Encryption process

sensitive_data field data:

{
	"merchant_order_id": "20231204204337871860ET82009",
	"merchant_user_key": "2312312addsadsaasdsadsadadcdsacadsas",
	"country_code": "GBR",
	"currency_code": "GBP",
	"tuition": 130,
	"merchant_service_fee": 130,
	"order_tuition": 0,
	"name_ch": "\u6d4b\u8bd5\u6d4b\u8bd5\u6d4b\u8bd5",
	"student_id_number": "130633199302285495",
	"student_address": "\u7684\u6492\u6240\u591a\u591a\u6492\u5927\u6240\u5927",
	"apartment_name": "\u5b9e\u65bd\u5927\u5931\u8d25222\u8fc7\u8d1f\u8377222\u4e3a",
	"student_email": "162455379cds7@qq.com",
	"student_mobile": "19935437csd743",
	"wechat_number": "199354377csd43",
	"city_name_en": "Belfast",
	"city_name_ch": "\u4f26\u6566",
	"school_name": "University of London",
	"fee_type_list": [{
		"fee_type": 7,
		"fee_type_desc": "\u623f\u79df"
	}],
	"notify_url": "xxxxxxx",
	"back_jump_url": ""
}

1.Sensitive_ If data has no value, it is an empty string and does not need to be encrypted. If there is a value, it needs to be encrypted. The following are the encryption rules

1.1.Convert sensitive_data to json format data, use aes-128-cbc for symmetric encryption, generate aes key KeyStr (random value generation 16-bit byte), offset IVStr (using KeyStr) as two parameters, encrypt the data using these two parameters to generate ciphertext Cipher, convert Cipher to base64 encoding, and fill CipherBase64 into sensitive_data.
1.2Use the public key (the public key of ET) to perform RSA (PKCS V1.5 OEAP) encryption with SHA256 on keystr to obtain Cipher_keystr
1.3Cipher_keystr is converted to base64 encoding to obtain base64_keystr, and finally the base64_keystr is filled into aeskey
Filled data:
{
"serial_number": "20231204204337871860ET82009",
"merchant_number": "ET82009",
"sub_merchant_number": "ET82009S001",
"server_type": "add_special_rent_order",
"callback_process": 1,
"version": "2.0.0",
"data": "{}",
"return_info": "",
"extend_info": "",
"sensitive_data": "gWyCgwZUInUOei+1mfWgbD1FKs3jFH3qzQzVGu/UKp3vNNHVB/fHh4rwkmPLvj/WeZUVF6Wml/0CHrE4zHWMFh2ERZVSIZjgU5Mbpv0Yq3CMiMiu2Nc7nDxqmowjhROQvmc+sUqtw/ODUPLaB8xj4QeAT/iewwxnvnM/VKwU3m3DdeAgoiuC0bn4Enm5ZXe7znNfrwrAhVhluDf7swB9wBSG4ZcybZ20GKVJmjlL5zUyD19s38P0EypNsXEeP3jfNAuiq1AN8IOrlhSXO+M7xcfWN5mRMnCdOmids1enIHB6BcOE/B+uJ8414I08U1YEZS/7L5jHOF/iNQ3CU5KnIo2vy+bSFL41EBhKNxj1p6W083nBf9XLWWJwVoS3EjkeOmfpAKFqc8HYqY6DrPTIHJLfWfGvGJf046JtAod8+aJWFQ+KB4il/2XVgO1Sdt4ZLqgMNNza5fRscqyfuAuXkBg+UiuK/0gI6vjP3lpZKdy3/LYLg0NdyigOgSABYAcYRdX1Sd9MTvLuUYg0+0YlERhPECA5Hq/tfPHFM6mUW0b+rY4roMahwbOtf0xHBg4yPpwPcQb8v4pVyXcEnrNdnaMzEwKn8+YjRzpATUns+xpJdZuGe1U9USPv+6PLR4uxyxUefCaAyJaqVK/aZtlAspF4RYcsWDWIO2TA69/xSCVBa1OUVzEKJpfd+Q76xDlZaO/jz0PHVMWOgBEU6G88wH7ed1eAObGbzfKA9ASk2QCMdXXV0RiWePSoOPvt72f0vEutKXCcplmBTNYhMs0mmpqK7rdhbaPougH0wYq2sRMunDAgXnXiWWlYt57HlYtLRJC1YjWqt4Wz1apNiYP/yeE1MnVUyt9zZnN7WrF1Psb1HXcnYf0dudf0vK8ezewequre6azJ8v4ymfr8Z8qO+IYv3S1Z4N57jJbX74FOcXv6k1CyY8CHPkkHL5P+MLYJhxAXTrp9VpGgbAzj17Kv7P2nfxBY/2TaDnlZIJVyQoxmS8WGygH28iXLIbvFeT+f",
"aeskey": "iWRwvJXElKlehwz5Bvc2+GryrYISJdJhSMG1N697K9/3nikzRxGC85I6i14Kh6hCvrwlPPHV1o1Qy6s4ugzgConYef78meMRbWX3j/JgDB1ZZS5XxkyB2Vt+kFCqNV85dslL2j+rknEC+OcqW9fGjYs7GG19fQ0wynQ0gl7guXU="}

2.signature

1.Sort and splice the encrypted data in the first step. The sorting and splicing rule is to sort first, using the letters a-z, and then splice with & after sorting.
The string that needs to be signed：aeskey=iWRwvJXElKlehwz5Bvc2+GryrYISJdJhSMG1N697K9/3nikzRxGC85I6i14Kh6hCvrwlPPHV1o1Qy6s4ugzgConYef78meMRbWX3j/JgDB1ZZS5XxkyB2Vt+kFCqNV85dslL2j+rknEC+OcqW9fGjYs7GG19fQ0wynQ0gl7guXU=&callback_process=1&data={}&extend_info=&merchant_number=ET82009&return_info=&sensitive_data=gWyCgwZUInUOei+1mfWgbD1FKs3jFH3qzQzVGu/UKp3vNNHVB/fHh4rwkmPLvj/WeZUVF6Wml/0CHrE4zHWMFh2ERZVSIZjgU5Mbpv0Yq3CMiMiu2Nc7nDxqmowjhROQvmc+sUqtw/ODUPLaB8xj4QeAT/iewwxnvnM/VKwU3m3DdeAgoiuC0bn4Enm5ZXe7znNfrwrAhVhluDf7swB9wBSG4ZcybZ20GKVJmjlL5zUyD19s38P0EypNsXEeP3jfNAuiq1AN8IOrlhSXO+M7xcfWN5mRMnCdOmids1enIHB6BcOE/B+uJ8414I08U1YEZS/7L5jHOF/iNQ3CU5KnIo2vy+bSFL41EBhKNxj1p6W083nBf9XLWWJwVoS3EjkeOmfpAKFqc8HYqY6DrPTIHJLfWfGvGJf046JtAod8+aJWFQ+KB4il/2XVgO1Sdt4ZLqgMNNza5fRscqyfuAuXkBg+UiuK/0gI6vjP3lpZKdy3/LYLg0NdyigOgSABYAcYRdX1Sd9MTvLuUYg0+0YlERhPECA5Hq/tfPHFM6mUW0b+rY4roMahwbOtf0xHBg4yPpwPcQb8v4pVyXcEnrNdnaMzEwKn8+YjRzpATUns+xpJdZuGe1U9USPv+6PLR4uxyxUefCaAyJaqVK/aZtlAspF4RYcsWDWIO2TA69/xSCVBa1OUVzEKJpfd+Q76xDlZaO/jz0PHVMWOgBEU6G88wH7ed1eAObGbzfKA9ASk2QCMdXXV0RiWePSoOPvt72f0vEutKXCcplmBTNYhMs0mmpqK7rdhbaPougH0wYq2sRMunDAgXnXiWWlYt57HlYtLRJC1YjWqt4Wz1apNiYP/yeE1MnVUyt9zZnN7WrF1Psb1HXcnYf0dudf0vK8ezewequre6azJ8v4ymfr8Z8qO+IYv3S1Z4N57jJbX74FOcXv6k1CyY8CHPkkHL5P+MLYJhxAXTrp9VpGgbAzj17Kv7P2nfxBY/2TaDnlZIJVyQoxmS8WGygH28iXLIbvFeT+f&serial_number=20231204204337871860ET82009&server_type=add_special_rent_order&sub_merchant_number=ET82009S001&version=2.0.0
2.Compute the string to be signed using sha1 to obtain the abstract
3. Use the private key (merchant's private key) to sign the hash obtained in the previous step (SHA256WithRsa).
5. Then assign the signed value to sign
Final data format:
{
"serial_number": "20231204204337871860ET82009",
"merchant_number": "ET82009",
"sub_merchant_number": "ET82009S001",
"server_type": "add_special_rent_order",
"callback_process": 1,
"version": "2.0.0",
"data": "{}",
"return_info": "",
"extend_info": "",
"sensitive_data": "gWyCgwZUInUOei+1mfWgbD1FKs3jFH3qzQzVGu/UKp3vNNHVB/fHh4rwkmPLvj/WeZUVF6Wml/0CHrE4zHWMFh2ERZVSIZjgU5Mbpv0Yq3CMiMiu2Nc7nDxqmowjhROQvmc+sUqtw/ODUPLaB8xj4QeAT/iewwxnvnM/VKwU3m3DdeAgoiuC0bn4Enm5ZXe7znNfrwrAhVhluDf7swB9wBSG4ZcybZ20GKVJmjlL5zUyD19s38P0EypNsXEeP3jfNAuiq1AN8IOrlhSXO+M7xcfWN5mRMnCdOmids1enIHB6BcOE/B+uJ8414I08U1YEZS/7L5jHOF/iNQ3CU5KnIo2vy+bSFL41EBhKNxj1p6W083nBf9XLWWJwVoS3EjkeOmfpAKFqc8HYqY6DrPTIHJLfWfGvGJf046JtAod8+aJWFQ+KB4il/2XVgO1Sdt4ZLqgMNNza5fRscqyfuAuXkBg+UiuK/0gI6vjP3lpZKdy3/LYLg0NdyigOgSABYAcYRdX1Sd9MTvLuUYg0+0YlERhPECA5Hq/tfPHFM6mUW0b+rY4roMahwbOtf0xHBg4yPpwPcQb8v4pVyXcEnrNdnaMzEwKn8+YjRzpATUns+xpJdZuGe1U9USPv+6PLR4uxyxUefCaAyJaqVK/aZtlAspF4RYcsWDWIO2TA69/xSCVBa1OUVzEKJpfd+Q76xDlZaO/jz0PHVMWOgBEU6G88wH7ed1eAObGbzfKA9ASk2QCMdXXV0RiWePSoOPvt72f0vEutKXCcplmBTNYhMs0mmpqK7rdhbaPougH0wYq2sRMunDAgXnXiWWlYt57HlYtLRJC1YjWqt4Wz1apNiYP/yeE1MnVUyt9zZnN7WrF1Psb1HXcnYf0dudf0vK8ezewequre6azJ8v4ymfr8Z8qO+IYv3S1Z4N57jJbX74FOcXv6k1CyY8CHPkkHL5P+MLYJhxAXTrp9VpGgbAzj17Kv7P2nfxBY/2TaDnlZIJVyQoxmS8WGygH28iXLIbvFeT+f",
"aeskey": "iWRwvJXElKlehwz5Bvc2+GryrYISJdJhSMG1N697K9/3nikzRxGC85I6i14Kh6hCvrwlPPHV1o1Qy6s4ugzgConYef78meMRbWX3j/JgDB1ZZS5XxkyB2Vt+kFCqNV85dslL2j+rknEC+OcqW9fGjYs7GG19fQ0wynQ0gl7guXU=",
"sign": "ykxB5zNee+9XfTrD82fXfO1kJEtpHA/SNcKXOG/GAdjiQCd356us2EV55Uz+vttdqeF+9FY6+lq0AWnB4nCuEO9GWlq0NK/1G0XJwzeKsWrPXFB/agL4pTEPg+babthTgw/4wvCQJwCCtBqw7Cqr77n3YGN/fnDDz5NFkCBTa/c="}

Interface encryption and signing steps

Encryption process#

1.Sensitive_ If data has no value, it is an empty string and does not need to be encrypted. If there is a value, it needs to be encrypted. The following are the encryption rules#

2.signature#

Encryption process

1.Sensitive_ If data has no value, it is an empty string and does not need to be encrypted. If there is a value, it needs to be encrypted. The following are the encryption rules

2.signature