敏感信息加解密

更新时间：2024.10.30

为了保证通信过程中敏感信息字段（如用户的住址、银行卡号、手机号码等）的机密性，微信支付API V3要求商户对上送的敏感信息字段进行加密。与之相对应，微信支付会对下行的敏感信息字段进行加密，商户需解密后方能得到原文。下面详细介绍加解密的方式，以及如何进行相应的计算。

1. 加密算法

敏感信息加密使用的RSA公钥加密算法。加密算法使用的填充方案，我们使用了相对更安全的RSAES-OAEP(Optimal Asymmetric Encryption Padding)。

RSAES-OAEP在各个编程语言中的模式值为：

OpenSSL，padding设置为RSA_PKCS1_OAEP_PADDING

Java，使用Cipher.getinstance(RSA/ECB/OAEPWithSHA-1AndMGF1Padding)

PHP，padding设置为OPENSSL_PKCS1_OAEP_PADDING

.NET，fOAEP设置为true

Node.js，padding设置为crypto.constants.RSA_PKCS1_OAEP_PADDING

Go，使用EncryptOAEP

开发者应当使用微信支付平台证书中的公钥，对上送的敏感信息进行加密。这样只有拥有私钥的微信支付才能对密文进行解密，从而保证了信息的机密性。

另一方面，微信支付使用商户证书中的公钥对下行的敏感信息进行加密。开发者应使用商户私钥对下行的敏感信息的密文进行解密。

2. 加密示例

开发者应当使用微信支付平台证书中的公钥，对上送的敏感信息进行加密。

大部分编程语言支持RSA公钥加密。你可以参考示例，了解如何使用您的编程语言实现敏感信息加密。

JAVA

1package com.wechat.v3;
2
3import javax.crypto.BadPaddingException;
4import javax.crypto.Cipher;
5import javax.crypto.IllegalBlockSizeException;
6import javax.crypto.NoSuchPaddingException;
7import java.nio.charset.StandardCharsets;
8import java.security.InvalidKeyException;
9import java.security.NoSuchAlgorithmException;
10import java.security.cert.X509Certificate;
11import java.util.Base64;
12
13public class EncryptionUtil {
14
15private static final String TRANSFORMATION = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
16
17public static String encryptOAEP(String message, X509Certificate certificate) throws IllegalBlockSizeException {
18return encrypt(message, certificate, TRANSFORMATION);
19}
20
21public static String encrypt(String message, X509Certificate certificate, String transformation) throws IllegalBlockSizeException {
22try {
23Cipher cipher = Cipher.getInstance(transformation);
24cipher.init(Cipher.ENCRYPT_MODE, certificate.getPublicKey());
25byte[] data = message.getBytes(StandardCharsets.UTF_8);
26byte[] ciphertext = cipher.doFinal(data);
27return Base64.getEncoder().encodeToString(ciphertext);
28
29} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
30throw new RuntimeException("当前Java环境不支持RSA v1.5/OAEP", e);
31} catch (InvalidKeyException e) {
32throw new IllegalArgumentException("无效的证书", e);
33} catch (IllegalBlockSizeException | BadPaddingException e) {
34throw new IllegalBlockSizeException("加密原串的长度不能超过214字节");
35}
36}
37}

PHP

1<?php declare(strict_types=1);
2
3namespace WeChatPay\Crypto;
4
5use const OPENSSL_PKCS1_OAEP_PADDING;
6use const OPENSSL_PKCS1_PADDING;
7use function base64_encode;
8use function openssl_public_encrypt;
9use function sprintf;
10
11use UnexpectedValueException;
12
13class Rsa
14{
15    
16    private static function paddingModeLimitedCheck(int $padding): void
17    {
18        if (!($padding === OPENSSL_PKCS1_OAEP_PADDING || $padding === OPENSSL_PKCS1_PADDING)) {
19            throw new UnexpectedValueException(sprintf("Doesn't supported padding mode(%d), here only support OPENSSL_PKCS1_OAEP_PADDING or OPENSSL_PKCS1_PADDING.", $padding));
20        }
21    }
22
23    public static function encrypt(string $plaintext, $publicKey, int $padding = OPENSSL_PKCS1_OAEP_PADDING): string
24    {
25        self::paddingModeLimitedCheck($padding);
26
27        if (!openssl_public_encrypt($plaintext, $encrypted, $publicKey, $padding)) {
28            throw new UnexpectedValueException('Encrypting the input $plaintext failed, please checking your $publicKey whether or nor correct.');
29        }
30
31        return base64_encode($encrypted);
32    }
33}

1package wechatpay
2
3import (
4	"crypto/rand"
5	"crypto/rsa"
6	"crypto/sha1"
7	"crypto/x509"
8	"encoding/base64"
9	"fmt"
10)
11
12// EncryptOAEPWithPublicKey 使用 OAEP padding方式用公钥进行加密
13func EncryptOAEPWithPublicKey(message string, publicKey *rsa.PublicKey) (ciphertext string, err error) {
14	if publicKey == nil {
15		return "", fmt.Errorf("you should input *rsa.PublicKey")
16	}
17	ciphertextByte, err := rsa.EncryptOAEP(sha1.New(), rand.Reader, publicKey, []byte(message), nil)
18	if err != nil {
19		return "", fmt.Errorf("encrypt message with public key err:%s", err.Error())
20	}
21	ciphertext = base64.StdEncoding.EncodeToString(ciphertextByte)
22	return ciphertext, nil
23}
24
25// EncryptOAEPWithCertificate 先解析出证书中的公钥，然后使用 OAEP padding方式公钥进行加密
26func EncryptOAEPWithCertificate(message string, certificate *x509.Certificate) (ciphertext string, err error) {
27	if certificate == nil {
28		return "", fmt.Errorf("you should input *x509.Certificate")
29	}
30	publicKey, ok := certificate.PublicKey.(*rsa.PublicKey)
31	if !ok {
32		return "", fmt.Errorf("certificate is invalid")
33	}
34	return EncryptOAEPWithPublicKey(message, publicKey)
35}
36
37// EncryptPKCS1v15WithPublicKey 使用PKCS1 padding方式用公钥进行加密
38func EncryptPKCS1v15WithPublicKey(message string, publicKey *rsa.PublicKey) (ciphertext string, err error) {
39	if publicKey == nil {
40		return "", fmt.Errorf("you should input *rsa.PublicKey")
41	}
42	ciphertextByte, err := rsa.EncryptPKCS1v15(rand.Reader, publicKey, []byte(message))
43	if err != nil {
44		return "", fmt.Errorf("encrypt message with public key err:%s", err.Error())
45	}
46	ciphertext = base64.StdEncoding.EncodeToString(ciphertextByte)
47	return ciphertext, nil
48}
49
50// EncryptPKCS1v15WithCertificate 先解析出证书中的公钥，然后使用PKCS1 padding方式用公钥进行加密
51func EncryptPKCS1v15WithCertificate(message string, certificate *x509.Certificate) (ciphertext string, err error) {
52	if certificate == nil {
53		return "", fmt.Errorf("you should input *x509.Certificate")
54	}
55	publicKey, ok := certificate.PublicKey.(*rsa.PublicKey)
56	if !ok {
57		return "", fmt.Errorf("certificate is invalid")
58	}
59	return EncryptPKCS1v15WithPublicKey(message, publicKey)
60}

3. 声明加密使用的平台证书

某些情况下，微信支付会更新平台证书。这时，商户有多个微信支付平台证书可以用于加密。为了保证解密顺利，商户发起请求的HTTP头部中应包括RSA公钥加密算法，以声明加密所用的密钥对和证书。

商户上送敏感信息时使用微信支付平台公钥加密，证书序列号包含在请求HTTP头部的Wechatpay-Serial

4. 解密示例

微信支付使用商户证书中的公钥对下行的敏感信息进行加密。开发者应使用商户私钥对下行的敏感信息的密文进行解密。

同样的，大部分编程语言支持RSA私钥解密。你可以参考示例，了解如何使用您的编程语言实现敏感信息解密。

JAVA

1package com.wechat.v3;
2
3import javax.crypto.BadPaddingException;
4import javax.crypto.Cipher;
5import javax.crypto.IllegalBlockSizeException;
6import javax.crypto.NoSuchPaddingException;
7import java.nio.charset.StandardCharsets;
8import java.security.InvalidKeyException;
9import java.security.NoSuchAlgorithmException;
10import java.security.PrivateKey;
11import java.util.Base64;
12
13public class DecryptionUtil {
14
15    private static final String TRANSFORMATION = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
16
17    public static String decryptOAEP(String ciphertext, PrivateKey privateKey) throws BadPaddingException {
18        return decrypt(ciphertext, privateKey, TRANSFORMATION);
19    }
20
21    public static String decrypt(String ciphertext, PrivateKey privateKey, String transformation) throws BadPaddingException {
22        try {
23            Cipher cipher = Cipher.getInstance(transformation);
24            cipher.init(Cipher.DECRYPT_MODE, privateKey);
25            byte[] data = Base64.getDecoder().decode(ciphertext);
26            return new String(cipher.doFinal(data), StandardCharsets.UTF_8);
27
28        } catch (NoSuchPaddingException | NoSuchAlgorithmException e) {
29            throw new RuntimeException("当前Java环境不支持RSA v1.5/OAEP", e);
30        } catch (InvalidKeyException e) {
31            throw new IllegalArgumentException("无效的私钥", e);
32        } catch (BadPaddingException | IllegalBlockSizeException e) {
33            throw new BadPaddingException("解密失败");
34        }
35    }
36}

PHP

1<?php declare(strict_types=1);
2
3namespace WeChatPay\Crypto;
4
5use const OPENSSL_PKCS1_OAEP_PADDING;
6use const OPENSSL_PKCS1_PADDING;
7use function base64_decode;
8use function openssl_private_decrypt;
9use function sprintf;
10
11use UnexpectedValueException;
12
13class Rsa
14{
15    
16    private static function paddingModeLimitedCheck(int $padding): void
17    {
18        if (!($padding === OPENSSL_PKCS1_OAEP_PADDING || $padding === OPENSSL_PKCS1_PADDING)) {
19            throw new UnexpectedValueException(sprintf("Doesn't supported padding mode(%d), here only support OPENSSL_PKCS1_OAEP_PADDING or OPENSSL_PKCS1_PADDING.", $padding));
20        }
21    }
22
23    public static function decrypt(string $ciphertext, $privateKey, int $padding = OPENSSL_PKCS1_OAEP_PADDING): string
24    {
25        self::paddingModeLimitedCheck($padding);
26
27        if (!openssl_private_decrypt(base64_decode($ciphertext), $decrypted, $privateKey, $padding)) {
28            throw new UnexpectedValueException('Decrypting the input $ciphertext failed, please checking your $privateKey whether or nor correct.');
29        }
30
31        return $decrypted;
32    }
33}

1package wechatpay
2
3import (
4	"crypto/rand"
5	"crypto/rsa"
6	"crypto/sha1"
7	"encoding/base64"
8	"fmt"
9)
10
11// DecryptOAEP 使用私钥进行解密
12func DecryptOAEP(ciphertext string, privateKey *rsa.PrivateKey) (message string, err error) {
13	if privateKey == nil {
14		return "", fmt.Errorf("you should input *rsa.PrivateKey")
15	}
16	decodedCiphertext, err := base64.StdEncoding.DecodeString(ciphertext)
17	if err != nil {
18		return "", fmt.Errorf("base64 decode failed, error=%s", err.Error())
19	}
20	messageBytes, err := rsa.DecryptOAEP(sha1.New(), rand.Reader, privateKey, decodedCiphertext, nil)
21	if err != nil {
22		return "", fmt.Errorf("decrypt ciphertext with private key err:%s", err)
23	}
24	return string(messageBytes), nil
25}
26
27// DecryptPKCS1v15 使用私钥对PKCS1 padding方式加密的字符串进行解密
28func DecryptPKCS1v15(ciphertext string, privateKey *rsa.PrivateKey) (message string, err error) {
29	if privateKey == nil {
30		return "", fmt.Errorf("you should input *rsa.PrivateKey")
31	}
32	decodedCiphertext, err := base64.StdEncoding.DecodeString(ciphertext)
33	if err != nil {
34		return "", fmt.Errorf("base64 decode failed, error=%s", err.Error())
35	}
36	messageBytes, err := rsa.DecryptPKCS1v15(rand.Reader, privateKey, decodedCiphertext)
37	if err != nil {
38		return "", fmt.Errorf("decrypt ciphertext with private key err:%s", err)
39	}
40	return string(messageBytes), nil
41}