我正在尝试将数据发送到API。他们希望在发送之前对其进行加密。
文档说:
-
使用AES算法生成私钥(通过PKCS 5 V2.0方案使用SHA-1 HMac功能-我不知道这意味着什么。
-
使用此密钥加密数据(数据为json_string((PADDING_PKCS1=11,密钥长度为2048bit(
-
使用RSA算法用公钥加密私钥(他们给了我们一个pem文件(
-
然后以json格式发送这些加密数据。
它们还提供了一个dll文件。所以我对它进行了反编译,它使用了一个名为BouncyCastle的库。
它们的功能基本上是这样做的
this.aesService.GenerateKey(password_variable, salt_file_contents_as_bytes); (they gives that both)
byte[] data1 = this.aesService.Encode(json_string);
byte[] data2 = this.rsaService.Encode(this.aesService.GetAesKey(), reads_public_keys_data_as_byte);
// and some http requests nothing special
我尝试的是
1-使用openssl_pbkdf2函数及其密码和salt 生成密钥
$key = openssl_pbkdf2($password, $salt, 32, 20000, 'sha1');
2-使用openssl_encrypt功能用该密钥加密数据
$encryptedJson = openssl_encrypt($json_string, "AES256", $key);
3-用openssl_public_encrypt函数加密了我用他们的公钥生成的密钥
openssl_public_encrypt($key, $encryptedAes, $public_key, OPENSSL_PKCS1_PADDING);
4-使用bin2hex函数将此结果转换为十六进制,并将其发送给
$jsonData = bin2hex($encryptedJson);
$keyData = bin2hex($encryptedAes);
但它返回错误(表示对象无效-我不知道这意味着什么(。我问过他们这件事,但他们还没有回答。
我想问你的是:
我做得对吗?我是否使用了正确的函数进行此操作?
编辑:
他们仍然没有回复。但我只是在openssl_encrypt函数返回的加密数据的开头添加了IV,并将其转换为十六进制。瞧!它奏效了。
public $json = '[
{
"parola": "123456",
"kullaniciKodu": "kullanici1",
"doktorTc": "11111111111",
"doktorMedulaPassword": "pass1",
"receteAltTuru": "1",
"takipNo": "tkp1",
"hastaTc": "11111111111",
"hastaGsm": "0",
"tesisKodu": "11000001",
"protokolNo": "A461942",
"provizyonTip": "0",
"doktorSertifikaKodu": "109",
"doktorBransKodu": "9999",
"hastaneReferansNumarasi": "0",
"receteUrunTuru": "3",
"taniListesi": [
{
"taniKodu": "K21"
}
],
"TibbiCihazListesi": [
{
"tibbiCihazSutKodu": "DO1005",
"adet": 1,
"periyod": 1,
"periyodBirimi": 1,
"kullanimSekli": 1,
"kullanimYeri": "1"
}
]
}]';
$password = "ZJ=ENY'2H+0bm'oyIe6J";
$salt = file_get_contents('salt.dat');
$public_key = openssl_pkey_get_public(file_get_contents('RenkliRsaPublicKey.pem'));
$key = openssl_pbkdf2($password, $salt, 32, 20000, 'sha1');
$cipher = "AES256";
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$encryptedJson = openssl_encrypt($json, "AES256", $key, OPENSSL_RAW_DATA, $iv);
openssl_public_encrypt($key, $encryptedAes, $public_key, OPENSSL_PKCS1_PADDING);
$jsonData = bin2hex($iv . $encryptedJson);
$keyData = bin2hex($encryptedAes);
gonder($jsonData, $keyData);
function gonder($encryptedJson, $encryptedAes) {
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://recetem.enabiz.gov.tr/Api/GetToken/v3.1/',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS => '{
"encryptedJson": "' . $encryptedJson . '",
"encryptedAes": "' . $encryptedAes . '"
}',
CURLOPT_HTTPHEADER => array(
'Content-Type: text/plain'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
}
结果:";v3.1 api metodunda hastaAdi,hastaSoyadi,hastaDogumTarihi,hasta Cinsiyeti alanlarızorunludur">