WeChat public platform development: message encryption

高洛峰
Release: 2017-02-27 13:36:58
Original
3051 people have browsed it

Not long ago, WeChat’s enterprise account used mandatory message encryption, and then the official account also added optional message encryption options. Currently, the encryption methods for enterprise accounts and official accounts are the same (the formats will be slightly different).

Encryption Settings

Enter the "Developer Center" in the background of the official account, and we can see the settings for Url docking:

WeChat public platform development: message encryption

Click [Modify settings], you can enter the modification page:

WeChat public platform development: message encryption

There are three encryption methods:

Plain text mode, which is the original message format

Compatibility mode, plaintext and ciphertext will coexist. It is not recommended to use officially released products (because it still contains plaintext and cannot achieve the encryption effect)

Security mode, in this mode the message will It will be encrypted, and the developer's server can decrypt it through the official algorithm to obtain the original message in plaintext mode.

For all encrypted messages, the returned information also needs to be encrypted.

Processing encrypted information

Senparc.Weixin.MP has automatically judged the three types of messages. There is no need to pay attention to any decryption and encryption processes during the development process, and it still remains in "plain text mode" development process.

In the corresponding MessageHandler, we can know the current encryption status through some parameters:

messageHandler.UsingEcryptMessage: whether encrypted information is used (including compatibility mode and security mode)

MessageHandler.UsingCompatibilityModelEcryptMessage: Whether compatibility mode encryption information is used

Through the combination of the above two properties, we can know which encryption mode is currently used by the account (of course, in most cases, developers have no need to care).

In order to better track information, MessageHandler has added the FinalResponseDocument attribute:

messageHandler.ResponseDocument: plain text structure of the response data XML object

messageHandler.FinalResponseDocument: final The XML object that will be returned to the server will be consistent with the ResponseDocument if it is not encrypted, otherwise it will be automatically encrypted

Encryption principle

Related encryption algorithms (including sample downloads in several languages) ) can be found in the official help document: http://mp.weixin.qq.com/wiki/index.php?title=%E6%8A%80%E6%9C%AF%E6%96%B9%E6 %A1%88

What I want to explain here is EncodingAESKey. The official explanation is a bit confusing. In fact, EncodingAESKey is a Base64 encoding of AESKey, and AESKey is a random string of length 32 (selected from a-z, A-Z, 0-9). Since the Base64 encoding length of 32 characters is fixed at 44 (the last character is =), after removing the =, the final EncodingAESKey of 43 characters is generated. EncodingAESKey is used in the process of message encryption and decryption, and strict confidentiality is required.

The following is a C# code to generate EncodingAESKey:

protected string CreateEncodingAESKey()
        {
            string aesKey = GetRadomStr(32);//获得a-z,A-Z,0-9的随机字符串
            var encodingAesKey = Convert.ToBase64String(Encoding.UTF8.GetBytes(aesKey), Base64FormattingOptions.None);
            return encodingAesKey.Substring(0, encodingAesKey.Length - 1);
        }
Copy after login


For more WeChat public platform development: message encryption related articles, please pay attention to the PHP Chinese website!


Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template