Encrytion Process
For data security , Geoswift's interface adopts two encryption methods ,two signature methodsand one sorting method: CFCA public key certificate encryption, AES encryption, SHA1 signature, CFCA private key certificate signature and key name initial alphabet sorting. The demos in threelanguages offer a variety of methods.
1.Sort by key name initial
The main purpose is to sort the data JSON from a to z by initial of key name,then joint the keyvalue(except for the null value), the corresponding key values should be separated by #. Sample:
Before sorting:
<![CDATA[
{
"merchantId": "890000593",
"orderAmount": "1",
"orderCurrency": "CNY",
"requestId": "1556592332569",
"notifyUrl": "https://sdk.geoswift.com/sdk/onlinepay/notify",
"callbackUrl": "https://sdk.geoswift.com/sdk/onlinepay/callback",
"remark": "备注",
"paymentModeCode": "",
"productDetails": [{
"name": "",
"quantity": 1,
"amount": 1,
"receiver": "",
"description": ""
}],
"payer":
{
"name": "付款人姓名",
"idType": "IDCARD",
"idNum": "232201198701280426",
"bankCardNum": "6222021001116245702",
"phoneNum": "18800000000",
"email": "cs@cc.com"
},
"hmac": "Wf7yNZUdruKx7Q1P6bwv6dhu05o13wYfp0S7zC7GP0aolLdjYqjNbR2n4gXinH7Tr1B3 GyOEJ2B6SDa3xEebBl8cd7m/Msng3jY
bB1Nzo23nHkIQec329Xuh19kr0SQB+xdMAbX7Dzt dDweNMEnH+5pJLgbDjSyMocF9jBkhShvX5g1VdBpfK05ZTqRNaGcLrLgwMh4QlPtJhvq
TBtOikZtIylinHiVaaXnbsR9WGg5fsmtRly3Cf6LW/XbJUuyh6O92eArAV1CXOEuKy04+qIkSW0bQ=="
}
]]>
PS:’#’ is needed at the end of the string,not the beginning. After sorting:
<![CDATA[ https://sdk.geoswift.Com/sdk/onlinepay/callback#890000593#https://sdk.geoswift.com/sdk/onlinepay/notify#1#cny#
6222021001116245702#cs@cc.com#132201198701280426#IDCARD#付款人姓名#18800000000#1#1#备注#1556592332569#]]>
SHA1 signature:
Used for preliminary summary of data. Sample:
Before signature:
<![CDATA[ https://sdk.geoswift.com/sdk/onlinepay/callback#890000595#https://sdk.geoswift.com/sdk/onlinepay/notify#1#CNY#6222
021001116245702#cs@cc.com#132201198701280426#IDCARD#付款人姓名#18800000000#1#1#备注#1556592332569#]]>
After signature:
<![CDATA[ wkJpxZ9o+vuGhQn2pieT3S5GvSo=]]>
3.CFCA CFCA private key signature:
PS: The result of this step is hmac. The signed value should be passed to the hmac item in the original JSON.
The merchant signs the SHA1 result with the exported CFCA private key certificate.The
advantage of this signature is that it cannot be cracked.After requesting the interface, Geoswift
uses the public key uploaded by the merchant in the Geoswift merchant background for
signature verification to prevent information tampering. Example:
After encryption:
<![CDATA[ wkJpxZ9o+vuGhQn2pieT3S5GvSo=]]>
After encryption:
<![CDATA[
SjhLrzimZKXWCz1m1L5npw/rBs6GdTOMSDlg5D49TWdgQUY9+eC2j14TnhopGSk7euAWX7cWQaMCP096znzKeRFaYp0rsghkQSquzRwFQi
VWhgePJSVdnl5raUHGPW4r0gfRLuKbtMCe2pgidMrGM1WTOGjHj9kM/1qaecDO1PXHSDJWNIuypXbsMg1bvkltg1qlfOJgCRJ6IDJSr3vn
W4eWVEZJDqkcYZAU7lZnnq419XJnbXGqefBYW4pBrVlFgyKkP7PG25JGu5b03IuxgKTmp5qeXB0BHZzgaVRfrRyNqvRtK2qqCB7/+QI7O1
c7wexsF6uR/ekGKArWRCDCw==
]]>
4.Automatically generate 16 digits AES key
After this step, get the AES key that used to encrypt the original JSON data which containsthe hmac parameter
The merchant generates a string of the random number with 16 digits length for AES encryption
Sample:wsF0iQI3myswBmH8
5.AES encryption:
The encryption can be decrypted with the same key.The merchant encrypts the original JSONdata which contains the hmac parameter with the self generated 16-bit random number key.Geoswift
would decrypt with the same key when received the data.
Sample:
Before encryption:
<![CDATA[
{
"merchantId": "890000593",
"orderAmount": "1",
"orderCurrency": "CNY",
"requestId": "1556592332569",
"notifyUrl": "https://sdk.geoswift.com/sdk/onlinepay/notify",
"callbackUrl": "https://sdk.geoswift.com/sdk/onlinepay/callback",
"remark": "备注",
"paymentModeCode": "",
"productDetails": [{
"name": "",
"quantity": 1,
"amount": 1,
"receiver": "",
"description": ""
}],
"payer": {
"name": "付款人姓名",
"idType": "IDCARD",
"idNum": "132201198701280426",
"bankCardNum": "6222021001116245702",
"phoneNum": "18000000000",
"email": "cs@cc.com",
"nationality": null
},
"hmac": " SjhLrzimZKXWCz1m1L5npw/rBs6GdTOMSDlg5D49TWdgQUY9+eC2j14TnhopGSk7euAWX7cWQaMCP096znzKeRFaYp0rsghkQSquzRwFQi
VWh/gePJSVdnl5raUHGPW4r0gfRLuKbtMCe2pgidMrGM1WTOGjHj9kM/1qaecDO1PXHSDJWNIuypXbsMg1bvkltg1qlfOJgCRJ6IDJSr3vnW4eWVE
ZJDqkcYZAU7lZnnq419XJnbXGqefBYW4pBrVlFgyKkP7PG25JGu5b03IuxgKTmp5qeXB0BHZzgaVRfrRyNqvRtK2qqCB7/+QI7O1c7wexsF6uR/ek
GKArWRCDCw=="
}
]]>
After encryption:
<![CDATA[
PoE9VSppnI/ixnoi7j2/LE0o28NGVdREh6TfZXXPS0Z0xZTs8Iy9FOoL2lDYOOGfoNNb3YRGtQ1y1ggUykbBaMRh8ipd7njD8XgH0suhx0nyKcSuU
S6vkCV3rI+0cJyjENozstB7vhAv31LxOoWyhrBCim/9mnyMomi6jEZS0xdQizUu4TcgJsQL2wXCecHdoD6C6PzLS+oSpizoBC6OtMMuD3aPR/tU5d
hofU/r1Bof8CuWulV4sCNr8X5EsduZs3uu3dnLsLEJNDjqplN7dGYga492DMg5KHqm8yAOGkiLAyR2jEspHz0ICVdB7RSS6RTDrtqAVzEIw2zrAYyo
TMbKOPkh720eFjkRc3iBw5TLfry9ZP4/sBtCzeOvcKw5rxGWiV6RIzxmftUFfsZLAA45DAil6+qryNU7cvS6UupxFiJLykkg88HvZRCGXuY4RxMhTxM
T4Vt+emA3RkYHr4U5Z+jUmvx1AjzQs6VBEoqmiFtM5vwHVkkF+e6JYV3d8BVeWyWCcYWYR0h9WYOdvnozsLv5NAQZtFYLbON7krN9abvqUa1Nwn+f8f+
kQpyQAqhhLbqx/r2V9jvaIWXYyUzo0oLIH8eL2WvWBPDXMeipo0c0erwxqL3cGI1jxsAvrpAHPoGxYaeRCdWWIWDG2l6hHwiER/pZKp16k0JSOsJVBG
apgWvbPFAd/kfoP6SHuRG/dNjgahiS+tK/QUrV+X8D16Q7uixBJ15/Gwg/b2QSC88Dvs9t14UmYqtqVYFZAo4u5O718r4yA20nk8bZCd9Zwv+Hy6IEg1
MzzZEYoOoT9oXCvrQEb6SY5JzCymLPOLq07Mi1a5IZ1c9KGWY2gi6UaXFEHGVCLt8ITlHhG5V8NCo8+uMB3l4vFKNAMRC21tc1Z7dFdD29vnU+2sa2oa
86JGMDLbe+MXgVEpWsmFouGhcq1uU+xDSgTKlhm87TW0waUihBX/VnmCPrpV0YQgIN/RZMnWAHEf78cWx4UMXEqi+eqJer27CuKG8L2k6sCImskWdIBv
VXRpHrEsDqZnzsBDQuQ5f0kPjljqXjhk/vLzYy+READjUwVpKDhwkvPd2JT+j+UZBg+shYia0UNpPc0GdvFCgz0unqZUIhkEf9dHXQBzu+pyIMOFspxv
f9O41Otj+Y/cDCxeqIP+KlxJrxLrxr6g868VpWKffKEMivuMZMo528QV0/xUyivzUBxep4OCq6x8zB6poGRaap50PAvbMPEZ9FDJdrSpMkZcGJ5c9w+E
T/Pu2xBEv1Pk7ykfyv2FPgM0vfh+xvjhLvAa0YPXvM7xbeB35LQ2iA54T/voza91sNhMowoR7ZcS0xK6+bp+VDCJfAK6kP4dwvCg==
]]>
6.CFCA public key encryption:
After this step, you will get the request header encryptKey data of the request interface. Put
the encrypted value into the request header of the request interface, and the key nameisencryptKey.
This encryption is asymmetric encryption. Merchant could conduct the CFCApublic keycertificate encryption through the public key in the demo provided by Geoswift(not the public keyexported). The encrypted data is the AES key generated by merchant, to prevent the leaking of AESkey.
Before encryption:
wsF0iQI3myswBmH8
After encryption:
O3ch2CMfQaVeP8b6WbziCffGVGHF2BSsjaOQm2EvO+3Q1X8y2CSobquLNcT/g/FdsvRnmPwfscR3lbFBYvH9M9NdGjKjLNHkGc2ekagABPGWDwMzcnrLj
vkNL3xgHSt4+mmZDDs8OUlpN5WCDVnMBcq2NEb4IY0We7I4g80xIFj1+XwPhzFZL6MMny5fq1/GVbAfh/iNV1XxpOvGsi0v8bRxEwu/auqTM5K6p7VrS
ZgcE7rdwD1I11PgN1sHUaPQn1X/2oJ2qELWdNi9K7aAC/7SfZhGXzU5+Z22ShxYzN27l1MIIVKBCbR7/tOMZe2VfQn8YFQgT05TB5dntaJeGw==
7.Request the interface:
When requesting, the merchant needs to confirm that the request address is correct andtherelevant encryption process is accurate. The request method is POST. When requesting, pleaseconfirm that it is encoded by UTF-8. The following is the relevant request content.
Headers:
| Key |
Value |
Description |
| merchantId |
Keep the value same with the
merchantId in the request body |
The unique identity of the merchant ID in Geoswift system. |
| requestId |
Keep the value same with the requestId in the request body |
The order number is drafted by the merchant, the order number must be the unique on the transaction platform. |
| partnerId |
partnerId |
The unique ID that Geoswift assigns to the service provider, corresponding to the merchant number (this parameter is not passed if the service does not have a service provider ID) |
| Content-Type |
application/vnd.geoswift-v3.0+json |
The fixed Content-Type of request header provided by Geoswift |
| encryptKey |
AES key data encrypted by CFCA public key |
The value obtained after CFCA public key encryption in step 6 of the above request encryption process |