How can this problem be solved? in the applet document, if the user logs on to the returned data, the following decryption algorithm is required for the interface that involves sensitive data (such as wx. openid in getUserInfo), the interface's plaintext content does not contain sensitive data. If the developer needs to obtain the sensitive information, how can this problem be solved? can you provide a solution?
In the applet document, the decryption algorithm is as follows:
If the interface involves sensitive data (such as the openid in wx. getUserInfo), the plaintext content of the interface does not contain sensitive data. To obtain sensitive data, developers must perform symmetric decryption on the encrypted data returned by the interface. The decryption algorithm is as follows:
Symmetric decryption algorithm is used for AES-128-CBC, data is filled with PKCS #7. The target ciphertext for symmetric decryption is Base64_Decode (encryptData). The symmetric decryption key aeskey = Base64_Decode (session_key). The aeskey is the 16-byte symmetric decryption algorithm initial vector iv = aeskey, which is also 16 bytes.
(Document link)
Https://mp.weixin.qq.com/debu...
Reply content:
How can we solve this problem? can we provide some ideas?
In the applet document, the decryption algorithm is as follows:
If the interface involves sensitive data (such as the openid in wx. getUserInfo), the plaintext content of the interface does not contain sensitive data. To obtain sensitive data, developers must perform symmetric decryption on the encrypted data returned by the interface. The decryption algorithm is as follows:
Symmetric decryption algorithm is used for AES-128-CBC, data is filled with PKCS #7. The target ciphertext for symmetric decryption is Base64_Decode (encryptData). The symmetric decryption key aeskey = Base64_Decode (session_key). The aeskey is the 16-byte symmetric decryption algorithm initial vector iv = aeskey, which is also 16 bytes.
(Document link)
Https://mp.weixin.qq.com/debu...
Isn't there a demo in various languages in the document below?
Https://mp.weixin.qq.com/debu...
You can use the login interface and getUserInfo interface in the applet to obtain the information and upload the required fields to the server for decryption based on the document. In fact, this instance code has been clearly written.
This document provides examples.
https://mp.weixin.qq.com/debug/wxadoc/dev/demo/aes-sample.zip?t=20161107
It provides the case of Ah https://mp.weixin.qq.com/debu...
I am wrong .. View the document carefully next time