Architect 04 - Application Service Encryption Design and Practice

In a recent study the design of the application service between encryption and practice,Combined with more than ten years met situations talk about is how to realize,需要注意哪些点.

 为什么需要加密 

主要还是安全问题,Even if the network is not safe,Mutual trust between team is one aspect,Need not to need to do some business between different service content encryption is another aspect.例如：A业务调用B接口urlIntroduced to the business needs of parameters,And the content to beC获得,So if there is no necessary content validation process parameters,那么CCan acquire other content by modifying parameters,Especially for some to master the stateuid获得的内容.And a set of encryption mechanism can guaranteeC除了获得A请求BThe parameters of the corresponding content.Don't have access to the interface of information,即：Not by changing the parameters to obtain extra content.I once met a few times,Security vulnerabilities mention here,Are due to no encryption.Encryption is encrypted under a certain business scenarios,Purpose is to prevent the business parameters been tampered with,For other illegal content,So any plan is under a certain business scenarios based on the content of consider.

 Need a reverse solution between servers encrypted 

答案是通常不需要,I encountered business scenarios are only check don't understand.This is mainly because the cost,Both encryption and decryption algorithm,Higher than encryption algorithm only difficulty,Although there are a lot of encryption algorithm to realize the function,But if there is no need to or not to consider,Service according to certain rules to generate encryptedtokenPass and business is good.If you need to specify the parameters of the,比如loginUid,那么把uidAs a part of the encrypted string is good.

 Business calls the process 

简单说,Is the business side and service side agreed an encrypted factor(appsecret),Then after encryption algorithm to contain encrypted string,生成一个加密的token,Then call the service side of the interface,传入.And if a service to multiple business,In order to identify which business,For each business distribution anappkey,It is ok to call interface with.tokenThe generation of the algorithm is shown in the figure below：

      
      

       
       token=AOE(appsecret + 内容)
       
       
// Mainly refers to the request parameters, etc
      
      
      
      

       
       
1.
       
       
2.
      
      

 token具有什么特点 

1. 时效性

tokenEncrypted string is often designed to be effective,即同一个tokenIn a certain period of time.Implementation is the encryption algorithmAOE么,肯定不是,So the encryption is the basic factor,The encryption factor consists of two partsappsecret和内容,Some of the scenes are through constant updatesappsecretTo achieve timely,不过This way the cost is higher need extra support.当然还有一种方式,To add a timestamp such as content in,Every time to figure out whether the timestamp comply with requirements,Then the encrypted,This way too before I contact with some of the open platform using a way,I personally think that this method is based on the basic function,更低成本.

2. 唯一性

通俗点儿说,就是每次请求的token都不同.Of course also can according to the business scenario limited only a few key fields,如登陆uid等.Basically, I encountered two ways：

（1）All content in encryption,即：All of the request parameters according to certain order（例如升序）,And then assembled into rules of string throughAOE算法进行加密.前几年的SNSSocial open platform is basically achieve so,This modified call interface with any parameters will lead to validation fails.

 (2) Some important contents in encryption,即：As mentioned on target usersloginUidParticipate in the encryption,确保token是基于loginUid生成的,Nor even if intercepted by otheruidIdentity to request some content.

 token放在哪里 

1. 放在uri参数里面,Before met some common is onurlIn the parameter is good.这样的优势是简单,方便统计,如果服务器使用了nginx accessLog in statistical monitoring data collection,Can easily mobile phones toappkey等内容.

2. 放在header里面,Bo internal platform validation is onheader里面的,I guess when this design is to have a business with separate parameters.

 几种加密方式 

Here I am in the development process used in several ways：

1.无加密

Some students think that network is safe,So the developed interface does not necessary encryption.This method of security levels=0.

2.Conventional fixed string

This method is similar to the first,Just the two sides agreed a string.理想状态：Other business party don't know other business party string,所以无法调用,This way against the request not be intercepted problem.

3.Conventional fixed string to string encryption

Both sides agreed goodappsecret、appkey,And then in order not to invade the business,直接根据appsecretEncrypt it is concluded thattoken,This method is slightly better than the above,That developers have a certain security awareness,But still can not solve the security problem,After a string of content encryption algorithm to draw or fixed another encrypted string.解决不了urlParameters can be obtained through the modification of data security hidden danger,Security part there is still not pass.

4.Conventional fixed string and then combined with the content encryption

Most of the time just business,An interface to invoke the service,There is no need for the whole of the complex,这时,Services for the business and offline the appointmenttoken_secretAnd the way of an encryptedAOE即可.

Of course this way generally add a timestamp,登陆uidSuch as encrypted generatedtoken.

5.Encryption cycle transformation factortoken_secret,Then combined with the content encryption

This is a Po internal platform widely used,The caller is an unit with the longest day level（Ensure the effectiveness）,Time to refresh corresponding businessappkey的tauth_token和tauth_token_secret,Business calls the service party in according to certain algorithmtoken 放在header头里面.

      
      

       
       token=AOE（tauth_token_secret + 内容）
      
      
      
      

       
       
1.
      
      

更新：This way is through the extra timing task periodically refreshedtauth_token_secret的内容.

成本：这种方式成本比较高,Need to provide the servicetoken生成服务,While the business need additional process to refreshsecret的内容.And in order to maintain the high availability,token The machines must be generated by the two above machine.

产品化

自古深情留不住,总是套路得人心.If it is a two interfaces,One or two business,The agreement under fixed encryption factor is good,It is not necessary to make a system,This is also I observed in the development process of.But if the service party corresponding to multiple business party call,Or to follow certain rules,提供必要的wiki支持,The other configuration information also to the background management system：

如下内容,Service providers to develop new interface,Then configure permissions and invoke businessappkey, appsecret,Qualified interface, etc.Then tell the business,We have business in accordance with thewikiInterface that invokes the business need,使用appsecretEncrypt calls.如上面的图,标准化,体系化.

总之,Everyone must do technical scheme combining application scenario,If few business,就没必要搞token中心.如果没有token的自动变换,Just rely on the timestamp to change.Both are no problem,See what kind of plan cost can accept it～