- ●Will modifying the API v3 key affect existing transactions that use the APIKey key?
-
API v3 key is used for platform certificate decryption and callback information decryption. Modifying the API v3 key will not affect transactions.
- ●When using Java to load the key, an InvalidKeyException error occurs: What is the Reason for Illegal Key Size? How to Fix the Problem?
-
Due to restrictions set by US law, early Java runtime limited the key length supported by JCE, that is, 256-bit AES is not supported by default. There are three solutions:
○ (Upgrade to Java 8u162+ (recommended),Use unlimited policy by default.
○ For Java 8u151 and 8u152, you can directly release the policies in your program
Security.setProperty("crypto.policy", "unlimited");○ For other versions, downloadUnlimited strength permission policy file patch package,and use the files in them to overwrite the corresponding local_policy.jar and US_export_policy.jar in the $JAVA_HOME/lib/security directory.
There are no restrictions for Java9 and above.
- ●When using Java decryption, the AEADBadTagException error occurs: Tag mismatch! What Is the Reason? How to Fix the Problem?
-
The AES-GCM used for encryption includes the message authentication mechanism of Galois Message Authentication Code (GMAC). Data integrity will be checked during decryption. A tag mismatch error has occurred, indicating that message authentication failed during decryption. There are usually three possible reasons:
○ A wrong API v3 key, such as the key of another merchant account or the APIKey for APIv2 was used.
○ The ciphertext is incorrect. Please check the ciphertext submitted for decryption and the ciphertext received. Note that the ciphertext in the message is Base64 encoded.
○ The API missed input additional data during decryption (associated_data).
Please refer to Sample code.
- ●Why did the request return {"code":"PARAM_ERROR","message":"Platform certificate serial number Wechatpay-Serial error"}. ? How to Fix the Problem?
-
This error will occur in the API where the upload parameter requires encryption of sensitive information. Please refer to Declaring the platform certificate used in encryption
When the certificate serial number is wrong or does not correspond to the platform certificate of the requested merchant ID, WeChat Pay will return the error message in the question. Please check:
○ Whether the certificate used for encryption is a WeChat Pay platform certificate. A wrong merchant certificate may cause this error.
○ Check whether the certificate is the WeChat Pay platform certificate that corresponds to the requesting merchant, or if the platform certificate of another merchant ID was used.
○ Check whether the merchant certificate has expired. Follow the instructions to check whether the certificate has expired, and update then deploy the new certificate.
