Interface decryption and verification process

Ciphertext data：
{
    "status_code": "000000",
    "message": "SUCCESS",
    "count": 0,
    "data": "[]",
    "sensitive_data": "VRvIblWES8BHhNdIE9z5jALq5Nm3pB7kZ25KfrouHzd7myv7FWuS5QDs0FH3oaO3E6AN+4H/qCHb25aGM2b1vjomxHTvcC1tCq8FBR9hyCAivkpVIMZtOibsxWeXV3zR/GZ2aLCh9p6rkxXFouFMCfKxXQG9dsTMoXy8XmFA8QBhUFtUZTqFvr0fZHlVVd7Os7KBlc8mhV/LFdHE1nHOpleTEl2yVQCssLKUPFvCDc/Ft4smQ4VKVhujvACtwJrrGCCkGqd9n5Ztt7paE3swP7gorkbg7BvExh4Gjm8hvRo9+wBfzSqdMjgHN6gaaz14OPgvVBFLw21uT6xynhY8BfnjomiU/k/uxk2D2hYo8c6/X6xOtq8VZ5w1Mq0WNYt6JAnoIlKck/eSjBnOS0JxkFiwIKHJVc5qHYb5Phg0/JpPMiYuY6fadfmwVoXFi4qnaakgF7BFmfZRT3ygn7DUIyHqD9ouNcsPct3ltcD0AMx5U2dxGc+ZhrLJvbkhqlEndbj7FwdNL7mnZiAugaTgCOtgW7QB4GG6NgCNKEdklEjZ3wokiqlRlcXGusk4/gWvuXjNkDvpWdVjRiwym/EinCO1Ebr6+zzaM6tDc8fZWpDC2Yem1/QthPQWpabEZhiedWLBT7BkSMYciH1MJMJMl3PfM30jPLlt82afzAfqLmMWA1MhnZXU5eip6NLW+jRUoiN9oZjCDp39TSvvd1UzyLusUgPPvoiVO903IfOBUuH3/FKmxrlQPrKP9yC1tuCgL2i2zJtiXWJujKLuyLihHTdhAS+yx4R/ZRsOnV6KnLFuoAX8hD4YtTiZ7rpuM81VrITmNfVto+ub5ENjSpVZGzS2wcl3RzROMNuKyhEkaLLBZ9cFs/cs+PFv4y5Q/SfXBr8Y2ifvkO5v9kUWjhyu8/SroWWA1ZU/Yp69JNXSW8qnBrLkKNuiVWD62TJJ9TZYd05FUcbhneJuqdnfbPO5cP6rBZ5kJvVNEjLh9qqJRJP8vFzF58Dqmt9e9IwV8ANu8LBMlMo++lHtmn/zLiXcI2zGCr2JlSkN/WOoBgrk+ExWHhrIxRIouTkLy5afJYwoSzjK8HUMNocY5E3KBuA14G6GPIql5f9NaZ71C6tBSVGdcyh1QQes77xodZrDFftv1dVrBG+bpIcP0lOKRDEQ5uL8BdaXqtuxPzFJyumQOxnXLpoIgzBN+6fXuT7BBhkf3QwPs7VrJZNRPq0DifXAU7RMInTuk8sC9xcCmXo3537PDCgX8wY4JwzfM/40Mb+KwHMCCb09UBRO9W7KaIsKtkRnoPiZ29VJ6+wWoVYM05E=",
    "return_info": "",
    "extend_info": "",
    "version": "2.0.0",
    "aeskey": "juIf18L7k3fdl/H2b9cr34HvZtGpwkIDbQBAt+oU38qg4s79nF8336o3928TOVBknhkFH/eUXm4tortg2gj3eLky1CQZEyAslf07CghZ52uCi8W4qjBnEzfdy6PT26Q0lFxUdDhiadXnD27adXee84XDHcXJN5uJcVqLT5pUGgA=",
    "sign": "maR2dkwyqdppqUX6YM3CvrJ1RdxGS1Lm2PGWmzLdMEqBfevo0X3NseJVyiVe7QHBzSgxB3TZ8WzaSOnpIi2uTIVZO0XOVPKW95Ou6+TIeUyBJklwzkh4tCFnB1h4OvBwyLDdgib1QA7O+SwaLJZVg9MeeRddzQKQOzUsk28FX1M="
}

1. Verification

1.First exclude the sign field in the ciphertext
2.Sort and splice the encrypted data in the first step. The sorting and splicing rule is to sort first, using the letters a-z, and then splice with & after sorting.
signature verification string ：
aeskey=juIf18L7k3fdl/H2b9cr34HvZtGpwkIDbQBAt+oU38qg4s79nF8336o3928TOVBknhkFH/eUXm4tortg2gj3eLky1CQZEyAslf07CghZ52uCi8W4qjBnEzfdy6PT26Q0lFxUdDhiadXnD27adXee84XDHcXJN5uJcVqLT5pUGgA=&count=0&data=[]&extend_info=&message=SUCCESS&return_info=&sensitive_data=VRvIblWES8BHhNdIE9z5jALq5Nm3pB7kZ25KfrouHzd7myv7FWuS5QDs0FH3oaO3E6AN+4H/qCHb25aGM2b1vjomxHTvcC1tCq8FBR9hyCAivkpVIMZtOibsxWeXV3zR/GZ2aLCh9p6rkxXFouFMCfKxXQG9dsTMoXy8XmFA8QBhUFtUZTqFvr0fZHlVVd7Os7KBlc8mhV/LFdHE1nHOpleTEl2yVQCssLKUPFvCDc/Ft4smQ4VKVhujvACtwJrrGCCkGqd9n5Ztt7paE3swP7gorkbg7BvExh4Gjm8hvRo9+wBfzSqdMjgHN6gaaz14OPgvVBFLw21uT6xynhY8BfnjomiU/k/uxk2D2hYo8c6/X6xOtq8VZ5w1Mq0WNYt6JAnoIlKck/eSjBnOS0JxkFiwIKHJVc5qHYb5Phg0/JpPMiYuY6fadfmwVoXFi4qnaakgF7BFmfZRT3ygn7DUIyHqD9ouNcsPct3ltcD0AMx5U2dxGc+ZhrLJvbkhqlEndbj7FwdNL7mnZiAugaTgCOtgW7QB4GG6NgCNKEdklEjZ3wokiqlRlcXGusk4/gWvuXjNkDvpWdVjRiwym/EinCO1Ebr6+zzaM6tDc8fZWpDC2Yem1/QthPQWpabEZhiedWLBT7BkSMYciH1MJMJMl3PfM30jPLlt82afzAfqLmMWA1MhnZXU5eip6NLW+jRUoiN9oZjCDp39TSvvd1UzyLusUgPPvoiVO903IfOBUuH3/FKmxrlQPrKP9yC1tuCgL2i2zJtiXWJujKLuyLihHTdhAS+yx4R/ZRsOnV6KnLFuoAX8hD4YtTiZ7rpuM81VrITmNfVto+ub5ENjSpVZGzS2wcl3RzROMNuKyhEkaLLBZ9cFs/cs+PFv4y5Q/SfXBr8Y2ifvkO5v9kUWjhyu8/SroWWA1ZU/Yp69JNXSW8qnBrLkKNuiVWD62TJJ9TZYd05FUcbhneJuqdnfbPO5cP6rBZ5kJvVNEjLh9qqJRJP8vFzF58Dqmt9e9IwV8ANu8LBMlMo++lHtmn/zLiXcI2zGCr2JlSkN/WOoBgrk+ExWHhrIxRIouTkLy5afJYwoSzjK8HUMNocY5E3KBuA14G6GPIql5f9NaZ71C6tBSVGdcyh1QQes77xodZrDFftv1dVrBG+bpIcP0lOKRDEQ5uL8BdaXqtuxPzFJyumQOxnXLpoIgzBN+6fXuT7BBhkf3QwPs7VrJZNRPq0DifXAU7RMInTuk8sC9xcCmXo3537PDCgX8wY4JwzfM/40Mb+KwHMCCb09UBRO9W7KaIsKtkRnoPiZ29VJ6+wWoVYM05E=&status_code=000000&version=2.0.0
3.Obtain a digest by calculating the signature verification string with Sha1
4.Use the public key (ET's public key) to verify the digest obtained in the previous step with SHA256WithRsa
HASH VALUE: 793b5e4fd64b5a990578563290ce704317576c4b

2.Decryption. If the sensitive_data field has no value, decryption is not required. If it has a value, the decryption process is as follows

Decode the key with base64 encoding, then decrypt it with the private key (merchant's private key), resulting in the key KeyStr and the offset IVStr (using KeyStr)

Decrypt Cipher with aes-128-cbc, and then decode it with base64, resulting in sensitive_data.
sensitive_data value:
[{'order_id': 'ET20230131163237417688', 'merchant_order_id': '20230131163237395412ET82009', 'order_status': -1, 'institution_name': '实施大失败过负荷为', 'country_code': 'GBR', 'currency_code': 'GBP', 'tuition': 100.0, 'merchant_service_fee': 0.0, 'merchant_service_fee_currency_code': 'GBP', 'order_tuition': 0.0, 'first_name_en': 'Haohao', 'last_name_en': 'Huang', 'name_ch': '黄好号', 'student_id_number': '130633199302285495', 'student_address': None, 'city_name_en': None, 'city_name_ch': None, 'school_name': 'University of California, Davis', 'student_email': '1624553797@qq.com', 'student_mobile': '19935437743', 'wechat_number': '19935437743', 'is_upload_attachment': False, 'attachment_list': [], 'remittance_voucher_url': '', 'tuition_rmb_list': [{'pay_type': 2, 'tuition_rmb': 993.06, 'counter_fee': 0.0, 'payment_id': 59, 'expire_datetime': '2023-07-11 08:29:01'}], 'fee_type_list': [{'fee_type': 5, 'fee_type_desc': ''}]}]

Interface decryption and verification process

1. Verification#

2.Decryption. If the sensitive_data field has no value, decryption is not required. If it has a value, the decryption process is as follows#

1. Verification

2.Decryption. If the sensitive_data field has no value, decryption is not required. If it has a value, the decryption process is as follows