目前已完成各地区国家医保在线支付,可通过dll,提供给第三方进行调用,如delphi,pb,asp等。技术交流可私信沟通。
- 安全规范
- 签名算法(SM2)
- 概述
- 签名算法(SM2)
根据SM2算法(Signature的algorithm选择SM3withSM2),签名报文。通过对报文数据筛选、排序和拼接,组成待签名报文数据。
-
-
-
- 请求参数签名
- 筛选
- 请求参数签名
-
-
获取所有请求参数,不包括字节类型参数,如文件、字节流,剔除signData、encData、extra字段。
-
-
-
-
- 排序
-
-
-
将筛选的参数按照第一个字符的键值ASCII码递增排序(字母升序排序),如果遇到相同字符则按照第二个字符的键值ASCII码递增排序,以此类推。
-
-
-
-
- 拼接
-
-
-
将排序后的参数与其对应值,组合成“参数=参数值”的格式,并且把这些参数用&字符连接起来,最后拼接上应用密钥appSecret在“…参数=参数值…”后,此时生成的字符串为待签名字符串,将待签名字符串SM2运算,即是签名(signData)的值(“signData”、“encData”、“extra”参数不参与签名)。
JOSN对象签名规范(如data):内部按字母顺序升序排列空值不参与签名 将整理好的JSON内容,输出JSON字符串后拼接参与签名,例如下面的示例请求报文,参数值都是示例,开发者仅参考报文格式即可。
加签报文示例:
{ "appId":"43AF047BBA47FC8A1AE8EFB2XXXXXXXX", "data":{"appId":"43AF047BBA47FC8A1AE8EFB2XXXXXXXX","appUserId":"o8z4C5avQXqC0aWFPf1Mzu6D7WCQ_bd","idNo":"350181199011193519","idType":"01","phoneNumber":"13763873033","userName":"测试"}, "encType":"SM4", "signData":"URVQNdVNn5mz2EhKZhLTlXNwAWTSncFoSe8Ilx7jhn81eABJ46sdRRN1ZiAiQjPUTixG9bwqEhiJupHRGmyO5w==", "signType":"SM2", "timestamp":"20200207175759", "version":"2.0.1" } |
组成的待签名字符串:
appId=43AF047BBA47FC8A1AE8EFB2XXXXXXXX&data={"appId":"43AF047BBA47FC8A1AE8EFB2XXXXXXXX","appUserId":"o8z4C5avQXqC0aWFPf1Mzu6D7WCQ_bd","idNo":"350181199011193519","idType":"01","phoneNumber":"13763873033","userName":"测试"} &encType=SM4&signType=SM2×tamp=20200207175759&version=2.0.1&key=4117E877F5FA0A0188891283E4B617D5 |
-
-
-
-
- 签名结果
-
-
-
使用各自语言对应的SM2签名函数,对拼接得出的待签名字符串使用私钥进行SM2签名后,再将字节码进行Base64编码,即是签名结果,如签名结果。
签名结果示例:
URVQNdVNn5mz2EhKZhLTlXNwAWTSncFoSe8Ilx7jhn81eABJ46sdRRN1ZiAiQjPUTixG9bwqEhiJupHRGmyO5w= |
-
-
-
- 返回参数验签
- 筛选
- 返回参数验签
-
-
获取所有请求参数,不包括字节类型参数,如文件、字节流,剔除signData、encData、extra字段。
-
-
-
-
- 排序
-
-
-
将筛选的参数按照第一个字符的键值ASCII码递增排序(字母升序排序),如果遇到相同字符则按照第二个字符的键值ASCII码递增排序,以此类推。
-
-
-
-
- 拼接
-
-
-
将排序后的参数与其对应值,组合成“参数=参数值”的格式,并且把这些参数用&字符连接起来,最后拼接上应用密钥appSecret在“…参数=参数值…”,此时生成的字符串为待签名字符串,将待签名字符串SM2运算,即是签名(signData)的值(“signData”、“encData”、“extra”参数不参与签名)。
请求报文示例:
{ "appId":"43AF047BBA47FC8A1AE8EFB2XXXXXXXX", "data":{"appId":"43AF047BBA47FC8A1AE8EFB2XXXXXXXX","appUserId":"o8z4C5avQXqC0aWFPf1Mzu6D7WCQ_bd","idNo":"350181199011193519","idType":"01","phoneNumber":"13763873033","userName":"测试"}, "encType":"SM4", "signData":"URVQNdVNn5mz2EhKZhLTlXNwAWTSncFoSe8Ilx7jhn81eABJ46sdRRN1ZiAiQjPUTixG9bwqEhiJupHRGmyO5w==", "signType":"SM2", "timestamp":"20200207175759", "version":"2.0.1" } |
组成的待签名字符串:
appId=43AF047BBA47FC8A1AE8EFB2XXXXXXXX&data={"appId":"43AF047BBA47FC8A1AE8EFB2XXXXXXXX","appUserId":"o8z4C5avQXqC0aWFPf1Mzu6D7WCQ_bd","idNo":"350181199011193519","idType":"01","phoneNumber":"13763873033","userName":"测试"} &encType=SM4&signType=SM2×tamp=20200207175759&version=2.0.1&key=4117E877F5FA0A0188891283E4B617D5 |
-
-
-
-
- 签名结果
-
-
-
使用对应的SM2验签函数,对拼接得出的待签名字符串使用公钥进行SM2进行验签,对比验签内容的签名与返回报文里的signData字段比较是否验签通过。
-
-
- 加密算法(SM4)
- 概述
- 加密算法(SM4)
-
根据SM4加密算法,加密报文。通过对报文数据筛选、排序和拼接,组成待加密报文数据。
-
-
-
- 请求报文加密
-
-
1、组装请求报文 根据API列表定义参数,整理请求报文;
加密报文示例:
{ "appId":"43AF047BBA47FC8A1AE8EFB2XXXXXXXX", "data":{"appId":"43AF047BBA47FC8A1AE8EFB2XXXXXXXX","appUserId":"o8z4C5avQXqC0aWFPf1Mzu6D7WCQ_bd","idNo":"350181199011193519","idType":"01","phoneNumber":"13763873033","userName":"测试"}, "encType":"SM4", "signData":"URVQNdVNn5mz2EhKZhLTlXNwAWTSncFoSe8Ilx7jhn81eABJ46sdRRN1ZiAiQjPUTixG9bwqEhiJupHRGmyO5w==", "signType":"SM2", "timestamp":"20200207175759", "version":"2.0.1" } |
2、将data字段值,转换为字符串jStr;
待加密串示例:
{"appId":"43AF047BBA47FC8A1AE8EFB2XXXXXXXX","appUserId":"o8z4C5avQXqC0aWFPf1Mzu6D7WCQ_bd","idNo":"350181199011193519","idType":"01","phoneNumber":"13763873033","userName":"测试"} |
3、根据 SM4 加密算法,先使用appId(渠道id)作为Key加密appSecret(渠道秘钥)生成新的秘钥串。(补充:传入 SM4 加密算法长度秘钥为 32 位,实际底层算法秘钥应用长度为前 16 位);
4、使用3获得的报文加密密钥,截取新秘钥串的前32位作为SM4密钥,加密jStr(data字段值)字符串(补充:传入 SM4 加密算法秘钥长度为 32 位,实际底层算法秘钥应用长度为前 16 位),并将加密结果转换为大写,获得加密密文encData;
密文示例:
4470B6B96A8E0BADA051A318E6B6FBED66B9FC5AB2A4A3C66FDDD3C70BCADD6EF526AB57DC1DC916385CEF34843AABFCBAF8F1FDEA9DC51A2A56AB3EA3E170201E4EDD3137D6D1BA6A4A773F6F4872A718F56742E5052AD1C04E99C91EA048990F06A96E6E1E534E40BD28DFDC204ACA03CAE0DFE0DE5229EDADBD27BBD32DD4C3F9ADC833CD3CF01CD012CE1799BB6F |
5、将加密结果encData,加入请求报文中,并清空报文的data字段;
加密请求报文示例:
{ "appId":"43AF047BBA47FC8A1AE8EFB2XXXXXXXX", "encData":"64A9C5A7AB3AEA5FC01DE87025F999521C08D25DA13BD715D7E036A7D7C1DBCB6AB7914898A23A99C97EBEFE5277247AD7D0DD9B18F4DCC71A2C280C5143F25B857C795E6BA9F399652C3A4264FC2CBBA7E06B08E151362301659FC3F3773480966E8D19AB082B64A4F9B9BDBABCE57DC2CA95C9975090885AB286BB736BA3BB98F3540962552F40C8350926B93CD21CB7A624E6C4E41E349627E7B36B5C1B5F94604EDC42EA6034D63B2D387A87F42130F0D47B9445F9D729566FE183F9A959", "encType":"SM4", "signData":"URVQNdVNn5mz2EhKZhLTlXNwAWTSncFoSe8Ilx7jhn81eABJ46sdRRN1ZiAiQjPUTixG9bwqEhiJupHRGmyO5w==", "signType":"SM2", "timestamp":"20200207175759", "version":"2.0.1" } |
6、返回报文解密;
响应报文示例:
{ "appId":"43AF047BBA47FC8A1AE8EFB2XXXXXXXX", "encData":"64A9C5A7AB3AEA5FC01DE87025F999521C08D25DA13BD715D7E036A7D7C1DBCB6AB7914898A23A99C97EBEFE5277247AD7D0DD9B18F4DCC71A2C280C5143F25B857C795E6BA9F399652C3A4264FC2CBBA7E06B08E151362301659FC3F3773480966E8D19AB082B64A4F9B9BDBABCE57DC2CA95C9975090885AB286BB736BA3BB98F3540962552F40C8350926B93CD21CB7A624E6C4E41E349627E7B36B5C1B5F94604EDC42EA6034D63B2D387A87F42130F0D47B9445F9D729566FE183F9A959", "encType": "SM4", "code": "0", "message": "成功", "signData": " OTk0MUYwREIyODk1RDhDRDQ5NjQzRTU1RENCN0ZGMzdCRUY4MzFFNDMxMTM1OTY0MEM1MDk3N0E4REE2Nzk2QQ==", "signType": "SM2", "timestamp": "20161226093147927", "success": true, } |
加密密文数据enctData示例:
64A9C5A7AB3AEA5FC01DE87025F999521C08D25DA13BD715D7E036A7D7C1DBCB6AB7914898A23A99C97EBEFE5277247AD7D0DD9B18F4DCC71A2C280C5143F25B857C795E6BA9F399652C3A4264FC2CBBA7E06B08E151362301659FC3F3773480966E8D19AB082B64A4F9B9BDBABCE57DC2CA95C9975090885AB286BB736BA3BB98F3540962552F40C8350926B93CD21CB7A624E6C4E41E349627E7B36B5C1B5F94604EDC42EA6034D63B2D387A87F42130F0D47B9445F9D729566FE183F9A959 |
7、根据encType声明加密算法,先使用appId(渠道id)作为Key加密appSecret(渠道秘钥)生成新的秘钥串。(补充:传入 SM4 加密算法长度秘钥为 32 位,实际底层算法秘钥应用长度为前 16 位);
8、根据encType声明加密算法,使用7获取的报文解密密钥,解密encData获取明文字符串jStr示例:
{"appId":"43AF047BBA47FC8A1AE8EFB2XXXXXXXX","appUserId":"o8z4C5avQXqC0aWFPf1Mzu6D7WCQ_bd","idNo":"350181199011193519","idType":"01","phoneNumber":"13763873033","userName":"测试"} |
9、将jStr转换为JSON赋值data,获取解密后返回报文示例:
{ "appId":"43AF047BBA47FC8A1AE8EFB2XXXXXXXX", "data":{"appId":"43AF047BBA47FC8A1AE8EFB2XXXXXXXX","appUserId":"o8z4C5avQXqC0aWFPf1Mzu6D7WCQ_bd","idNo":"350181199011193519","idType":"01","phoneNumber":"13763873033","userName":"测试"}, "encType": "SM4", "code": "0", "message": "成功", "signData": " OTk0MUYwREIyODk1RDhDRDQ5NjQzRTU1RENCN0ZGMzdCRUY4MzFFNDMxMTM1OTY0MEM1MDk3N0E4REE2Nzk2QQ==", "signType": "SM2", "timestamp": "20161226093147927", "success": true, "version": "2.0.1" } |
相关技术交流可私信。