[图片]

若不使用官方人脸核身，能否使用第三方h5人脸核身？

https://developers.weixin.qq.com/miniprogram/dev/OpenApiDoc/getting_started/api_signature.htmlhttps://developers.weixin.qq.com/miniprogram/dev/OpenApiDoc/getting_started/api_signature.htmlhttps://developers.weixin.qq.com/miniprogram/dev/OpenApiDoc/getting_started/api_signature.html 我这里加密后，解密有时候成功，有时候返回false，有人知道怎么回事，问微信官方，官方也是一问三不知，搞了快一周还没解决这个问题。  //服务端api加密     public static function getRequestParam($url, $req)     {         $key = base64_decode(self::apiAES256['key']);         $sn = self::apiAES256['sn'];         $appId = self::miniAppID;         $time = time();         //16位随机字符         $nonce = rtrim(base64_encode(random_bytes(16)), '=');         $nonce = base64_encode(random_bytes(16));         $addReq = ["_n" => $nonce, "_appid" => $appId, "_timestamp" => $time];         $realReq = array_merge($addReq, $req);         ksort($realReq);         $realReq = json_encode($realReq);         //额外参数         $aad = $url . "|" . $appId . "|" . $time . "|" . $sn;         //12位随机字符         $iv = random_bytes(12);         //var_dump($iv);         $cipher = openssl_encrypt($realReq, "aes-256-gcm", $key, 1, $iv, $tag, $aad);         echo '<br>---------encrypt paras start-------------<br>';         echo '<pre>';         echo '$realReq：';         var_dump($realReq);         echo '$key：';         var_dump($key);         echo '$iv：';         var_dump(base64_encode($iv));         echo '$tag：';         var_dump(base64_encode($tag));         echo '$aad：';         var_dump($aad);          echo '<br>--------- encrypt paras end-------------<br>';         $iv = base64_encode($iv);         $data = base64_encode($cipher);         $authTag = base64_encode($tag);         $reqData = ["iv" => $iv, "data" => $data, "authtag" => $authTag];         //校验本地加密是否正确 非必须         //$checkParam = self::checkParam($key, $authTag, $iv, $data, $aad);         return ['ts' => $time, 'reqData' => json_encode($reqData)];     }          //服务端api签名，$newRe参数是经过服务端api加密后的请求参数     public static function sign(array $newRe, $url_path)     {         $time = $newRe['ts'];         $key = self::apiRSA256['private_key'];         $url = $url_path;         $appId = self::miniAppID;         $reqData = $newRe['reqData'];         $payload = "$url\n$appId\n$time\n$reqData";         $rsa = new RSA();         $rsa->loadKey($key);         $rsa->setHash("sha256");         $rsa->setMGFHash("sha256");         $signature = $rsa->sign($payload);         return base64_encode($signature);     }               //服务端验对api返回的加密的结果进行解密，得到真实返回     public static function jM($ts, $body, $url_path)     {          echo '<br>---------decrypt paras start-------------<br>';         echo '<pre>';         echo '$ts：';         var_dump($ts);         echo '$body：';         var_dump($body);         echo '$url_path：';         var_dump($url_path);          echo '<br>--------- decrypt paras end-------------<br>';                   $url = $url_path;         $appId = self::miniAppID;;         $sn = self::apiAES256['sn'];         $aad = $url . '|' . $appId . '|' . $ts . '|' . $sn;         $key = self::apiAES256['key'];         $key = base64_decode($key);         $iv = base64_decode($body['iv']);         $data = $body['data'];         // if (strlen($data) % 16) {         //     $data = str_pad($data,strlen($data) + 16 - strlen($data) % 16, "\0");         // }         $data = base64_decode($data);         $tag = base64_decode($body['authtag']);         //print_r($tag);         //print_r($data);         $result = openssl_decrypt($data, "aes-256-gcm", $key, 1, $iv, $tag, $aad);         var_dump( openssl_error_string());         var_dump($result);         if (!$result) {             print_r(openssl_error_string());             while ($msg = openssl_error_string())                 {                     echo "<br>ERROR: " . $msg;                 }          }         //$result = \Qiniu\json_decode($result,true);         return $result;     }