Mini Program
取消
Development
中文
EN
取消
  • Guide

    • # Security keyboard

    From the base library 2.18.0 Start support

    A lot of Mini programs need to enter some sensitive information, such as passwords, ID cards, phone numbers and so on. The unprofessional practice is to use plaintext to submit to the business background, which is very easy to leak out in network transmission, and does not meet compliance requirements. There are also improvements in the use of javascript to encrypt sensitive information, such as encrypting passwords in plain text into ciphertext and submitting them to the business backend. However, because the nature of the Mini Program is based on H5 technology, the security is not high, such as using JavaScript on H5 is easier to see the encryption logic, or the encryption strength is not enough, third-party input method monitoring, memory traversal, etc., It will still cause password leakage and other problems.

    In order to improve the ecological security of WeChat open platform, aiming at the security problems that may exist in the digital password input scene in the mini program, WeChat sideinputComponent opens the secure keyboard type. By introducing the secure keyboard, the Mini Program can encrypt the key information in the process of user input, prevent the keyboard eavesdropping, protect the memory, and effectively protect the security of user data assets.

    # Safety keyboard protection principle

    The security keyboard uses asymmetric encryption and decryption algorithm, which requires two keys, one called public key, which can be made public, and the other called private key, which needs private custody. Which public key encryption ciphertext, only the private key can be solved, and through the public key can not calculate the private key, so even if the hacker to get the public key can not decrypt ciphertext. We generally put the public key on the client (such as the Mini Program environment) to encrypt, and the private key is placed in the business background, so that only the background can decrypt. It's easier for hackers to attack local clients, but it's much harder to hack backends. Even some services store the private key into the hardware encryption machine chip, this situation is no way for hackers to get the private key, so the use of asymmetric encryption and decryption algorithm is the security keyboard recommended mode, security can be guaranteed. In order to ensure the privacy value of the private key, we require different Mini Program businesses to use their own unique public and private key pairs. This can be perfect to do business encryption data isolation, business A public key encryption data, only business A own private key can be solved, business A is responsible for protecting their own unique private key. In order to prove that a public key belongs to service A, we will issue a digital certificate to the developer of service A. The digital certificate is signed by Tencent official, ensuring reliability and immutability. The private key of the business is generated in the process of applying for a digital certificate from Tencent, and the business is responsible for managing its own private key. In this process, Tencent can only access the public key, and can not get the business's own private key, which means that even Tencent can not decrypt the password entered by the user of the Mini Program business. In order to meet the requirements of national compliance, we have issued a numeric certificate for the domestic cryptographic algorithm, which means that the asymmetric encryption and decryption algorithm uses the sm2 algorithm, rather than the international algorithm such as rsa.

    Different Mini Program services, the format of the data that may be encrypted may have different requirements, such as when the password entered by the user is "123456," and some services can directly encrypt the plaintext. Some businesses may want to do a hash before encryption, such as using md5("123456"), After doing the hash, it can more effectively protect the user's plaintext password, so that the business is not good to speculate what the user's actual password is. Other services may use sha1 hash algorithm sha1("123456"), There are also businesses that use the more compliant domestic password hashing algorithm sm3 ("123456"), and even some businesses want to add some obfuscated characters (called salt in cryptography) to the plaintext of the password to better protect it, and it may become sm3.("123456+abc" ), Here "+ abc" is an example of the extra obfuscated character. Therefore, in order to allow different Mini Program businesses to have encryption formats that meet their own business needs, the Mini Program security keyboard also opens the ability to configure the password format. To better align with your overall business, however, this format is not universally compatible, so when you apply the Mini Program security keyboard, it may involve some retrofitting of the backend security service, so evaluate the feasibility in advance.

    # Use Process

    # 1 Generate Certificate Signing Request

    Developers can generate their own public and private keys, certificate signing requests, and can also generate certificate signing requests through the tools provided by WeChat. Via the tools available on the WeChat side (Windows / Mac) The steps for generating a certificate signing request are as follows:

    1. Via SM2 Generate Key The pair function generates the public key and the private key

    1. Via SM Generate Cert CSR function generates CSR

    # 2 Generate a certificate

    In the Mini Program management backgroundDevelopment-Development management-Development settings-Secure Keyboard CertificateFill the CSR section to generate.

    # 3 Use of Certificates

    1. Place the generated certificate into the Mini Program code package.
    2. ininputComponent, set type = "safe-password," and set the relevant parameters ( safe-password-cert-path、safe-password-time-stamp、safe-password-length、safe-password-nonce、safe-password-salt、safe-password-custom-hash)。

    # Code Examples

    <input 
  style="border: 1px solid blue"
  type="safe-password"
  placeholder="123456" 
  safe-password-cert-path="/Minipro _test_cert.crt" 
  safe-password-time-stamp="1618390369" 
  safe-password-nonce="1618390369" 
  safe-password-salt="zefengwang" 
  safe-password-custom-hash="md5(sha1('foo' + sha256(sm3(password + 'bar'))))"
  bind:blur="onBlur" 
  bind:input="onInput" 
  value="{{value}}"
></input>
<button bind:tap="onClear">clear</button>

<view>{{detail}}</view>

    Page({
  data: {
    value: '123'
  },
  onInput (res) {
    console.log('onInput',  res)
    this.setData({
      value: res.detail.value,
    })
  },
  onClear() {
    this.setData({
      value: '',
    })
  },
  onConfirm() {
    console.log('confirm')
  },
  onBlur(res) {
    console.log('onBlur', res)
    this.setData({
      detail: JSON.stringify(res.detail, null, 2)
    })
  },
})

    # coded text

    # Ciphertext format

    In order to protect the user password, a variety of cryptographic algorithms are used to protect the user's sensitive information. These algorithms can be flexibly configured according to the actual needs of the Mini Program business, because different Mini programs use different password encryption formats, so it is necessary to do the configuration in line with their own business.

    The common format of the Mini Program security keyboard after encrypting the user's password is as follows:

    'V02_' + sm2(header + timestamp + '0' + pbkdf_hmac_hex(password, salt) + '0' + nonce + '0' + random number)

    Of which, pbkdf_hmac_hex()The algorithmic expression that evaluates the hash for the secure keyboard can be set by the safe-password-custom-hash property. The first two bytes of the header identify the password hash algorithm:

    1. 0x00 0x00: custom hash
    2. 0x00 0x07: pbkdf_hmac_hex

    This format takes into account several security factors:

    1. Anti-replay: pass in the correct timestamp timestamp, encrypt nonce each time Maintain autoincrement to ensure that even if the password is the same, each encryption ciphertext is not the same
    2. Bulls-proof: sm2 asymmetric algorithm itself guarantees the possibility of a Bulls-proof hack
    3. Built-in pbkdf_hmac_hex Algorithm, you can also customize the hash algorithm
    4. Prevent rainbow table attacks: Mini Programs developers can customize dynamic salt

    Mini Programs developers who intend to use secure keyboards first generate sm2 locally Secret key pair, and then go to the Mini Program management background to apply for the Mini Program security keyboard digital certificate. After the certificate is issued, it needs to be released together with the Mini Program code. When the Mini Program calls the security keyboard, it needs to pass in the Mini Program security keyboard numeric certificate, after completing the certificate compliance verification, extract the certificate public key and use sm2 Algorithm to encrypt user data. Because uses the certificate public key encryption, only then uses the developer own to hold the private key to be possible to decrypt the data plain text. In the process of network transmission, even if the ciphertext is intercepted maliciously, the attacker cannot get the plaintext.

    # How to Decrypt or Verify Secrets

    'V02_' + sm2(header + timestamp + '0' + hash(password, salt) + '0' + nonce + '0' + random number)

    After receiving the ciphertext in the background, parse it according to the above format: 1、 Remove ciphertext 4 byte prefix 2、 Use sm2 corresponding to the Mini Program secure keyboard certificate Private key decryption, get plaintext data 3、 Parsing plaintext data, you can get a timestamp, password hash, nonce Equal field

    First of all, the Mini Program developer background can only get desensitized after the password hash, can not get plaintext. Of course, according to compliance requirements, the background should not get the user password in plain text. Secondly, the Mini Program developer background should properly save the password hash, as the basis for matching the user password is consistent. For example, in the registration or password change process, the background SM2 The private key decrypts the password hash The hash should then be persisted in the database (or other storage technology). In the subsequent user login or other password verification scenarios, by comparing the user's requested password hash And the previously saved password hash To determine whether the password is verified.