iT邦幫忙

2021 iThome 鐵人賽

DAY 6
1
永豐金融APIs

openAPI 對接實務系列 第 6

[day6] AES-CBC 內文加密機制(Message)

訊息文本使用AES-CBC模式加密傳送,接收的結果亦以相同規則加密

必要的參數 如何取得
JSON訊息文本 Day3
HashID Day3
IV Nonce做SHA256後轉大寫後16碼

實作計算IV

假設本次取得的Nonce為:NjM3NjczODg3Mjc5MTYuNjo1ZDI5ZTQ3YjBlNzY2NTc4ODI3YzM0ZjdiMjlmYjg0MWQ3Y2NlYzI5NmM0NjI2MzA3NWRkYTNlNzQ1NzdhMWY4

字串進行sha256後:54164b54f6f9366b8377dd69b43e9970b0c95dee26be66402d3e2ea879b80c63

IV為字串尾端16碼的英文大寫:2D3E2EA879B80C63

Python實作如下

def GenIV(Nonce:str):
  return hashlib.sha256(Nonce.encode('utf-8')).hexdigest().upper()[-16:]

AES CBC 計算實作

如果對密碼學有興趣,可以自己Google,這邊直接用先前iphone的訂單進行實作

{
    "ShopNo": "NA0249_001",
    "OrderNo": "2021091500002",
    "Amount": 40400,
    "CurrencyID": "TWD",
    "PrdtName": "IPhone 13 Pro Max 256g",
    "Memo": "",
    "Param1": "",
    "Param2": "",
    "Param3": "",
    "ReturnURL": "https://0.0.0.0/store/Return",
    "BackendURL": "https://0.0.0.0/bakcend",
    "PayType": "C",
    "ATMParam": {
        "ExpireDate": ""
    },
    "CardParam": {
        "AutoBilling": "Y",
        "ExpBillingDays": 7,
        "ExpMinutes": 10,
        "PayTypeSub": "ONE"
    }
}

假設這次取得的nonce為:NjM3Njc0MDQxODY5OTYuNDowNDIxNTg3ODM5MDFhNTU1ZjYwYzMzMzg0NDEyMzUxNmQ5OTBlZWU1NDY2NjY2NDkyZjE5YTc3OTE2ZDExNjNh

計算出IV:3C7B67201DC59932

假設金鑰為:

  • A1 = 86D50DEF3EB7400E
  • A2 = 01FD27C09E5549E5
  • B1 = 9E004965F4244953
  • B2 = 7FB3385F414E4F91

HashID為:87282A2FA0E209EBE1B3713AB56A06C2

將訊息文本以AES-CBC模式加密,Key Size=256,AESKEY=HashID,IV,以16進制HEX模式輸出的結果:

16D2F25D277F33FC46D1B8B8D693416F159CE3E8E62B829EB0D6E3D0863B50F07D6C2240EC73EE47459C8E06992D6F59B50831B52A80429A86AB01FF6149E12500162C68DE232D3777E097FE4F58BEDC238B0105D3826E8CC3A69CDF946B5513517AD89E9C966DD41A82A3FF6CAA22DCB8FCAD28614444CE5272D121792083D6F9401DAF6890792C46D7A918785280224A04FD25E58421021141F5C21FCA4341328887657D20AD82CA99D2F42761F9BAC6911AF835799356A8A4647CD097DCEA88D7DD3DA57CACCA572711D7C248B10894F7E62A3B1A675F1EFDF9B4FB3B3C7F110F9F27875E6F44647F54881E6FCF1CB3709C38462D2B52BCC871CA88EFA86EF4D890615C107528C4AA90CF79B87FF3569ED3F7C5B47837E2706E11A381B5219F904D5CF01B8D32B4FB994544924CE5A37F520B12B759E734596CA0472066341444DB811138F96F16E8A6E50370D8032C777C23C1700DF8784B1B68562827CA6765BE64C1F5F8F7BE9205FC35F1D998DE6715407CC0AE48434738B016FCF497E3DB001C158F5C639A2A40F429BA56E6B6587433B851DBEF723218CE6315F67DA19D0EAF121745F867F8A6EC174B37CC799534C2422354C326A2D4D3E64BDBA164D053FD6B02557A34291C3B364C2003E38724DF077E41627D0D90684138D7A42C418C026BD1292A4976327989E13BDEFCF3643E2E7136594ADC5FE5612EA3B1042C1593AB3CF6A32354E5E066FF3DF3

可以使用devglan進行加解密驗證測試

Python實作計算AES CBC

參考此篇進行PyCryptodome套件安裝

from Cryptodome.Cipher import AES
from Crypto.Util.Padding import pad, unpad

def AES_CBC_Encrpt(HashID, iv, data):
  key = str.encode(HashID)
  iv = str.encode(iv)
  data = str.encode(data)
  cipher = AES.new(key=key, mode=AES.MODE_CBC, iv=iv)
  ct_bytes = cipher.encrypt(pad(data, AES.block_size))
  return ct_bytes.hex().upper()

ciphertext = AES_CBC_Encrpt(HashID, iv, origin_Message)

現在已經湊齊發送API的所有參數(ShopNo、APIServer、Sign、Nonce、Message)了,明天將正式的將訂單資訊傳送到永豐的API伺服器,並測試功能


上一篇
[day5] Python發送Request接收Response與永豐API串接參數
下一篇
[day7] API回覆內容(Response)解析 & 驗證(sign)
系列文
openAPI 對接實務30

1 則留言

0
yuanshang
iT邦新手 4 級 ‧ 2021-09-22 08:48:02

iPhone 13 開賣囉~~

我要留言

立即登入留言