微信小程序解密得到unoinid和手机号 ,开放数据的校验和解密 获取手机号
实际测试 两种方法都可以:
第一种方法:
public static string DecodeUserInfo(string encryptedData, string iv, string code)
{
var url = "https://api.weixin.qq.com/sns/jscode2session?app + code + "&grant_type=authorization_code";
var sessionkey = Utils.HttpGet(url);
var wxinfo = Newtonsoft.Json.JsonConvert.DeserializeObject<WxInfoRequest>(sessionkey);
var session_key = wxinfo.session_key;
byte[] iv2 = Convert.FromBase64String(iv);
if (string.IsNullOrEmpty(encryptedData)) return "";
Byte[] toEncryptArray = Convert.FromBase64String(encryptedData);
System.Security.Cryptography.RijndaelManaged rm = new System.Security.Cryptography.RijndaelManaged
{
Key = Convert.FromBase64String(session_key),
IV = iv2,
Mode = System.Security.Cryptography.CipherMode.CBC,
Padding = System.Security.Cryptography.PaddingMode.PKCS7
};
System.Security.Cryptography.ICryptoTransform cTransform = rm.CreateDecryptor();
Byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
return Encoding.UTF8.GetString(resultArray);
}第二中方法:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace YouNameSpace
{
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
/// <summary>
/// 签名及加密帮助类
/// </summary>
public static class EncryptHelper
{
#region 私有方法
private static byte[] AES_Decrypt(String Input, byte[] Iv, byte[] Key)
{
RijndaelManaged aes = new RijndaelManaged();
#if NET45
#else
//SymmetricAlgorithm aes = Aes.Create();
#endif
aes.KeySize = 128;//原始:256
aes.BlockSize = 128;
aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.PKCS7;
aes.Key = Key;
aes.IV = Iv;
var decrypt = aes.CreateDecryptor(aes.Key, aes.IV);
byte[] xBuff = null;
using (var ms = new MemoryStream())
{
using (var cs = new CryptoStream(ms, decrypt, CryptoStreamMode.Write))
{
byte[] xXml = Convert.FromBase64String(Input);
byte[] msg = new byte[xXml.Length + 32 - xXml.Length % 32];
Array.Copy(xXml, msg, xXml.Length);
cs.Write(xXml, 0, xXml.Length);
}
xBuff = decode2(ms.ToArray());
}
return xBuff;
}
private static byte[] decode2(byte[] decrypted)
{
int pad = (int)decrypted[decrypted.Length - 1];
if (pad < 1 || pad > 32)
{
pad = 0;
}
byte[] res = new byte[decrypted.Length - pad];
Array.Copy(decrypted, 0, res, 0, decrypted.Length - pad);
return res;
}
#endregion
/// <summary>
/// 解密所有消息的基础方法
/// </summary>
/// <param name = "sessionKey" > 储存在 SessionBag 中的当前用户 会话 SessionKey</param>
/// <param name = "encryptedData" > 接口返回数据中的 encryptedData 参数</param>
/// <param name = "iv" > 接口返回数据中的 iv 参数,对称解密算法初始向量</param>
// / <returns></returns>
public static string DecodeEncryptedData(string sessionKey, string encryptedData, string iv)
{
var aesCipher = Convert.FromBase64String(encryptedData);
var aesKey = Convert.FromBase64String(sessionKey);
var aesIV = Convert.FromBase64String(iv);
var result = AES_Decrypt(encryptedData, aesIV, aesKey);
var resultStr = Encoding.UTF8.GetString(result);
return resultStr;
}
}
}注意:1.session_key 是通过wx.login 然后得到code 然后去后台调取相应的接口获得的
2.如果你的小程序没有绑定微信开放平台,encryptedData 解密的数据中不包含unionid参数
3.微信开放平台和微信公众平台不是一回事 需要单独注册的
4.解密encryptedData 之前 最好先进行数据签名校验 防止数据被篡改
(如果不进行校验 解密的数据是被篡改的数据 会导致得到的数据不准确 上述例子中没做校验
校验主要用的是sha1加密 在另一篇博文(https://www.cnblogs.com/huangshuqiang/p/6254023.html)中已经给出了sha1加密的写法)
参考:https://blog.csdn.net/willianyy/article/details/79670750
http://www.cnblogs.com/Sea1ee/p/9627021.html