# Summary
Third-party platform developers in lieu of licensing Official Account message template When receiving and processing messages, for security reasons, the content of the message must be encrypted and decrypted.
This article describes how to use sample code access to encryption and decryption, reference to this article and the use of sample code, encryption and decryption access will be very simple. For further details, please see《 Official Account message template Third Party Platform Encryption and Decryption Technology Scheme >
First, note that developers need to encrypt and decrypt messages when they receive messages and events (some events may require a reply, which also needs to be encrypted). However, by API Encryption is not required when actively calling interfaces, including calling the customer service messaging interface to send messages.
The developer canWeChat Official Platform interface debugging tools, select "message interface debugging" in the interface type, and select safe mode encryption debugging, online debugging of message encryption and decryption.
# Message type
Third-party platforms may receive two types of messages:
The user sends to the Official Account message template/The message of the Mini Program (collected by the third-party platform). At this time, the message XML ToUserName (that is, the recipient) is the Official Account message template/Mini Program Original ID (available through theAccess to the Authorized Party's account basic information interfaceTo get).
Notification or event push sent by WeChat to the third-party platform itself (such as cancellation notification, component)_verify_ticket Push, etc.). At this time, the message XML Not in the body. ToUserName Field, but rather AppId Field, that is, the third-party platform's AppId. This kind of system event push notification, the service developer also needs to decrypt when received, and only needs to return the string directly after receiving it.
success
。
The specific message encryption and decryption practice is, when the concern with the authorized Official Account message template When interacting, Official Account message template The third party platform will receive the corresponding message push and event push. To enhance safety, this process will be carried out 2 One measure:
- After receiving the authorization Official Account message template Messages and events of the URL In, increase 2 Parameters (previously 2 Parameters, timestamp Timestamp, random number Nonce), respectively, are encrypt_Type (encryption type, for Aes) and msg_Signature (message body signature, used to verify the correctness of the message body)
2,post data to hit the target XML Body, will use the encryption of the received message when the third party platform is applied symmetric_Key (also known as EncodingAESKey) for encryption.
# sample code
WeChat Official Platform provides c++, php, java, python, c# 5 Example code in three languagesClick to downloadBefore running the sample code, read the corresponding readme File), the class name and interface name are the same for each language, and the following is C++ Illustrated by example.
1. Function explaination
1.1. Constructor
// @param sToken: A verification token for the received message filled in at the time of the third-party platform application
// @param sEncodingAESKey: Encrypted symmetric of received messages filled in when a third-party platform applies_key
// @param sAppid: Official Account message template Appid for third-party platforms
WXBizMsgCrypt(const std::string &sToken,
const std::string &sEncodingAESKey,
const std::string &sAppid)
1.2. Decryption function
// Verify the authenticity of the message and obtain the decrypted plaintext
// @param sMsgSignature: Signature string, corresponding to the msg of the URL parameter_signature
// @param sTimeStamp: Timestamp, the timestamp corresponding to the URL parameter
// @param sNonce: Random string, corresponding to the nonce of the URL parameter
// 初始值 sPostData: Ciphertext, the data corresponding to the POST request
// @param sMsg: Decrypted plaintext, valid when return returns 0
// @return: Success 0, failure returns the corresponding error code
int DecryptMsg(const std::string &sMsgSignature,
const std::string &sTimeStamp,
const std::string &sNonce,
const std::string &sPostData,
std::string &sMsg)
1.3. Cryptographic function
//will Official Account message template Reply to the user's message encryption packaging
// @param sReplyMsg:Official Account message template Message to be replied to, xml - formatted character string
// @param sTimeStamp: Timestamp, you can generate it yourself, or you can use the timestamp of the URL parameter
// @param sNonce: Random string, you can generate your own, you can also use the nonce of the URL parameter
// @param sEncryptMsg: Encrypted ciphertext that can reply directly to the user, including msg_signature, timestamp, Nonce, an XML character string for encrypt, valid when return returns 0
// Return: Success 0, failure returns the corresponding error code
int EncryptMsg(const std::string &sReplyMsg,
const std::string &sTimeStamp,
const std::string &sNonce,
std::string &sEncryptMsg)
2. Method of use
2.1 Instantiated object
Using the constructor, instantiate an object, pass in the Official Account message template Third-party platforms Token (Verification of received messages entered when applying for the Official Account message template to the third party platform token), Official Account message template Third-party platforms appid, Official Account message template Third-party platforms EncodingAESKey (Encryption of received messages entered when applying for the Official Account message template for third-party platforms) symmetric_key)
2.2 to declassify
In safe mode, the third-party platform receives the following ciphertext message body:
encrypt_msg =
<xml>
<ToUserName></ToUserName>
<Encrypt></Encrypt>
</xml>
In the example code to call the DecryptMsg Function (to be passed in msg_signature、timestamp、nonce and Postdata, former 3 A parameter can be obtained from receiving an authorized Official Account message template Messages and events of the URL Obtained in, postdata to be considered to be POST If the call is successful, sMsg Is the output with the following plaintext xml Message body:
<xml>
<ToUserName></ToUserName>
<FromUserName></FromUserName>
<CreateTime>1411035097</CreateTime>
<MsgType></MsgType>
<Content></Content>
<MsgId>6060349595123187712</MsgId>
</xml>
2.3 The public account handles messages and generates messages that need to be replied to the WeChat Official Platform. xml The body of the message, assuming the following is replied:
res_msg =
<xml>
<ToUserName></ToUserName>
<FromUserName></FromUserName>
<CreateTime>1411034505</CreateTime>
<MsgType></MsgType>
<Content></Content>
<FuncFlag>0</FuncFlag>
</xml>
2.4 Packet return encryption
初始值 EncryptMsg Interface, the incoming need to reply to the WeChat Official Platform res_msg, timestamp, nonce, If the encryption is successful, sEncryptMsg Is a ciphertext message body, with the following contents:
<xml>
<Encrypt>
<![CDATA[LDFAmKFr7U/RMmwRbsR676wjym90byw7+hhh226e8bu6KVYy00HheIsVER4eMgz/VBtofSaeXXQBz6fVdkN2CzBUaTtjJeTCXEIDfTBNxpw/QRLGLq
qMZHA3I+JiBxrrSzd2yXuXst7TdkVgY4lZEHQcWk85x1niT79XLaWQog+OnBV31eZbXGPPv8dZciKqGo0meTYi+fkMEJdyS8OE7NjO79vpIyIw7hMBtEXPBK/tJGN5m5SoAS
6I4rRZ8Zl8umKxXqgr7N8ZOs6DB9tokpvSl9wT9T3E62rufaKP5EL1imJUd1pngxy09EP24O8Th4bCrdUcZpJio2l11vE6bWK2s5WrLuO0cKY2GP2unQ4fDxh0L4ePmNOVFJ
wp9Hyvd0BAsleXA4jWeOMw5nH3Vn49/Q/ZAQ2HN3dB0bMA+6KJYLvIzTz/Iz6vEjk8ZkK+AbhW5eldnyRDXP/OWfZH2P3WQZUwc/G/LGmS3ekqMwQThhS2Eg5t4yHv0mAIei
07Lknip8nnwgEeF4R9hOGutE9ETsGG4CP1LHTQ4fgYchOMfB3wANOjIt9xendbhHbu51Z4OKnA0F+MlgZomiqweT1v/+LUxcsFAZ1J+Vtt0FQXElDKg+YyQnRCiLl3I+GJ/c
xSj86XwClZC3NNhAkVU11SvxcXEYh9smckV/qRP2Acsvdls0UqZVWnPtzgx8hc8QBZaeH+JeiaPQD88frNvA==]]> </Encrypt>
<MsgSignature></MsgSignature>
<TimeStamp>1411034505</TimeStamp>
<Nuncio></Nuncio>
</xml>
3. Note
1.EncodingAESKey The length is fixed for 43 One character, from a-z,A-Z,0-9 common 62 Selected in a character.
- For security reasons, the Open Platform Web site provides modifications EncodingAESKey The function (in the EncodingAESKey Modified when it may leak), so it is recommended that the public account save the current and previous EncodingAESKey, if current EncodingAESKey Decryption fails, an attempt is made with the last EncodingAESKey Of the decryption. When returning the package, which one to use Key Decryption is successful, use this Key Encrypt the corresponding return packet.