HTTPDNS
- Product Introduction
- Purchase Guide
- Getting Started
- API Documentation
- SDK Documentation
- SDK for iOS
- Practical Tutorial
- SDK for Android
- Practical Tutorial
- Access Management
- HTTPDNS Policy
AES/DES Encryption/Decryption
Last updated: 2022-06-22 15:59:32
Overview
This document describes how to use the DES and AES encryption algorithms. They can be used to encrypt the request parameters and decrypt the response data so as to prevent requests in plaintext from being maliciously altered during transfer.
Note:
If you make a query with an HTTPS request method, the transferred data will be protected through encryption because of the TLS channel, so you don't need to encrypt the data passed in.
Prerequisites
You have activated HTTPDNS and obtained the configuration information such as authorization ID, encryption key, and HTTPS token. For more information, see Configuration Information Description.
You have added the domain to be queried in the HTTPDNS console as instructed in Adding a Domain.
Flowchart
Step 1. Determine the encryption method. Currently, HTTP requests to HTTPDNS can be encrypted with DES or AES.
Note:
If you make a query with an HTTPS request method, see Querying with HTTPS Request Methods.
Encrypt the domain to be resolved with the corresponding key and algorithm (if you want to use the
ip parameter, you also need to encrypt it) and use the encrypted result and ID (which does not need to be encrypted) as the request parameters.Step 2. Send an encrypted request.
Step 3. Receive an encrypted response.
Step 4. Decrypt the result.
Encryption and Decryption Algorithm Use Instructions
DES algorithm
Note:
For encryption and decryption with DES, the key is 8 characters in length, the block cipher mode is
ECB, and the padding algorithm is PKCS5Padding.The encrypted data is encoded by using
Hex(Base16) to convert the binary data into a visible hexadecimal ID, and the length of the encoded data will double. The detailed process is as shown below:
Decryption of the response data involves decoding the data to binary data with
Hex(Base16) first and then decrypting the binary data with the DES algorithm into plaintext data. The detailed process is as shown below:
For example, if your domain is
www.dnspod.cn and the encryption key is dnspodpass, the process will be as follows:1. Add the domain in the HTTPDNS console.
2. Encrypt the domain with the encryption algorithm
DES-ECB-PKCS5 and DES encryption keydnspodpass, and you will get the encrypted string 87ae992c1321f299da3c0210a9900ae7.3. Call the
curl "http://43.132.55.55/d?dn=87ae992c1321f299da3c0210a9900ae7&id={authorization ID}" API to request the A record. You will get an encrypted string with a doubled length, such as 55915a682ea20840ff74aa6e7bebf11454ed0f4050a63e93e6e89521553a01a8.4. Decrypt the encrypted string with the encryption algorithm
DES-ECB-PKCS5 and DES encryption keydnspodpass, and you will get the plaintext data 121.12.53.35;106.227.19.35.Note:
The above strings are used as an example only and cannot be used for normal requests.
AES algorithm
Note:
For encryption and decryption with AES, the key is 16 characters in length, the block cipher mode is
CBC, and the padding algorithm is PKCS7.The CBC mode requires a random
IV as the initial input for encryption and decryption, so the IV will also be carried in the request and response. The encrypted data along with the IV is encoded by using Hex and converted into a visible hexadecimal ID. The detailed process is as shown below:
During decryption, the data is decoded to binary data by using
Hex, where the first 16 bytes is the IV value, and the bytes after IV is the data to be decrypted with the AES algorithm. The plaintext data will be obtained after decryption. The detailed process is as shown below:
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No