说明

针对上行参数 value，做加密处理，基本思路每个项目拥有有不同的私钥因子（通过定义后台配置），最终的私钥=md5(私钥因子 + uid)，得到32位的私钥，客户端与服务端以同样逻辑来处理私钥。

加密处理流程：

aes加密；

针对密文base64编码；

进一步urlencode编码

解密时按（c）（b）（a）顺序依次执行。

每个项目使用不同的秘钥，秘钥长度32位字符串

注意

需要和客户端（iOS+Android）验证三端加密串一致，且互相能够解密。

代码

NodeJs代码

//引入nodejs加密核心库

varcrypto =require('crypto');

//加密公共密钥 32位

varkeys ='9ce62c1836d128cfc875c9026db7564c';

//编码设置

varclearEncoding ='utf8';

//加密方式

varalgorithm ='aes-256-ecb';

//向量

variv ="";

//加密类型 base64/hex...

varcipherEncoding ='hex';

exports.encodeCipher =function(data){

   try{

       varcipher = crypto.createCipheriv(algorithm, keys, iv);

       varcipherChunks = [];

        cipherChunks.push(cipher.update(data, clearEncoding, cipherEncoding));

        cipherChunks.push(cipher.final(cipherEncoding));

       returncipherChunks.join('');

    }catch(e){

       return10004;

    }

}

exports.decodeCipher =function(data){

   try{

       varcipherChunks = [data];

       vardecipher = crypto.createDecipheriv(algorithm, keys, iv);

       varplainChunks = [];

       for(vari =0;i < cipherChunks.length;i++) {

            plainChunks.push(decipher.update(cipherChunks[i], cipherEncoding, clearEncoding));

        }

        plainChunks.push(decipher.final(clearEncoding));

       returneval_r("("+plainChunks.join('')+")");//转成对象，方便程序中使用

    }catch(e){

       return10003;

    }

}

IOS代码

- (NSData*)AES256EncryptWithKey:(NSData*)key  //加密

{

   //對於塊加密算法，輸出大小總是等於或小於輸入大小加上一個塊的大小

   //所以在下邊需要再加上一個塊的大小

   NSUIntegerdataLength = [selflength];

    size_t bufferSize = dataLength + kCCBlockSizeAES128;

   void*buffer = malloc(bufferSize);

    size_t numBytesEncrypted =0;

    CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128,

                                          kCCOptionPKCS7Padding | kCCOptionECBMode,

                                          [key bytes], kCCKeySizeAES256,

                                         NULL,

                                          [selfbytes], dataLength,

                                          buffer, bufferSize,

                                          &numBytesEncrypted);

   if(cryptStatus == kCCSuccess) {

       return[NSDatadataWithBytesNoCopy:buffer length:numBytesEncrypted];

    }

    free(buffer);//釋放buffer

   returnnil;

}

- (NSData*)AES256DecryptWithKey:(NSData*)key  //解密

{

   //同理，解密中，密鑰也是32位的

   constvoid* keyPtr2 = [key bytes];

   constchar(*keyPtr)[32] = keyPtr2;

   //對於塊加密算法，輸出大小總是等於或小於輸入大小加上一個塊的大小

   //所以在下邊需要再加上一個塊的大小

   NSUIntegerdataLength = [selflength];

    size_t bufferSize = dataLength + kCCBlockSizeAES128;

   void*buffer = malloc(bufferSize);

    size_t numBytesDecrypted =0;

    CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128,

                                          kCCOptionPKCS7Padding | kCCOptionECBMode,

                                          keyPtr, kCCKeySizeAES256,

                                         NULL,

                                          [selfbytes], dataLength,

                                          buffer, bufferSize,

                                          &numBytesDecrypted);

   if(cryptStatus == kCCSuccess) {

       return[NSDatadataWithBytesNoCopy:buffer length:numBytesDecrypted];

    }

    free(buffer);

   returnnil;

}

JAVA代码

packagecom.cityfore.smarthome.hd.util;

importjava.security.Key;

importjava.security.Security;

importjavax.crypto.Cipher;

importjavax.crypto.SecretKey;

importjavax.crypto.spec.SecretKeySpec;

importorg.bouncycastle.jce.provider.BouncyCastleProvider;

publicclassAES256{

 privatestaticfinalString KEY_ALGORITHM ="AES";

 privatestaticfinalString CIPHER_ALGORITHM ="AES/ECB/PKCS7Padding";

 privatestaticKeytoKey(byte[] key)throwsException{

   //实例化DES密钥

   //生成密钥

    SecretKey secretKey =newSecretKeySpec(key, KEY_ALGORITHM);

   returnsecretKey;

  }

 publicstaticStringbytes2String(bytebuf[]){

    StringBuffer sb =newStringBuffer();

   for(inti =0; i < buf.length; i++) {

      String hex = Integer.toHexString(buf[i] &0xFF);

     if(hex.length() ==1) {

        hex ='0'+ hex;

      }

      sb.append(hex);

    }

   returnsb.toString();

  }

 publicstaticbyte[] string2Bytes(String hexString) {

   intlen = hexString.length() /2;

   byte[] result =newbyte[len];

   for(inti =0; i < len; i++) {

      result[i] = Integer.valueOf(hexString.substring(2* i,2* i +2),16).byteValue();

    }

   returnresult;

  }

 publicstaticStringencrypt(String data, String key){

   try{

     //还原密钥

      Key k = toKey(key.getBytes());

      Security.addProvider(newBouncyCastleProvider());

      Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM,"BC");

     //初始化，设置为加密模式

      cipher.init(Cipher.ENCRYPT_MODE, k);

     //执行操作

     returnbytes2String(cipher.doFinal(data.getBytes()));

    }catch(Exception e) {

    }

   returnnull;

  }

 publicstaticStringdecrypt(String data, String key){

   try{

      Key k = toKey(key.getBytes());

      Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);

     //初始化，设置为解密模式

      cipher.init(Cipher.DECRYPT_MODE, k);

     //执行操作

     returnnewString(cipher.doFinal(string2Bytes(data)));

    }catch(Exception e) {

    }

   returnnull;

  }

}

PHP代码

classOpensslAES

{

   // PHP >= 5.3.0

   constMETHOD ='aes-256-ecb';

   publicstaticfunctionencrypt($message,$key)

   {

       if(mb_strlen($key,'8bit') !==32) {

           thrownewException("Needs a 256-bit key!");

        }

       $ivsize= openssl_cipher_iv_length(self::METHOD);

       $iv= openssl_random_pseudo_bytes($ivsize);

       $ciphertext= openssl_encrypt(

           $message,

           self::METHOD,

           $key,

            OPENSSL_RAW_DATA,

           $iv

        );

       return$iv.$ciphertext;

    }

   publicstaticfunctiondecrypt($message,$key)

   {

       if(mb_strlen($key,'8bit') !==32) {

           thrownewException("Needs a 256-bit key!");

        }

       $ivsize= openssl_cipher_iv_length(self::METHOD);

       $iv= mb_substr($message,0,$ivsize,'8bit');

       $ciphertext= mb_substr($message,$ivsize,null,'8bit');

       returnopenssl_decrypt(

           $ciphertext,

           self::METHOD,

           $key,

            OPENSSL_RAW_DATA,

           $iv

        );

    }

}

// string

$original='9.9';

// encrypt key

$key='9642f6b792d86dadf1144367111964b9';

// uid

$uid='1133317534580800';

// 加密

$toEnc= OpensslAES::encrypt($original, md5($key.$uid);

$toEnc= bin2hex($toEnc);

$toEnc= base64_encode($toEnc);

$toEnc= urlencode($toEnc);

print_r($toEnc);// NmI5ODI0ZjgyMWZiZDM1NTkzOThkYzY1NWIxZjE1OGQ%3D

// 解密

$toDec='NmI5ODI0ZjgyMWZiZDM1NTkzOThkYzY1NWIxZjE1OGQ%3D';

$toDec= urldecode($toDec);

$toDec= base64_decode($toDec);

$toDec= hex2bin($toDec);

$original= OpensslAES::decrypt($toDec, md5($key.$uid));

print_r($original);// 9.9