Antecedent Review
Encrypted data (encryptedData) by wx.getUserInfo () callback is success obtained
encrypted data (encryptedData) decrypted and obtained openId unionId.
How to decrypt the official document is explained!
The first time you see above decryption instructions, I only know encryptedData and get session_key way.
session_key in Part presentations, as follows:
get session_key and openId (encryption and decryption, signature series)
Questions arising:
1: What is AES?
2: 128 What is?
3: What is the CBC that?
4: initial vector iv is what to do with?
5: filling data using PKCS # 7 What does it mean?
6: How 1,2,3,4 algorithm, the ciphertext, key, initial vector used in combination illustrate iv?
7: Base64_Decode what is it?
1. AES what is that?
US National Institute of Standards and Technology released the Advanced Encryption Standard (AES) Advanced Encryption Standard in 2001.
AES encryption is based on the data block,
i.e., each time processing data is a (16 bytes) is filled when data is not a multiple of 16 bytes,
which is called a block cipher (as distinct from the bit stream cipher based ), the packet length is 16 bytes.
AES是一个对称分组密码算法。
- 1
Briefly outline the difference between asymmetric encryption algorithm symmetric encryption algorithm.
Symmetric encryption algorithm
encryption and decryption keys are the same used, this encryption method encryption very fast, for regular data transmission occasion. The disadvantage is too much trouble to transport key.
An asymmetric encryption algorithm
for encryption and decryption keys are different, this encryption method is to use a configuration of intractable mathematical problem, encryption and decryption is typically slower, occasionally the case for transmitting data. The advantage is convenient key transport. Common non-symmetric encryption algorithm is RSA, ECC and EIGamal.
In practice, typically by the AES key RSA encryption, is transmitted to the receiving side, the receiving side AES decrypted key and then the sender and receiver communication AES key.
AES encryption function
provided AES encryption function E, the C = E (K, P) , where P is the plain text, K is the key, C is the ciphertext. That is, the plaintext P and a key K as input parameters of the encryption function, the encryption function E outputs ciphertext C.
AES decryption function
arranged AES decryption function D, the P = D (K, C) , where C is the cipher text, K is the key, P is the plain text. That is, the key K and the ciphertext C input parameters as a decryption function, the decryption function output plaintext P.
parameter
-
Plaintext P: no encrypted data through.
-
Key K: password used to encrypt plaintext, in symmetric encryption, the encryption and decryption keys are the same. Key for the recipient and sender consultations, but not directly on the transmission network. Otherwise, key leakage, usually by an asymmetric key encryption algorithm, and then transmitted through the network to each other, face to face or direct consultation key. Key is absolutely not leak, otherwise it will be to restore the ciphertext attacker to steal confidential data.
-
Ciphertext C: data encryption function after treatment
2. What is 128?
AES is a block cipher, the block cipher is a set of plaintext into a group, each equal length, each time a set of the encrypted data until a complete encryption of plaintext. In the AES standard specification, only the packet length is 128 bits, i.e., each packet is 16 bytes (8 bits per byte). The length of the key can use 128-bits, 192 bits or 256 bits. The different length of the key, the encrypted recommend different rounds, as shown in the following table:
| AES | Key length (32-bit word) | Packet length (32-bit word) | Encryption rounds |
|---|---|---|---|
| AES-128 | 4 | 4 | 10 |
| AES-192 | 6 | 4 | 12 |
| AES-256 | 8 | 4 | 14 |
Small micro-channel program uses AES-128.
3. CBC What is that?
AES是基于数据块的加密方式,也就是说,每次处理的数据是一块(16字节),
当数据不是16字节的倍数时填充,这就是所谓的分组密码(区别于基于比特位的流密码),16字节是分组长度。
即,AES把看的见的信息(明文),分成很多相同组(明文块),一般为128位(16字节)。
对每组进行单独加密,然后再把各加密块拼接成一条密文。
分组加密的几种方式
-
ECB:是一种基础的加密方式,密文被分割成分组长度相等的块(不足补齐),然后单独一个个加密,一个个输出组成密文。
-
CBC:是一种循环模式,前一个分组的密文和当前分组的明文异或操作后再加密,这样做的目的是增强破解难度。
-
CFB/OFB实际上是一种反馈模式,目的也是增强破解的难度。
ECB模式(基础加密)
处理方式:
密文快[0…n] = 加密算法(明文块[0…n],密钥)
特点:
1:相同的输入产生相同的输出。
2:不能隐藏明文的模式,可能对明文进行主动攻击;
AES默认的,最简单,但安全性不够,所以微信用了改良版CBC。
CBC模式(小程序采用)
处理方式:
密文快[0] = 加密算法(初始向量IV,明文块0,密钥)
其他密文块[1…n]=加密算法(之前的密文块,明文快,密钥)
这个模式是链式的,后一块需要前一块做基础,第一块需要一个需要初始化向量IV做基础。
相同的输入产生不同的输出。
能看到的数据是“明文+IV”或“明文+前一个密文”的乱码,所以能隐藏明文。
总结:
安全性比第一种好,所以微信小程序用AES-CBC模式,所以需要IV向量。
密文 =AES(明文、密钥、初始向量参数)
明文=AES(密文、密钥、初始向量参数)
- 1
- 2
- 3
- 4
4. PKCS#7填充是什么
因为AES的算法是把明文分组再处理的,他要求每个分组(16字节)是“满”的,即明文长度必须被16字节整除。
所以明文最后不足的16字节的要先进行数据填充,把不足16字节的最后一组补成16字节。
所以可知:明文先填充,再AES加密。
例如:明文171字节,最后一节为11个字节,需要填充5个字节(16-11)
上边是填充的原理,具体来说,填充方式有很多,PKCS#7是其中一种。
PKCS #7 字符串由一个字节序列组成,每个字节填充该字节序列的长度。
下面的示例演示这些模式的工作原理。
假定块长度为 8,数据长度为 9,则填充用八位字节数等于 7,
数据:
FF FF FF FF FF FF FF FF FF
PKCS7 填充:
FF FF FF FF FF FF FF FF FF 07 07 07 07 07 07 07
5. Base64_Decode
Base64是网络上最常见的用于字节代码的编码方式之一(一个字母就是一字节byte)
采用Base64编码具有不可读性,即所编码的数据不会被人用肉眼所直接看到。
Base64编码非常适合HTTP环境下传递较长的标识信息(传输8Bit字节代码)
其他应用程序中,也常常需要把二进制数据编码为适合放在URL中的形式
其实迅雷的“专用地址”也是用Base64”加密”的,其过程如下:
1、在http://地址的前后分别添加AA和ZZ
2、对新的字符串进行Base64编码
把迅雷地址还原为http地址,只需要用Base64解码,然后去掉头尾的AA和ZZ即可。
迅雷地址Base编码案例,详见此文:
http://www.wxappclub.com/topic/711
微信服务器的操作是:
Base64_Encode(目标密文)=encryptedData(wx.getUserInfo得到的)
Base64_Encode(AES密钥)=session_key
Base64_Encode(初始向量)=iv
所以:
目标密文和密钥aeskey要用Base64解密:
即目标密文=Base64_Decode(encryptedData)
即密钥aeskey=Base64_Decode(session_key)
即初始向量=Base64_Decode(iv)
注意:通过如下官方提供的代码demo可知,iv也进行了Base64的解码。
文档上并未说明
6. 理解官方文档
通过上边的分析,我们知道:
微信小程序用的AES加密算法、AES-128的方案、CBC的分组加密模式(此模式需要IV初始化向量)
AES加密敏感数据之前,先用 PKCS#7 填充“用户敏感数据”最后不足16字节的部分。
AES对密文解密后,需用 PKCS#7 去除填充才能得到真正“用户敏感数据”
知道:
openId,union等敏感数据 = AES-128-CBC(密文,密钥,初始向量iv)
第1条:描述的是加密算法和数据填充方式
第2条:描述的是如何得到密文(目标密文=Base64_Decode(encryptedData))
第3条:描述的是如何得到密钥(密钥aeskey=Base64_Decode(session_key))
第4条:描述的是如何得到初始向量iv
上述涉及的数据:
encryptedData(来自第2条)
通过wx.getUserInfo()的success回调得到的
iv(来自第4条)
通过wx.getUserInfo()的success回调得到的
session_key (来自第3条)
1:通过wx.login()的success回调得到的js_code
2:通过js_code、appid、secret得到session_key
7. 加密解密的全过程
微信服务器:加密
1:对敏感用户信息“目标明文”用psck#7号填充得到“填充文”
2:AES-128-CBC(填充文,密钥,初始向量)=>目标密文
3:Base64_Encode(目标密文)=>encryptedData
4:Base64_Encode(初始向量)=>iv
5:Base64_Encode(密钥)=session_key
Backend server: decrypting
1: ciphertext obtained by crypteddata wx.getUserInfo (), IV
2: () obtained js_code and http interfaces session_key obtained by wx.login (see before)
. 3: base64_decode (encryptedData) => target ciphertext
4: base64_Decode (session_key) => i.e. key AESKey
. 5: base64_decode (IV) => initial vector
6: AES-128-CBC (target ciphertext, key, initialization vector) => filled paper
7: psck # 7 filling the text removing the stuffing to get sensitive user information "objective expressly"