sing 签名API接口安全

1.效验SING字符串,可用防止接口数据被拦截后修改数据。

2.然后再把数据加上rsa非对称加密

 

 

签名算法如下:

  1. 对所有请求参数进行字典升序排列; 
    2. 将以上排序后的参数表进行字符串连接,如key1value1key2value2key3value3...keyNvalueN; 
    3. app secret作为后缀,对该字符串进行SHA-1计算,并转换成16进制编码; 
    4. 转换为全大写形式后即获得签名串

 

生成签名代码:
$serverstr = "";
foreach ($serverArray as $k => $v) {
 $serverstr.= $k.$v;
}
$reserverstr=$serverstr.$serverSecret;
$reserverSign = strtoupper(sha1($reserverstr));    // sha1  md5

if($clientSign!=$reserverSign){
    die('非法请求');
}else{
 //    your code continue;
}

 

2.hmac_md5 生成签名 可逆向校验

 function HmacMd5($data=array()) {
        $secret_key = 'lidianzjm666';
        /*两种方式调用*/
        if (!$data) {
            $data = $this->request->post();
        }
        /*将数组转为字符串*/
        $data = implode('&',$data);
        $key = iconv("GB2312","UTF-8",$secret_key);
        $data = iconv("GB2312","UTF-8",$data);
        $b = 64;
        if (strlen($key) > $b) {
            $key = pack("H*",md5($key));
        }
        $key = str_pad($key, $b, chr(0x00));
        $ipad = str_pad('', $b, chr(0x36));
        $opad = str_pad('', $b, chr(0x5c));
        $k_ipad = $key ^ $ipad ;
        $k_opad = $key ^ $opad;
        $sign['sign'] = md5($k_opad . pack("H*",md5($k_ipad . $data)));
        return json_encode(array('code' => 1000, 'msg' => 'success', 'data' =>$sign),JSON_UNESCAPED_UNICODE);
    }

posted @ 2020-07-30 20:47  快乐的在一起  阅读(453)  评论(0编辑  收藏  举报