SDK RSA Description

​

Signature algorithm

The open platform supports RSA encryption, which encrypts parameters and response bodies in both directions and verifies signatures, making it more secure for data. To request an open platform using this encryption method, you need to first understand the following content.

​

Role of public and private keys

• Party A is the third-party business caller
• Party B is the service provider of ChainUp

The role of public-private key pair:

Party A needs to generate a pair of public-private keys in advance when creating the application in the background, where the public key (rsa_third_pub) is provided to Party B, and the private key is kept by itself. When Party A requests the service provided by Party B, Party B encrypts the request parameters with Party B’s public key and signs the original MD5 data with Party A’s private key; when Party B receives the request, Party B decrypts the data with Party B’s private key and checks the original MD5 data with Party A’s public key.

​

Account Preparation

Developers need to prepare the following information.

1. Generate a pair of public and private keys, and submit the public key to the platform by creating an application in the background
2. Third-party application server IP (optional)

The information that the developer needs to save.

1. The private key corresponding to the public key submitted to the platform: rsa_third_pri .
2. The unique identifier of the created application: app_id. The public key of the application corresponding to the platform: rsa_saas_pub.

​

RSA public-private key production address

RSA Production rules:

• Cipher length : 2048
• Key format: PKCS#8

RSA public and private key generation address (optional to meet the generation rules): RSA Tool Website

​

Interface Rules

​

Interface call mode

Description：The interface documents in the article are explained using AK and SK interface documents. Here is a unified explanation for calling the rsa method. Call instances for reference Request Example and Response Body Decryption Method

Except for interfaces that do not require signatures in individual requests, interfaces need to encrypt and verify parameters and response bodies. Here, the interface for creating orders, open/user/registerOrLoginToGetOpenApi, will be used to explain how to call the interface.

When using ak/sk encryption, the request parameters are as follows:

{
  "appKey": "xxxx",
  "countryCode": "+86",
  "mobileNumber": "34334342",
  "password": "1234qwer",
  "sign": "xxxxxxxxxxxxxxxxxxxx"
}

The preceding parameters need to be encrypted and signed for rsa requests. appKey and sign do not need to participate in encryption. Other parameters need to be encrypted and signed to obtain the data and sign fields. New request parameters are as follows: The oppositePublicKey in the examples is the platform public key corresponding to the application, and the myPrivateKey is the private RSA key generated by the developer.

{
  "app_id": "xxxx",
  "time": 1715310032,
  "data": "xxxxxxxxxxx",
  "sign": "xxxxxxxxxxx"
}

Parameter description:

• app_id is an appKey parameter in ak/sk mode
• time Indicates the millisecond timestamp of the request time
• data indicates the encrypted parameter
• sign Indicates the encryption parameter sign

The body of the response returned

{
  "code": "0",
  "msg": "succ",
  "data": "xxxxxxxxxxx",
  "sign": "xxxxxxxxxxx"
}

Responder specification

• code Indicates the status code
• msg indicates the status code description
• data field indicates the specific response content returned and needs to be decrypted using the algorithm. Decryption Example
• The data is signed by the developer’s public key and the application’s private key. The signature needs to be verified by the algorithm. After the verification is successful, the returned value is considered secure. Verify signature