敏感信息加解密

为了保证通信过程中敏感信息字段（如用户的住址、银行卡号、手机号码等）的机密性，宝付要求商户对上送的敏感信息字段进行加密。与之相对应，宝付会对下行的敏感信息字段进行加密，商户需解密后方能得到原文。下面详细介绍加解密的方式，以及如何进行相应的计算。

通过上文我们已经知道数字信封的生成与传输方式,这里根据数字信封原文(16位密钥)对敏感信息进行加密

敏感信息加解密

RSA签名算法对应的AES加解密算法

对应算法为AES/CBC/NoPadding

示例代码

public static String aesEncrypt(String content, String password) {

            try {
                Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
                int blockSize = cipher.getBlockSize();
                byte[] dataBytes = content.trim().getBytes(StandardCharsets.UTF_8);
                int plaintextLength = dataBytes.length;
                if (plaintextLength % blockSize != 0) {
                    plaintextLength += blockSize - plaintextLength % blockSize;
                }

                byte[] plaintext = new byte[plaintextLength];
                System.arraycopy(dataBytes, 0, plaintext, 0, dataBytes.length);
                SecretKeySpec keyspec = new SecretKeySpec(password.getBytes(), "AES");
                IvParameterSpec ivspec = new IvParameterSpec(password.getBytes());
                cipher.init(1, keyspec, ivspec);
                byte[] encrypted = cipher.doFinal(plaintext);
                return Hex.bytesToHex(encrypted);
            } catch (Exception var12) {
                throw new ServiceException("aes加密发生错误");
            }
    }
      public static String aesDecrypt(String encryptContent, String password) {
            try {
                byte[] encrypted1 = Hex.hexToBytes(encryptContent);
                Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
                SecretKeySpec keyspec = new SecretKeySpec(password.getBytes(), "AES");
                IvParameterSpec ivspec = new IvParameterSpec(password.getBytes());
                cipher.init(2, keyspec, ivspec);
                byte[] original = cipher.doFinal(encrypted1);
                return (new String(original)).trim();
            } catch (Exception var9) {
                var9.printStackTrace();
                throw new ServiceException("aes解密发生错误");
            }
    }

国密签名算法对应的SM4加解密算法

对应算法为SM4/ECB/PKCS5Padding
示例代码

public static byte[] encrypt(byte[] key, byte[] data) {
        try {
            Cipher cipher = Cipher.getInstance("SM4/ECB/PKCS5Padding", BouncyCastleProvider.PROVIDER_NAME);
            Key sm4Key = new SecretKeySpec(key, "SM4");
            cipher.init(Cipher.ENCRYPT_MODE, sm4Key);
            return cipher.doFinal(data);
        } catch (GeneralSecurityException e) {
            throw new CryptoException("cipher doFinal异常", e);
        }
 }

 public static byte[] decrypt(byte[] key, byte[] data) {
        try {
            Cipher cipher = Cipher.getInstance("SM4/ECB/PKCS5Padding", BouncyCastleProvider.PROVIDER_NAME);
            Key sm4Key = new SecretKeySpec(key, "SM4");
            cipher.init(Cipher.DECRYPT_MODE, sm4Key);
            return cipher.doFinal(data);
        } catch (GeneralSecurityException e) {
            throw new CryptoException("cipher doFinal异常", e);
        }
 }