[day6] AES-CBC 内文加密机制(Message)

讯息文本使用AES-CBC模式加密传送，接收的结果亦以相同规则加密

实作计算IV

假设本次取得的Nonce为:NjM3NjczODg3Mjc5MTYuNjo1ZDI5ZTQ3YjBlNzY2NTc4ODI3YzM0ZjdiMjlmYjg0MWQ3Y2NlYzI5NmM0NjI2MzA3NWRkYTNlNzQ1NzdhMWY4

字串进行sha256後:54164b54f6f9366b8377dd69b43e9970b0c95dee26be66402d3e2ea879b80c63

IV为字串尾端16码的英文大写:2D3E2EA879B80C63

Python实作如下

def GenIV(Nonce:str):
  return hashlib.sha256(Nonce.encode('utf-8')).hexdigest().upper()[-16:]

AES CBC 计算实作

如果对密码学有兴趣，可以自己Google，这边直接用先前iphone的订单进行实作

{
    "ShopNo": "NA0249_001",
    "OrderNo": "2021091500002",
    "Amount": 40400,
    "CurrencyID": "TWD",
    "PrdtName": "IPhone 13 Pro Max 256g",
    "Memo": "",
    "Param1": "",
    "Param2": "",
    "Param3": "",
    "ReturnURL": "https://0.0.0.0/store/Return",
    "BackendURL": "https://0.0.0.0/bakcend",
    "PayType": "C",
    "ATMParam": {
        "ExpireDate": ""
    },
    "CardParam": {
        "AutoBilling": "Y",
        "ExpBillingDays": 7,
        "ExpMinutes": 10,
        "PayTypeSub": "ONE"
    }
}

假设这次取得的nonce为:NjM3Njc0MDQxODY5OTYuNDowNDIxNTg3ODM5MDFhNTU1ZjYwYzMzMzg0NDEyMzUxNmQ5OTBlZWU1NDY2NjY2NDkyZjE5YTc3OTE2ZDExNjNh

计算出IV:3C7B67201DC59932

假设金钥为:

• A1 = 86D50DEF3EB7400E
• A2 = 01FD27C09E5549E5
• B1 = 9E004965F4244953
• B2 = 7FB3385F414E4F91

HashID为:87282A2FA0E209EBE1B3713AB56A06C2

将讯息文本以AES-CBC模式加密，Key Size=256，AESKEY=HashID，IV，以16进制HEX模式输出的结果:

16D2F25D277F33FC46D1B8B8D693416F159CE3E8E62B829EB0D6E3D0863B50F07D6C2240EC73EE47459C8E06992D6F59B50831B52A80429A86AB01FF6149E12500162C68DE232D3777E097FE4F58BEDC238B0105D3826E8CC3A69CDF946B5513517AD89E9C966DD41A82A3FF6CAA22DCB8FCAD28614444CE5272D121792083D6F9401DAF6890792C46D7A918785280224A04FD25E58421021141F5C21FCA4341328887657D20AD82CA99D2F42761F9BAC6911AF835799356A8A4647CD097DCEA88D7DD3DA57CACCA572711D7C248B10894F7E62A3B1A675F1EFDF9B4FB3B3C7F110F9F27875E6F44647F54881E6FCF1CB3709C38462D2B52BCC871CA88EFA86EF4D890615C107528C4AA90CF79B87FF3569ED3F7C5B47837E2706E11A381B5219F904D5CF01B8D32B4FB994544924CE5A37F520B12B759E734596CA0472066341444DB811138F96F16E8A6E50370D8032C777C23C1700DF8784B1B68562827CA6765BE64C1F5F8F7BE9205FC35F1D998DE6715407CC0AE48434738B016FCF497E3DB001C158F5C639A2A40F429BA56E6B6587433B851DBEF723218CE6315F67DA19D0EAF121745F867F8A6EC174B37CC799534C2422354C326A2D4D3E64BDBA164D053FD6B02557A34291C3B364C2003E38724DF077E41627D0D90684138D7A42C418C026BD1292A4976327989E13BDEFCF3643E2E7136594ADC5FE5612EA3B1042C1593AB3CF6A32354E5E066FF3DF3

可以使用devglan进行加解密验证测试

Python实作计算AES CBC

参考此篇进行PyCryptodome套件安装

from Cryptodome.Cipher import AES
from Crypto.Util.Padding import pad, unpad

def AES_CBC_Encrpt(HashID, iv, data):
  key = str.encode(HashID)
  iv = str.encode(iv)
  data = str.encode(data)
  cipher = AES.new(key=key, mode=AES.MODE_CBC, iv=iv)
  ct_bytes = cipher.encrypt(pad(data, AES.block_size))
  return ct_bytes.hex().upper()

ciphertext = AES_CBC_Encrpt(HashID, iv, origin_Message)

现在已经凑齐发送API的所有参数(ShopNo、APIServer、Sign、Nonce、Message)了，明天将正式的将订单资讯传送到永丰的API服务器，并测试功能