What is a signature? How can I ensure the security of API interfaces and data between servers and apps?

Source: Internet
Author: User
Tags asymmetric encryption
I have heard of some signatures and symmetric encryption, but I don't know what to understand. How do you sign and encrypt them between servers and apps? How do you call signatures? Thank you. I have heard of some signatures and symmetric encryption, but I don't know what to understand. How do you sign and encrypt them between servers and apps? How do you call signatures? Thank you.

Reply content:

I have heard of some signatures and symmetric encryption, but I don't know what to understand. How do you sign and encrypt them between servers and apps? How do you call signatures? Thank you.

Access token is a method. In the early days, appid and appkey methods were simple. To be more complex, you can use RSA encryption.

The landlord's question is how to implement encrypted communication to prevent external API calls. Here is a solution for you.
The server and client store a TOKEN respectively. To prevent the decompilation, we use C language to write a file and perform shelling and obfuscation.
When the client accesses any interface of the Server API, the client must bring a special field, which is the signature. The signature generation method is as follows:
The accessed interface name + timestamp + encrypted TOKEN is used for overall MD5, and the client submits the local timestamp as a plaintext parameter to the server.
The server will first verify the two parameters: the verification timestamp. If the time difference exceeds the server's plus or minus one minute, the server will reject the access (to prevent the server from repeatedly requesting packets to be captured, plus or minus one minute is to prevent time errors, adjustable Parameters ),
Then, the server will generate a new signature based on the requested API address and the submitted timestamp plus the locally stored token according to MD5, and compare the signature. If the signature is consistent, the server will verify the signature, go to the next API Logic

Most servers and apps are called through interfaces, such as the user list. /User/list/
There is an encrypted token in post to/user/list/, which is used to verify whether you are a legal visitor. And now many development platforms such.


This is an example of valid signature verification. They use encryption mechanisms and tokens to perform secondary encryption. Then obtain valid verification.
You can join the group: 231566327 for further discussion.

What about signature and symmetric encryption? Generally, the signature uses asymmetric encryption algorithms. For example, if your company has two systems (A and B), the two systems can trust each other, but you do not want to log on from A to B and you need to enter the user name and password (because this will leak the user). Then you can configure an asymmetric encryption signature method. For example, if A stores the private key of the asymmetric encryption algorithm, B stores the corresponding public key. Use the private key in A to encrypt something and upload it to B. Then, B can use the public key to prove the identity of A, which is indeed from.
Not to mention asymmetric encryption ///

Https flood

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.