Comments (6)
fffonion
commented on August 29, 2024
@woncc AEAD模式需要0.6.2及以上版本,可以检查一下安装的版本号
from lua-resty-openssl.
woncc
commented on August 29, 2024
@woncc AEAD模式需要0.6.2及以上版本,可以检查一下安装的版本号
opm 安装的是0.6.0版本,的确如此,继续请教小白的问题,正在尝试做一个微信支付回调的网关,已知key, iv, aad, encrypted,但是没有tag,如何获取这个tag,demo中的tag是在加密过程中获取的。但是,目前的情况微信回调通知目前只有以上数据,我尝试使用了lua-resty-nettle处理,的确可以解密,但是解密出的json尾部多了一些乱码。
from lua-resty-openssl.
woncc
commented on August 29, 2024
@woncc AEAD模式需要0.6.2及以上版本,可以检查一下安装的版本号
opm 安装的是0.6.0版本,的确如此,继续请教小白的问题,正在尝试做一个微信支付回调的网关,已知key, iv, aad, encrypted,但是没有tag,如何获取这个tag,demo中的tag是在加密过程中获取的。但是,目前的情况微信回调通知目前只有以上数据,我尝试使用了lua-resty-nettle处理,的确可以解密,但是解密出的json尾部多了一些乱码。
证书和回调报文解密
https://wechatpay-api.gitbook.io/wechatpay-api-v3/qian-ming-zhi-nan-1/zheng-shu-he-hui-tiao-bao-wen-jie-mi
from lua-resty-openssl.
fffonion
commented on August 29, 2024
@woncc 没有tag的话,相当于退化成没有MAC的流加密,解密的时候不要调用final,直接调用update
assert(cipher:init(key, iv, {
is_encrypt = false,
}))
assert(cipher:update_aead_aad(aad))
local decrypted = assert(cipher:update(encrypted))
ngx.say("decryption result: ", decrypted)因为final/EVP_CipherFinal_ex会根据传入的tag计算MAC,如果不匹配则解密失败
from lua-resty-openssl.
fffonion
commented on August 29, 2024
我尝试使用了lua-resty-nettle处理,的确可以解密,但是解密出的json尾部多了一些乱码
也可能是传入的密文中tag接在了加密的消息之后,你可以试试把密文最后和乱码长度一样的字节截下来当做tag
from lua-resty-openssl.
woncc
commented on August 29, 2024
非常感谢,实在太粗心,只看了python 的示例,php示例已经写的很清楚了,尾部16个字节就是tag,抱歉抱歉。
from lua-resty-openssl.
Related Issues (20)
- about the return value of store:verify HOT 2
- It's better not bind `X509_STORE_set_flags` logic in `store:add(crl)` HOT 4
- sign CSR with exixsring root Keys. HOT 8
- Wrong parameter in dump_jwk used HOT 1
- module 'resty.openssl.x509' not found HOT 4
- Documentation for pkey:verify inconsistent HOT 1
- Read custom X509 extension HOT 12
- API change in OpenSSL 3.x
- Makefile doesn't installs all files HOT 1
- module 'resty.openssl.include.x509' not found HOT 2
- nginx using boringssl start failed HOT 8
- Regression since release 0.8.0 HOT 10
- Dependency to git for installation of version 0.8.2-1 HOT 2
- lua-resty-openssl not work for latest nginx-1.21.X version HOT 2
- Symbol not found: sk_pop_free HOT 4
- BoringSSL not working HOT 1
- Is lua-resty-openssl-aux-module still required to run lua-resty-openssl in production? HOT 3
- Crash when signature with invalid JWK is attempted HOT 4
- Hot to get fingerprint? HOT 5
- 尝试解密微信支付AEAD_AES_256_GCM的加密文本遇到错误:cipher:final: EVP_CipherFinal_ex failed HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lua-resty-openssl.