WeChat public platform development: message encryption

Not long ago, WeChat’s enterprise account used mandatory message encryption, and then the official account also added optional message encryption options. Currently, the encryption methods for enterprise accounts and official accounts are the same (the formats will be slightly different).

Encryption Settings

Enter the "Developer Center" in the background of the official account, and we can see the settings for Url docking:

Click [Modify settings], you can enter the modification page:

There are three encryption methods:

Plain text mode, which is the original message format

Compatibility mode, plaintext and ciphertext will coexist. It is not recommended to use officially released products (because it still contains plaintext and cannot achieve the encryption effect)

Security mode, in this mode the message will It will be encrypted, and the developer's server can decrypt it through the official algorithm to obtain the original message in plaintext mode.

For all encrypted messages, the returned information also needs to be encrypted.

Processing encrypted information

Senparc.Weixin.MP has automatically judged the three types of messages. There is no need to pay attention to any decryption and encryption processes during the development process, and it still remains in "plain text mode" development process.

In the corresponding MessageHandler, we can know the current encryption status through some parameters:

messageHandler.UsingEcryptMessage: whether encrypted information is used (including compatibility mode and security mode)

MessageHandler.UsingCompatibilityModelEcryptMessage: Whether compatibility mode encryption information is used

Through the combination of the above two properties, we can know which encryption mode is currently used by the account (of course, in most cases, developers have no need to care).

In order to better track information, MessageHandler has added the FinalResponseDocument attribute:

messageHandler.ResponseDocument: plain text structure of the response data XML object

messageHandler.FinalResponseDocument: final The XML object that will be returned to the server will be consistent with the ResponseDocument if it is not encrypted, otherwise it will be automatically encrypted

Encryption principle

Related encryption algorithms (including sample downloads in several languages) ) can be found in the official help document: http://mp.weixin.qq.com/wiki/index.php?title=%E6%8A%80%E6%9C%AF%E6%96%B9%E6 %A1%88

What I want to explain here is EncodingAESKey. The official explanation is a bit confusing. In fact, EncodingAESKey is a Base64 encoding of AESKey, and AESKey is a random string of length 32 (selected from a-z, A-Z, 0-9). Since the Base64 encoding length of 32 characters is fixed at 44 (the last character is =), after removing the =, the final EncodingAESKey of 43 characters is generated. EncodingAESKey is used in the process of message encryption and decryption, and strict confidentiality is required.

The following is a C# code to generate EncodingAESKey:

protected string CreateEncodingAESKey()
        {
            string aesKey = GetRadomStr(32);//获得a-z,A-Z,0-9的随机字符串
            var encodingAesKey = Convert.ToBase64String(Encoding.UTF8.GetBytes(aesKey), Base64FormattingOptions.None);
            return encodingAesKey.Substring(0, encodingAesKey.Length - 1);
        }

For more WeChat public platform development: message encryption related articles, please pay attention to the PHP Chinese website!