Message Signing and Encryption/Decryption Method
1. Message signing authentication has been added to the WeChat Official Account Admin Platform so that official accounts can authenticate message validity.
2. Common messages, event-based messages, and server messages pushed to a developer's backend systems from WeChat users or from the WeChat Official Accounts System are encrypted.
3. Replies made by a developer's backend system must be encrypted as well.
Note that calling an API from an official account does not require encryption.
After encryption/decryption is enabled (i.e. compatibility mode or security mode is selected), the WeChat Official Account System will push messages to the server URL (modifiable in "Developer Center") on the developer's backend system. New parameters (encryption type and message signature) will appear in the URL to reflect the new settings. Encryption uses the AES algorithm. For details about the encryption/decryption procedure and method, please see Implementation Guide, Technical Solution, and Sample Codes.
In order to help support developers better, three encryption/decryption modes are offered on the WeChat Official Account Admin Platform: plaintext mode, compatibility mode, and security mode (available in "Developer Center"). If compatibility mode or security mode is selected, the key EncodingAESKey must be entered in the Developer Center.
Plaintext mode: The existing mode remains unchanged and encryption/decryption features remain disabled. Messages are transmitted in plaintext mode. Default: plaintext mode.
Compatibility mode: Messages sent by the WeChat Official Account System will be sent as both plaintext and encrypted text, so message length is nearly triple. Message receivers can reply using plaintext or encrypted text messages, which does not affect message transmission. Debugging can be conducted using this mode.
Security mode (recommended): Messages sent by the WeChat Official Account System are encrypted and replies by a developer's backend system should be encrypted as well. It is recommended to select this mode after debugging is completed.
What is EncodingAESKey? EncodingAESKey is the encryption key for the AES symmetric encryption algorithm that the WeChat Official Account System uses to encrypt messages to be pushed to a developer's backend system. Developers should use this key to decrypt received messages and encrypt reply messages.
The WeChat Official Account Admin Platform provides developers with code samples in PHP. Click here to download.
To understand the samples, please see Implementation Guide and FAQs; and to better understand technical implementation, please see Technical Solution.