解密流程


返回解密流程说明

返回数据和请求数据是相同的格式,按照请求流程的逆推进行解密以及验签。为了数据安全,首信易支付接口用了两种解密方法、一种签名方法、一种验签方法以及一 种排序方法,分别是:CFCA 私钥证书解密、AES 解密、SHA1 签名、CFCA 公钥验签和键名首字母排序, 首信易的五种语言 demo 分别都提供了各个方法,具体用法:

1.返回示例:

返回头:

{ "merchantId": "890000593", "requestId": "1556592332569", "ContentType" : "application/vnd.5upay-v3.0+json", "partnerId":"890000595", "encryptKey":"OsYlS3vP1I+m5csUDTSbi801evXvMDsMejLHtqIqbtA5QTdPTjvCE2q4NLFek53Sqo0HxjcHxxgbX5QMEM7y0VMmeUmaLJ7BK/ R3Zc5xtHkWE/AbO8ErG7oXgORZ6JVakeRlDG8sSVTT2Duvy38RsXUQC4Vj4VHgxsLq398vfYQZgf9O8FPfSc+m7g8MGhbbuqMSbOWBH1lDKnCkpl 93XSiWFYHICt7aO/P9avhqlSVJDQg2KpwMld6Mfag5hgz/LTE7DfwyueH6VxIU7rrUkelWZSbO3ULUg7G5okRAFvXJPqfTnkRnQ+qTsK3QOpb98X laR+tjuYqzTWs+/mUVg==" }

返回体:

PoE9VSppnI/ixnoi7j2/LE0o28NGVdREh6TfZXXPS0Z0xZTs8Iy9FOoL2lDYOOGfoNNb3YRGtQ1y1ggUykbBaMRh8ipd7njD8XgH0suhx0nyKcSuUBG S6vkCV3rI+0cJyjENozstB7vhAv31LxOoWyhrBCim/9mnyMomi6jEZS0xdQizUu4TcgJsQL2wXCecHdoD6C6PzLS+oSpizoBC6OtMMuD3aPR/tU5zzZE dhofU/r1Bof8CuWulV4sCNr8X5EsduZs3uu3dnLsLEJNDjqplN7dGYga492DMg5KHqm8yAOGkiLAyR2jEspHz0ICVdB7RSS6RTDrtqAVzEIw2zrAYyOo oTMbKOPkh720eFjkRc3iBw5TLfry9ZP4/sBtCzeOvcKw5rxGWiV6RIzxmftUFfsZLAA45DAil6+qryNU7cvS6UupxFiJLykkg88HvZRCGXuY4RxMhTT9 xMT4Vt+emA3RkYHr4U5Z+jUmvx1AjzQs6VBEoqmiFtM5vwHVkkF+e6JYV3d8BVeWyWCcYWYR0h9WYOdvnozsLv5NAQZtFYLbON7krN9abvqUa1Nwn+fo 8f+kQpyQAqhhLbqx/r2V9jvaIWXYyUzo0oLIH8eL2WvWBPDXMeipo0c0erwxqL3cGI1jxsAvrpAHPoGxYaeRCdWWIWDG2l6hHwiER/pZKp16k0JSOsJV apgWvbPFAd/kfoP6SHuRG/dNjgahiS+tK/QUrV+X8D16Q7uixBJ15/Gwg/b2QSC88Dvs9t14UmYqtqVYFZAo4u5O718r4yA20nk8bZCd9Zwv+Hy6IEg1 MYXCvrQEb6SY5JzCymLPOLq07Mi1a5IZ1c9KGWY2gi6UaXFEHGVCLt8ITlHhG5V8NCo8+uMB3l4vFKNAMRC21tc1Z7dFdD29vnU+2sa2oa86JGMDLbe+ MXgVEpWsmFouGhcq1uU+xDSgTKlhm87TW0waUihBX/VnmCPrpV0YQgIN/RZMnWAHEf78cWx4UMXEqi+eqJer27CuKG8L2k6sCImskWdIBvVXRpHrEsDq ZnzsBDQuQ5f0kPjljqXjhk/vLzYy+READjUwVpKDhwkvPd2JT+j+UZBg+shYia0UNpPc0GdvFCgz0unqZUIhkEf9dHXQBzu+pyIMOFspxvf9O41Otj+Y /cDCxeqIP+KlxJrxLrxr6g868VpWKffKEMivuMZMo528QV0/xUyivzUBxep4OCq6x8zB6poGRaap50PAvbMPEZ9FDJdrSpMkZcGJ5c9w+ET/Pu2xBEv1 Pk7ykfyv2FPgM0vfh+xvjhLvAa0YPXvM7xbeB35LQ2iA54T/voza91sNhMowoR7ZcS0xK6+bp+VDCJfAK6kP4dwvCg==

2.CFCA 私钥解密:

该方法的用处是将商户上传到商户后台的 CFCA 公钥加密的 encryptKey 进行解密,得到十六位的 aes 密钥。

返回的请求头 encryptKey:

OsYlS3vP1I+m5csUDTSbi801evXvMDsMejLHtqIqbtA5QTdPTjvCE2q4NLFek53Sqo0HxjcHxxgb X5QMEM7y0VMmeUmaLJ7BK/RR3Zc5xtHkWE/AbO8E rG7oXgORZ6JVakeRlDG8sSVTT2Duv y38RsXUQC4Vj4VHgxsLq398vfYQZgf9O8FPfSc+m7g8MGhbbuqMSbOWBH1lDKnCkpl93XSi WFYHICt7aO/P9a vhqlSVJDQg2KpwMld6Mfag5hgz/LTE7DfwyueH6VxIU7rrUkelWZSbO3ULUg 7G5okRAFvXJPqfTnkRnQ+qTsK3QOpb98XlaR+tjuYqzTWs+/mUVg==

解密后得到的 aes 密钥:

w4deov41ogHO7eFi

3.AES 解密:

该方法的用处是将首信易方面随机生成的 aes 密钥加密的数据进行解密,得到原数据。

返回的请求体 data:

IsMowPkfHQd/x4w7uq3PQpCrCSir9e1B4075S03gQ0svH2LtOcPogsODNGPdrf5YL9AMvslQOj3i GfS8pkfxxsyYienxAWrwNpu0b49LveB8CvJXBaYOETIbRTYtJ2NaEvJp6vySUo+L0vQZuOb6hxL ALr8nU/zk4cZiS2KvGtP1tTR1If64Xfut1qNITtQv

解密后:

{ “redirectUrl”:”https://payment.5upay.com/receipt/redirect/index/2c9553496a684fe9016a6c53228d7 cf1/2c9553496a684fe9016a6c5322af7cf3”, ”merchantId”:”890000595”, ”requestId”:”1556595531274”, ”paymentOrderId”:”2c9553496a684fe9016a6c53228d7cf1”, ”status”:”REDIRECT”, ”hmac”:”PhbbgXjh6641/cQ6qfy5Dq10h/2TEH1XJiRLKAmtCDUy/hR0K+KRUvJ3bskYVATF3aDrHPBUz+RZjkWjBUgEd9E/7jrHVjAt/WHKl wwlId1svUcY3oUvJPuh28fHTC8mZ6uOBFLQ5N Vy+sT6A6m2g5OWJ//LQMU05WO77mIt62C60qqFRpdXkcfGdkJapyatUFKIJB8S5EKOeGkDusj6 wMWSIR+Uhrgrzx/pv6BtUmRv2F1syxRK5BjdLWp/bVUl4bxKjCo/JKW8cRmz2ou/ZbchL3uQxJhjwzJoITEJ1PZmUN5B1yJurtQXR3C62MLCeXFV NFaOP6qC9VbQ8Ewcxh==” }

4.键名首字母排序:

该方法的主要作用是将去掉了 hmac 的原数据 json 按照键名首字母进行从 a-z的顺序进行排序,并按照排好的顺序进行拼接键值,各键值中间用#号隔开,例:

排序前:

{ “redirectUrl”: “https://payment.5upay.com/receipt/redirect/index/2c9553496a684fe9016a6c53228d7cf1/2c9553496 a684fe9016a6c5322af7cf3”, “merchantId”: “890000595”, “requestId”: “1556595531274”, “paymentOrderId”: “2c9553496a684fe9016a6c53228d7cf1”, “status”: “REDIRECT” }

排序后:

890000595#2c9553496a684fe9016a6c53228d7cf1#https://payment.5upay.com/receipt/redirect/index /2c9553496a684fe9016a6c53228d7cf1/2c9553496a684fe9016a6c5322af7cf3#1556595531274#RED IRECT#

5.SHA1 签名:

该签名方法用于对数据进行初步摘要。例:

签名前:

890000595#2c9553496a684fe9016a6c53228d7cf1#https://payment.5upay.com/receipt/redirect/index /2c9553496a684fe9016a6c53228d7cf1/2c9553496a684fe9016a6c5322af7cf3#1556595531274#RED IRECT#

签名后:

UmfW5oHZqRwSY5XKdINdfh57FK4=

6.CFCA 公钥验签:

该方法的主要作用是商户方面使用首信易提供的统一 CFCA 公钥对首信易方面返回的 hmac 数据进行验签,以保证数据没有被篡改。