加签验签

任何时候，向服务器提交的数据都需要有sign签名，服务器响应的数据里也会有sign
客户端收到数据后，需要进行验签以保证数据可信性

注意：为了方便编写本接口文档，下文的API接口都是未开启数据加密和sign签名校验的情况，请注意

sign签名计算规则

将data节点下的key按字母从小到大排序，然后拼接处key=value&key=value形式，最后拼接上gen_key，取md5即可
需要注意的是
1.如果value=null，那么转换后为空字符串，即""
2.不管数据库里的换行符是\n还是\r\n，在计算签名的时候，必须统一转充\r\n

举例1：加签

假如提交数据如下

{
    "data": {
         "device_info": "windows 10",
         "device_code": "5A79565CC85400F0-83B59DB87562D3CA4B732957016075CF",
         "timestamp": "1641975865"
    },
    "skey": "7c580b6e-56fc-41ac-953c-8b6896e26eb1",
    "vkey": "asd123"
}

那么我们需要对data下的数据进行加签

{
    "device_info": "windows 10",
    "device_code": "5A79565CC85400F0-83B59DB87562D3CA4B732957016075CF",
    "timestamp": "1641975865"
}

那么将其转换成网址传参形式，需要按键名(key)的字母顺序排序，转换结果如下

device_code=5A79565CC85400F0-83B59DB87562D3CA4B732957016075CF&device_info=windows 10&timestamp=1641975865

然后在最后拼接上软件的genKey

device_code=5A79565CC85400F0-83B59DB87562D3CA4B732957016075CF&device_info=windows 10&timestamp=1641975865&gen_key=f84b1a6edfe246b7

然后取以上字符串的32位MD5，得到如下，即为sign

50be20e3c534c84e1b3a98ae1a937c87

放到json里，最后得到最终要发送的数据

{
    "data": {
         "device_info": "windows 10",
         "device_code": "5A79565CC85400F0-83B59DB87562D3CA4B732957016075CF",
         "timestamp": "1641975865"
    },
    "skey": "7c580b6e-56fc-41ac-953c-8b6896e26eb1",
    "vkey": "asd123"，
    "sign":"50be20e3c534c84e1b3a98ae1a937c87"
}

举例2：验签

假如收到的数据如下

{
    "code": 200,
    "success": true,
    "msg": "检测到有新版本",
    "sign": "23e84bf6c0cb1b699bb7c2d1a87c6f56",
    "result": {
        "timeStamp": "1642489926",
        "ver": "1.0.1",
        "haveNew": "1",
        "list": [{
            "ver": "1.0.2",
            "updType": 1,
            "updLog": "asda阿萨德",
            "updTime": 1642145917,
            "status": 1
        }, {
            "ver": "1.0.1",
            "updType": 1,
            "updLog": "阿萨德",
            "updTime": 1642145917,
            "status": 1
        }]
    },
    "timestamp": 1642489926159
}

那么我们需要对result下的数据进行验签

{
    "timeStamp": "1642489926",
    "ver": "1.0.1",
    "haveNew": "1",
    "list": [{
        "ver": "1.0.2",
        "updType": 1,
        "updLog": "asda阿萨德",
        "updTime": 1642145917,
        "status": 1
    }, {
        "ver": "1.0.1",
        "updType": 1,
        "updLog": "阿萨德",
        "updTime": 1642145917,
        "status": 1
    }]
}

那么将其转换成网址传参形式，需要按键名(key)的字母顺序排序，转换结果如下

haveNew=1&list=[{"ver":"1.0.2","updType":1,"updLog":"asda阿萨德","updTime":1642145917,"status":1},{"ver":"1.0.1","updType":1,"updLog":"阿萨德","updTime":1642145917,"status":1}]&timeStamp=1642489926&ver=1.0.1

然后在最后拼接上软件的genKey

haveNew=1&list=[{"ver":"1.0.2","updType":1,"updLog":"asda阿萨德","updTime":1642145917,"status":1},{"ver":"1.0.1","updType":1,"updLog":"阿萨德","updTime":1642145917,"status":1}]&timeStamp=1642489926&ver=1.0.1&gen_key=f84b1a6edfe246b7

然后取以上字符串的32位MD5，得到如下，即为sign

23e84bf6c0cb1b699bb7c2d1a87c6f56

然后与收到的数据里的sign比较，一致则数据可信，否则可能为伪造数据

sign签名计算规则#

举例1：加签#

举例2：验签#

sign签名计算规则

举例1：加签

举例2：验签