术语说明
EncodingAESKey:注册应用提供的数据加密密钥。用于消息体的加密,长度固定为43个字符,从a-z, A-Z, 0-9共62个字符中选取,是 AESKey 的 Base64 编码。解码后即为32字节长的 AESKey。
AESKey:AESKey=Base64_Decode(EncodingAESKey + “=”),是 AES 算法的密钥,长度为32字节。AES 采用 CBC 模式,数据采用 PKCS#7 填充;IV初始向量大小为16字节,取AESKey前16字节。具体详见:Cryptographic Message Syntax。
msg为消息体明文,格式为 JSON。
加解密方案说明
明文 msg 的加密过程
msg_encrypt = Base64_Encode( AES_Encrypt[msg + $key] )。
AES 加密的 buf 由明文 msg 和 $key 组成。
加密方案对应的解密方案
取出返回的 JSON 中的 data 字段。
对密文 BASE64 解码:aes_msg=Base64_Decode(data)。
使用 AESKey 做 AES 解密:msg=AES_Decrypt(aes_msg)。
加解密示例代码
package mainimport ("crypto/aes""crypto/cipher""encoding/base64""fmt")func aesDecrypt(encryptedText, key string) (string, error) {// Decode the key with added plus signdecodedKey, err := base64.StdEncoding.DecodeString(key + "=")if err != nil {return "", err}// Convert key to 256-bit formataesKey := make([]byte, 32)copy(aesKey, decodedKey)// Generate IV from first 16 bytes of keyiv := aesKey[:aes.BlockSize]// Base64 decode the encrypted textdecodedText, err := base64.StdEncoding.DecodeString(encryptedText)if err != nil {return "", err}// Decrypt the textblock, err := aes.NewCipher(aesKey)if err != nil {return "", err}mode := cipher.NewCBCDecrypter(block, iv)mode.CryptBlocks(decodedText, decodedText)// Remove PKCS7 paddingpadding := int(decodedText[len(decodedText)-1])decodedText = decodedText[:len(decodedText)-padding]return string(decodedText), nil}func main() {encryptedText := "your base64 encoded encrypted textkey := "your base64 encoded key"decryptedText, err := aesDecrypt(encryptedText, key)if err != nil {fmt.Println("Error:", err)return}fmt.Println("Decrypted Text:", decryptedText)}
import javax.crypto.Cipher;import javax.crypto.spec.IvParameterSpec;import javax.crypto.spec.SecretKeySpec;import java.nio.charset.StandardCharsets;import java.util.Base64;public class Main {public static String decrypt(String encryptedText, String key) throws Exception {byte[] encryptedBytes = Base64.getDecoder().decode(encryptedText);byte[] keyBytes = Base64.getDecoder().decode(key + "=");byte[] ivBytes = new byte[16];System.arraycopy(keyBytes, 0, ivBytes, 0, 16);SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, "AES");IvParameterSpec ivParameterSpec = new IvParameterSpec(ivBytes);Cipher cipher = Cipher.getInstance("AES/CBC/NOPADDING");cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivParameterSpec);byte[] decryptedBytes = cipher.doFinal(encryptedBytes);int paddingLength = decryptedBytes[decryptedBytes.length - 1];byte[] unpaddedData = new byte[decryptedBytes.length - paddingLength];System.arraycopy(decryptedBytes, 0, unpaddedData, 0, unpaddedData.length);return new String(unpaddedData, StandardCharsets.UTF_8);}public static void main(String[] args) {try {String encryptedText = "your base64 encoded encrypted text";String key = "your key";String decryptedText = decrypt(encryptedText, key);System.out.println("Decrypted Text: " + decryptedText);} catch (Exception e) {e.printStackTrace();}}}
#include <iostream>#include <cstring>#include <vector>#include <openssl/aes.h>#include <openssl/rand.h>#include <openssl/evp.h>#include <openssl/bio.h>#include <openssl/buffer.h>using namespace std;std::string base64_decode(const std::string& encoded_text) {BIO* bio = BIO_new(BIO_f_base64());BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);BIO* bmem = BIO_new_mem_buf(encoded_text.c_str(), encoded_text.length());bio = BIO_push(bio, bmem);char* buffer = new char[encoded_text.length()];memset(buffer, 0, encoded_text.length());BIO_read(bio, buffer, encoded_text.length());BIO_free_all(bio);std::string decoded_text(buffer);delete[] buffer;return decoded_text;}std::string aes_decrypt(const std::string& encrypted_text, const std::string& key) {std::string decrypted_text;// Decode the key with added plus signstd::string decoded_key = base64_decode(key + "=");// Convert key to 256-bit formatunsigned char aes_key[32];memset(aes_key, 0, sizeof(aes_key));memcpy(aes_key, decoded_key.c_str(), decoded_key.length());// Generate IV from first 16 bytes of keyunsigned char iv[AES_BLOCK_SIZE];memset(iv, 0, sizeof(iv));memcpy(iv, aes_key, AES_BLOCK_SIZE);// Create AES decryption contextAES_KEY aes_decrypt_key;AES_set_decrypt_key(aes_key, 256, &aes_decrypt_key);// Base64 decode the encrypted textstd::string decoded_text = base64_decode(encrypted_text);// Decrypt the textstd::vector<unsigned char> decrypted_bytes(decoded_text.length());AES_cbc_encrypt(reinterpret_cast<const unsigned char*>(decoded_text.c_str()),decrypted_bytes.data(),decoded_text.length(),&aes_decrypt_key,iv,AES_DECRYPT);// Remove PKCS7 paddingint padding = decrypted_bytes.back();decrypted_text = std::string(decrypted_bytes.begin(), decrypted_bytes.end() - padding);return decrypted_text;}int main() {std::string encrypted_text = "your base64 encoded encrypted text";std::string key = "your base64 encoded key";std::string decrypted_text = aes_decrypt(encrypted_text, key);std::cout << "Decrypted Text: " << decrypted_text << std::endl;return 0;}
function aes_decrypt($encrypted_text, $key) {// Decode the key$decoded_key = base64_decode($key . '=');// Convert key to 256-bit format$aes_key = str_pad($decoded_key, 32, "\\0");// Generate IV from first 16 bytes of key$iv = substr($aes_key, 0, 16);// Base64 decode the encrypted text$decoded_text = base64_decode($encrypted_text);// Decrypt the text$decrypted_text = openssl_decrypt($decoded_text, 'AES-256-CBC', $aes_key, OPENSSL_RAW_DATA,$iv);return $decrypted_text;}$encrypted_text = "your base64 encoded encrypted text";$key = "your base64 encoded key";$decrypted_text = aes_decrypt($encrypted_text, $key);echo "Decrypted Text: " . $decrypted_text;
import base64from Crypto.Cipher import AESdef aes_decrypt(encrypted_text, key):# Decode the keydecoded_key = base64.b64decode(key + '=')# Convert key to 256-bit formataes_key = decoded_key.ljust(32, b'\\0')# Generate IV from first 16 bytes of keyiv = aes_key[:16]# Base64 decode the encrypted textdecoded_text = base64.b64decode(encrypted_text)# Decrypt the textcipher = AES.new(aes_key, AES.MODE_CBC, iv)decrypted_text = cipher.decrypt(decoded_text)# Remove PKCS7 paddingpadding = decrypted_text[-1]decrypted_text = decrypted_text[:-padding]return decrypted_text.decode('utf-8')encrypted_text = "your base64 encoded encrypted text"key = "your base64 encoded key"decrypted_text = aes_decrypt(encrypted_text, key)print("Decrypted Text:", decrypted_text)