Recently doing a project, connect to recharge with a pay channel, for safety, each interface to access, you have to landing (landing call interfaces), to get a sessionKey, subsequent service interface content with it for 3DES encryption . The landing will need to sign RSA encryption process. Probably is one such business processes.
First, the key generation and management:
1 interaction, both sides of each generate a pair of keys: a public key and a private key;
2, to retain their own private key to the public key to the other party;
3, with its private key to sign the other side the public key inspection sign;
4, encrypted with the public key of the other party, its own private key to decrypt;
Second, the need to use the key certificates:
1, the other public key
2, public key
3, the private key
Third, the user login
request:
1, with [other] public clear data [] RSA encryption, the result Base64String -> the InputData
2, this private key with [] of the plain text data for MD5 [RSA Signature], results Base64String -> InputData_Sign
. 3, [take] public key certificate of the present flow, results Base64.encode () -> CerData
. 4, with the private key of the present [] content after pre-MD5 for [RSA public key signature], results Base64String -> CerData_Sign
response:
1, with [] of the present SessionKey private key for RSA decryption] [-> SessionKey
2, with the [other] public key of the decrypted SessionKey [RSA been stamped ] -> SessionKey_Sign
Fourth, the business processing
request:
1, with the SessionKey [] [clear data 3DES encryption] -> the InputData
2, this private key with [] of the plain text data for MD5 [RSA Signature] -> InputData_Sign
Response:
1 , with [] to return data SessionKey [3DES decryption] -> the OutputData
2, [with] the present public key of the decrypted data [] RSA been stamped -> OutputData_Sign