#1556592332569#
签名后:
wkJpxZ9o+vuGhQn2pieT3S5GvSo=

3.CFCA私钥签名:

PS:此操作完成后得到的是hmac,将签名后的值传到原json里的hmac项。

商户使用自身CFCA私钥证书(商户与首信易方面业务人员申请)进行签名,该签名优点是不可被破解,请求接口后首信易支付使用商户在商户后台上传的公钥进行验签,防止信息篡改。例:

签名前:
wkJpxZ9o+vuGhQn2pieT3S5GvSo=
签名后:
SjhLrzimZKXWCz1m1L5npw/rBs6GdTOMSDlg5D49TWdgQUY9+eC2j14TnhopGSk7euAWX7cWQaMCP096znzKeRFaYp0rsghkQSquzRwFQi VWhgePJSVdnl5raUHGPW4r0gfRLuKbtMCe2pgidMrGM1WTOGjHj9kM/1qaecDO1PXHSDJWNIuypXbsMg1bvkltg1qlfOJgCRJ6IDJSr3vn W4eWVEZJDqkcYZAU7lZnnq419XJnbXGqefBYW4pBrVlFgyKkP7PG25JGu5b03IuxgKTmp5qeXB0BHZzgaVRfrRyNqvRtK2qqCB7/+QI7O1 c7wexsF6uR/ekGKArWRCDCw==

4.自动生成十六位aes密钥

此操作完成后得到用于加密加入了hmac的原json数据的aes密钥。

商户自行生成一串十六位的随机数用于进行aes加密使用。
例:wsF0iQI3myswBmH8

5.AES加密:

此操作完成后得到的是请求接口的请求体data数据,将加密完成后的值放到请求接口的请求体里,键名为data

该加密可通过相同的密钥进行解密,可自行生成16位随机数密钥进行加密,首信易支付接收到后通过相同的密钥进行解密,AES加密作用于加密已经含有hmac参数的原数据,例:

加密前:
{ "merchantId": "890000593", "orderAmount": "1", "orderCurrency": "CNY", "requestId": "1556592332569", "notifyUrl": "https://sdk.5upay.com/sdk/onlinepay/notify", "callbackUrl": "https://sdk.5upay.com/sdk/onlinepay/callback", "remark": "备注", "paymentModeCode": "", "productDetails": [{ "name": "", "quantity": 1, "amount": 1, "receiver": "", "description": "" }], "payer": { "name": "付款人姓名", "idType": "IDCARD", "idNum": "132201198701280426", "bankCardNum": "6222021001116245702", "phoneNum": "18000000000", "email": "cs@cc.com", "nationality": null }, "hmac": " SjhLrzimZKXWCz1m1L5npw/rBs6GdTOMSDlg5D49TWdgQUY9+eC2j14TnhopGSk7euAWX7cWQaMCP096znzKeRFaYp0rsghkQSquzRwFQi VWh/gePJSVdnl5raUHGPW4r0gfRLuKbtMCe2pgidMrGM1WTOGjHj9kM/1qaecDO1PXHSDJWNIuypXbsMg1bvkltg1qlfOJgCRJ6IDJSr3vnW4eWVE ZJDqkcYZAU7lZnnq419XJnbXGqefBYW4pBrVlFgyKkP7PG25JGu5b03IuxgKTmp5qeXB0BHZzgaVRfrRyNqvRtK2qqCB7/+QI7O1c7wexsF6uR/ek GKArWRCDCw==" }

加密后:

PoE9VSppnI/ixnoi7j2/LE0o28NGVdREh6TfZXXPS0Z0xZTs8Iy9FOoL2lDYOOGfoNNb3YRGtQ1y1ggUykbBaMRh8ipd7njD8XgH0suhx0nyKcSuU S6vkCV3rI+0cJyjENozstB7vhAv31LxOoWyhrBCim/9mnyMomi6jEZS0xdQizUu4TcgJsQL2wXCecHdoD6C6PzLS+oSpizoBC6OtMMuD3aPR/tU5d hofU/r1Bof8CuWulV4sCNr8X5EsduZs3uu3dnLsLEJNDjqplN7dGYga492DMg5KHqm8yAOGkiLAyR2jEspHz0ICVdB7RSS6RTDrtqAVzEIw2zrAYyo TMbKOPkh720eFjkRc3iBw5TLfry9ZP4/sBtCzeOvcKw5rxGWiV6RIzxmftUFfsZLAA45DAil6+qryNU7cvS6UupxFiJLykkg88HvZRCGXuY4RxMhTxM T4Vt+emA3RkYHr4U5Z+jUmvx1AjzQs6VBEoqmiFtM5vwHVkkF+e6JYV3d8BVeWyWCcYWYR0h9WYOdvnozsLv5NAQZtFYLbON7krN9abvqUa1Nwn+f8f+ kQpyQAqhhLbqx/r2V9jvaIWXYyUzo0oLIH8eL2WvWBPDXMeipo0c0erwxqL3cGI1jxsAvrpAHPoGxYaeRCdWWIWDG2l6hHwiER/pZKp16k0JSOsJVBG apgWvbPFAd/kfoP6SHuRG/dNjgahiS+tK/QUrV+X8D16Q7uixBJ15/Gwg/b2QSC88Dvs9t14UmYqtqVYFZAo4u5O718r4yA20nk8bZCd9Zwv+Hy6IEg1 MzzZEYoOoT9oXCvrQEb6SY5JzCymLPOLq07Mi1a5IZ1c9KGWY2gi6UaXFEHGVCLt8ITlHhG5V8NCo8+uMB3l4vFKNAMRC21tc1Z7dFdD29vnU+2sa2oa 86JGMDLbe+MXgVEpWsmFouGhcq1uU+xDSgTKlhm87TW0waUihBX/VnmCPrpV0YQgIN/RZMnWAHEf78cWx4UMXEqi+eqJer27CuKG8L2k6sCImskWdIBv VXRpHrEsDqZnzsBDQuQ5f0kPjljqXjhk/vLzYy+READjUwVpKDhwkvPd2JT+j+UZBg+shYia0UNpPc0GdvFCgz0unqZUIhkEf9dHXQBzu+pyIMOFspxv f9O41Otj+Y/cDCxeqIP+KlxJrxLrxr6g868VpWKffKEMivuMZMo528QV0/xUyivzUBxep4OCq6x8zB6poGRaap50PAvbMPEZ9FDJdrSpMkZcGJ5c9w+E T/Pu2xBEv1Pk7ykfyv2FPgM0vfh+xvjhLvAa0YPXvM7xbeB35LQ2iA54T/voza91sNhMowoR7ZcS0xK6+bp+VDCJfAK6kP4dwvCg==

6.CFCA公钥加密:

此操作完成后得到的是请求接口的请求头encryptKey数据,将加密完成后的值放到请求接口的请求头里,键名为encryptKey

该加密是不对称加密,商户通过首信易提供的公钥进行CFCA公钥证书加密,加密方法在demo内有提供,加密的数据是AES密钥,防止AES密钥泄露。

加密前:

wsF0iQI3myswBmH8

加密后:

O3ch2CMfQaVeP8b6WbziCffGVGHF2BSsjaOQm2EvO+3Q1X8y2CSobquLNcT/g/FdsvRnmPwfscR3lbFBYvH9M9NdGjKjLNHkGc2ekagABPGWDwMzcnrLj vkNL3xgHSt4+mmZDDs8OUlpN5WCDVnMBcq2NEb4IY0We7I4g80xIFj1+XwPhzFZL6MMny5fq1/GVbAfh/iNV1XxpOvGsi0v8bRxEwu/auqTM5K6p7VrS ZgcE7rdwD1I11PgN1sHUaPQn1X/2oJ2qELWdNi9K7aAC/7SfZhGXzU5+Z22ShxYzN27l1MIIVKBCbR7/tOMZe2VfQn8YFQgT05TB5dntaJeGw==

7.接口请求:

商户请求时需要确认好请求地址正确以及相关加密流程准确无误,请求方式为post,请求时请确认好编码为utf-8,以下为相关请求内容

请求头:

键名 键值 注释
merchantId 商户编号 首信易分配给商户的唯一身份标识,在商户后台获取
requestId 商户订单号 商户自行拟定的订单号(如果业务没有订单号的话可不传此参数)
partnerId 服务商id 首信易分配给服务商的唯一身份标识,和商户编号有对应关系(如果业务没有服务商id的话可不传此参数)
Content-Type application/vnd.5upay-v3.0+json 首信易固定的请求头
encryptKey 经过cfca公钥加密过后的aes密钥数据 请求加密流程里的第6步CFCA公钥加密后得到的值