sing 签名API接口安全
1.效验SING字符串,可用防止接口数据被拦截后修改数据。
2.然后再把数据加上rsa非对称加密
签名算法如下:
-
对所有请求参数进行字典升序排列;
2. 将以上排序后的参数表进行字符串连接,如key1value1key2value2key3value3...keyNvalueN;
3. app secret作为后缀,对该字符串进行SHA-1计算,并转换成16进制编码;
4. 转换为全大写形式后即获得签名串
生成签名代码:
$serverstr = "";
foreach ($serverArray as $k => $v) {
$serverstr.= $k.$v;
}
$reserverstr=$serverstr.$serverSecret;
$reserverSign = strtoupper(sha1($reserverstr)); // sha1 md5
if($clientSign!=$reserverSign){
die('非法请求');
}else{
// your code continue;
}
2.hmac_md5 生成签名 可逆向校验
function HmacMd5($data=array()) {
$secret_key = 'lidianzjm666';
/*两种方式调用*/
if (!$data) {
$data = $this->request->post();
}
/*将数组转为字符串*/
$data = implode('&',$data);
$key = iconv("GB2312","UTF-8",$secret_key);
$data = iconv("GB2312","UTF-8",$data);
$b = 64;
if (strlen($key) > $b) {
$key = pack("H*",md5($key));
}
$key = str_pad($key, $b, chr(0x00));
$ipad = str_pad('', $b, chr(0x36));
$opad = str_pad('', $b, chr(0x5c));
$k_ipad = $key ^ $ipad ;
$k_opad = $key ^ $opad;
$sign['sign'] = md5($k_opad . pack("H*",md5($k_ipad . $data)));
return json_encode(array('code' => 1000, 'msg' => 'success', 'data' =>$sign),JSON_UNESCAPED_UNICODE);
}