common problem


You can go to the Support Center to submit new questions


Project consultation

1. The impact of encryption and decryption on calculation

It takes about 0.03ms for a single server to encrypt/decrypt a single piece of data;

Therefore, even for a single server The server's request frequency reaches 1000qps, and the impact on service time is only 3%.

2. What are the fields for encryption and decryption?

In the initial stage, the buyer’s nickname, name, phone number, email address, ID card, license plate number, Alipay account number, user ID, etc. in the order data will be encrypted;

The buyer’s delivery address will not be encrypted for the time being.

3. What specific tasks do users need to do?

You need to confirm Appkey and other related information

Download the encryption and decryption SDK, modify the code and verify compatibility, and then fully migrate the database (all Plain text data is encrypted)

For specific verification scenarios, please refer to the "Data Encryption Access Guide"

4. How to obtain the key? Upgrade regularly

The key is the key to encrypting and decrypting data. The key will not be upgraded regularly, but if there is a risk of leakage of the key, you need to cooperate in upgrading the key.

The key can be obtained through the key-obtaining API in the SDK and by passing in the session parameters and app encryption security code.

5. After the data is encrypted, what should I do if there is a need for fuzzy search?

We provide fuzzy search function for encrypted data. If you have this requirement, you need to make appropriate modifications in the SQL query statement.

6. Is only RDS push encrypted? Will API calls be encrypted?

RDS push and API calls are encrypted.

7. Is there an interface to know which stores have set up API and push library encryption?

Currently not available, the self-service operation platform will enable store whitelist settings.

8. Is there a frequency limit for calling encryption and decryption? Will there be a calling bottleneck during Double 11?

The key of the encryption and decryption function has a local cache policy, and the qps single thread can reach 30,000

9. Called through the Qianniu clientJsSDK Yes, will it be encrypted?

Currently there are .net, java, and php SDKs that support encryption/decryption. The Qianniu plug-in does not encrypt

10. Enable store encryption Yes Open it for all users at the same time, or can we open it for a few users first to test?

Encryption is performed according to the store dimension, so you can first open encryption for several users for testing, and you can configure it yourself in the encryption whitelist

Please fill in the seller Nick (not store name) for the encryption whitelist

#11. What is the impact of modifying the field length in RDS? Will the RDS version upgrade cause service interruption?

mysql5.5 version will have table locking phenomenon. It is recommended to upgrade to version 5.6 (self-service upgrade can be done on the console). The version upgrade is transparent to users. It just crashes when switching at the end.

rds will only modify the buyer_nick field in the rds system library: transaction table and refund table.

12. There is a phenomenon of missing orders after turning on encryption

Please confirm that the length of the buyer_nick field of push/business RDS has been modified

13. Can the session still be decrypted after it expires? Should the user actively cancel the authorization?

After expiration or user cancellation of authorization, the Session should still be available for 90 days. This is consistent with the authorization agreement, which requires the service provider to delete user data within 90 days after the authorization ends.

14. Can the encrypted content of the main account be decrypted using the session of the sub-account?

Yes, it will determine the main account to which the sub-account belongs, and then return the corresponding key

15. Whether the data migration needs to terminate the service

During the data migration process, there may be plaintext, ciphertext, old key and new key encrypted data in the database

Consider these factors As long as the code compatibility is ensured, there is no need to terminate the service

16. What work still needs to be done after the key is upgraded?

Key upgrade means that the previously encrypted data is no longer safe, so the previously encrypted data needs to be migrated and re-encrypted with the new key.

17. For users who have expired for more than 90 days and cannot obtain the key, is it not necessary to encrypt and continue to save the original plain text? Will it be encrypted after the user renews?

According to the user authorization agreement, data that has not been authorized for more than 90 days should be cleared. When the user authorization is about to expire, find a way to guide the user to re-authorize. In theory, this part of the data belongs to the user, and the authorization is time-limited.

18. What is the difference between a Taobao account and a self-created account?

Simple application scenario of own account: Your local data may not come from Taobao, for example, it is an order from a JD merchant, but you want to reuse the encryption and decryption SDK. Then you can register Jingdong's account to Taobao's encryption library, so that you can reuse Taobao's encryption and decryption SDK. Encryption and decryption are based on the session key (token) provided by the open platform. By default, session key can only identify Taobao accounts. Please refer to: //open.taobao.com/docs/doc.htm?treeId=1&articleId=106212&docType=1

19. Can you explain the difference between SAAS deployment and independent deployment in detail? ? Thanks!

Criteria for judging whether it is independent or saas. It depends on whether the users of your stand-alone service are multi-user or single-user. If it is a single-user, it is an independent deployment (such as a very large seller), multi-user is a SaaS deployment, or both.

Development Access

Code Development

1,

Question titledefaultTaobaoClient The serverUrl used must be the https protocol. What exactly is the url?
Problem description

SecretClient secretClient = new SecretClient

(new DefaultTaobaoClient(serverUrl, appkey, appSecret), randomNumber)

Note: The serverUrl used by defaultTaobaoClient must be in https protocol

Does the https you refer to refer to TOP's https://eco.taobao.com/router/rest?

Problem Analysis
Question Answer

The https here refers to TOP’s https://eco.taobao.com/router/rest. For details, please refer to //open.taobao.com/docs/doc.htm?docType=1&articleId =101617&treeId=1

##2、

##Problem AnalysisQuestion answer##Fuzzy query method, you can use the like statement directly in SQL, The results obtained need to be further screened, and there are certain redundant results that need to be screened out in the program.

3,

Question titleWhat is the specific solution to fuzzy search? Can it be used directly in SQL scripts?
Problem DescriptionNone

//Fragments that require fuzzy query

String partial = "cdefg";

//Get the fuzzy query ciphertext

String search = secretClient.search(partial);

//Go to the database to do fuzzy query

List<DO> objects = SELECT * FROM table WHERE nick LIKE %#search#%

// Filter

List<DO> result = new List<DO>();

for(DO object : objects) {

if (secretClient.decrypt(object.nick).contains(partial)){

result.add(object);

}

}

Question titleIs it necessary to use a single method to call decryption? Example mode?
Problem descriptionThe test found that some fields can be decrypted and some cannot. Is it necessary to use a singleton? model?
Problem Analysis
Question AnswerYes, singleton mode must be used when calling decryption

4,

Question title

Does the encryption and decryption interface only support simultaneous encryption and decryption of a single field?

Problem descriptionDoes the encryption and decryption interface only support simultaneous encryption and decryption of a single field? Is it possible at the same time? Encrypt and decrypt nicknames and mobile phone numbers?
Problem Analysis
Question Answer

Currently, only one type can be selected for the encryption and decryption interface, either phone, nick, or name, and cannot be mixed

5、

RN(Security Token Code)/Key

1,

Question title How efficient is the batch encryption interface? Is there no concurrent processing in the source code?
Problem descriptionBatch encryption source code implementation or for loop calling a single encryption interface
Problem Analysis
##Question Answer

Batch calls are similar to single calls. The batch interface also processes a single call in a loop. Unless you want to save network overhead, avoid multiple network requests

Question title Will secret_version change? Will the key change?
Problem Description
Problem analysis secret_version is used to mark the key version, which will only change when the key version changes
Question answer

secret_version will only change when the key is upgraded. Which users will be upgraded will change. The key will not be changed regularly.

2,

Question title What is RandomNumber and how to get it?
Problem Description
Problem Analysis
Question reply

##randNum (security token code) is used to initialize encryption and decryption Object's

SecurityClient secretClient = new SecurityClient (new DefaultTaobaoClient(serverUrl, appkey, appSecret), Random Number);

randomNum in my. Download the corresponding app certificate from open.taobao.com.

3、

4,

Question title Why is there no Random Number in my application certificate?
Problem Description
Problem Analysis
Question Answer

randomNumber The waiter needs to initialize appkey encryption in the background.

Question title How do you know a ciphertext is a cipher? Was it encrypted before the key was upgraded or after the key was upgraded?
Problem Description
Problem Analysis
Question Answer

Encryption The API will automatically use the latest key to encrypt, and the decryption API will automatically obtain the key version

5 ,

Question title After the data is encrypted, will it definitely contain the ~ character?
Problem Description
Problem analysis
Question answer

Yes , cipher text format: ~Cipher text~Version number~

##6、

##Question Answer

7,

Question title Can I pass in an entity in Json format and decrypt it in batches? Or is there any other way to batch encryption and decryption.
Problem description
Problem Analysis
Batch encryption and decryption supports input list and returns map

Question title What is the length of the field after encryption?
Problem Description
Problem Analysis
Question Answer

Based on The encryption scheme you use for each field may have different encryption lengths.

Precise query (scenario 1, 2) Fuzzy query (scenario 3) nick/ receiver_namevarchar (32 character length * 4) varchar (32 character length * 8) normal (other scenarios) varchar (32 character length*4)varchar(32 character length*8) Scenario 4 fuzzy query (scenario 5)phonevarchar(16 (number length-8) (24))varchar(20 (character length*4))


##∗
#Code error

1、

Question titleRelated The code call returns isv.permission-denied error/error code 15##Problem descriptionProblem Analysisb) Session is not specified, or the specification is wrong (Not in the encryption whitelist)Question replyNeed to enable encryption or specify the correct session

2,

a) Encryption of appkey is not enabled in the background

Question titleCall taobao.top.secret. get error code 11
Problem description
Problem AnalysisBecause the app is configured with an IP whitelist and access restrictions
Problem Reply

Need to add IP whitelist

##3,

##Question reply
Question titleWhen calling the taobao.top.secret.get interface, "27/invalid session" will be reported Error
Problem description {"error_response":

{"code ":27,

"msg":"Invalid session",

"sub_code":"invalid-sessionkey",

"request_id":"13oyvzsl8ud7g"}

}
Problem Analysis The error is reported because the session is invalid/expired
Pay attention to whether the session is correct

4、

Question title Calling Problem description code: 12Problem Analysis The sub-account does not have permission to use appkey Question reply

safety verification


You can submit new questions to the Support Center

FAQ

  • There is no FAQ about this document
taobao.top.secret.get Error code 12(subuser_has-no-permission)
subcode: subuser_has-no-permission
It is recommended to check the sub-account configuration permissions, or use the main account