Generate information digests for plaintext encoding to prevent tampering. For example, MD5 uses the Hash algorithm. No matter how long the input is, MD5 will output a string with a length of 128 bits. The digest algorithm does not require a secret key, and the client and server can obtain consistent ciphertext for the same piece of plaintext by using the same digest algorithm.
Symmetric encryption
The symmetric encryption algorithm is a shared key encryption algorithm, and only one key is used in the encryption and decryption process. Both the sending and receiving parties know the encryption key in advance, and both use this key to encrypt and decrypt the data.
Data encryption: In the symmetric encryption algorithm, the data sender encrypts the plaintext (original data) and the encryption key together to generate complex ciphertext for transmission.
Data decryption: After receiving the ciphertext, the data receiver uses the encrypted key and the inverse algorithm of the same algorithm to decrypt the encrypted ciphertext, which will restore it to readable plaintext.
asymmetric encryption
Asymmetric encryption algorithm has two keys, one is called public key (public key) and the other is called private key (private key). Two different keys are used for encryption and decryption, so this algorithm It is called an asymmetric encryption algorithm.
If data is encrypted with a public key, it can only be decrypted with the corresponding private key. If data is encrypted with a private key, it can only be decrypted with the corresponding public key.
How to deal with common encryption algorithms
According to the above common encryption algorithms, testers can use the following methods to process encrypted interfaces when testing different encrypted interfaces
Digest algorithm (MD5.SHA1): Before creating interface data, call MD5 and SHA1 to encode, and the server compares whether the encoded strings are consistent.
Symmetric encryption algorithm (AES, DES): Obtain a symmetric public key from the developer before creating the interface data, based on the symmetric public key, the request data can be encrypted and the response message can be decrypted.
Asymmetric Encryption Algorithm (RSA): Obtain public and private keys from development to encrypt and decrypt interface data before creating interface data
User Authentication
General interface testing tools will provide a User Auth/Authorization option. Taking Postman as a chestnut, you can see the following options:
Basic Authentication (Basic Auth) Digest Authentication (Digest Auth)
OAuth 1.0aOAuth 2.0 (the most common, most of the current website interfaces provide this user authentication method) On the corresponding tool, you can select the corresponding user authentication option
There is data to be encrypted in the interface, how to deal with it?
(1) Write a function or method, and use this function to filter the parameters to be encrypted, which is equivalent to throwing the data in, after encryption, and then transmitting the encrypted data.
(2) As for what encryption algorithm to use, it depends on the product and your own business scenarios and needs, whether it is AES or public key and private key, you can choose your own.
(3) It may also be an encoding problem. Just use the base64 code to return the base64 code for the encrypted thing to be transmitted through base64, then put it in, and then transmit it.
(4) This is encoding rather than encryption. If encryption is really necessary, the parameters to be used are first encrypted and then transmitted. During the transmission process, the transmitted data is encrypted and encapsulated once before being sent.
(5) Use jmeter for interface testing, use post-processor plus beanshell for encryption and decryption, and then search for parameters from the log, and then the specific encryption algorithm depends on the requirements.
(6) The encryption algorithm provided by each test tool is different, and the encryption algorithm is also different for different tools.
Finally, I would like to thank everyone who has read my article carefully. Reciprocity is always necessary. Although it is not a very valuable thing, you can take it away if you need it:
[The following is the most complete software test engineer learning knowledge architecture system diagram in 2023 that I compiled]
1. From entry to mastery of Python programming
2. Interface automation project actual combat
3. Actual Combat of Web Automation Project
4. Actual Combat of App Automation Project
5. Resume of first-tier manufacturers
6. Test and develop DevOps system
7. Commonly used automated testing tools
Eight, JMeter performance test
9. Summary (little surprise at the end)
life is long so add oil. Every effort will not be let down, as long as you persevere, there will be rewards in the end. Cherish your time and pursue your dreams. Don't forget the original intention, forge ahead. Your future is in your hands!
Life is short, time is precious, we cannot predict what will happen in the future, but we can grasp the present moment. Cherish every day and work hard to make yourself stronger and better. Firm belief, persistent pursuit, success will eventually belong to you!
Only by constantly challenging yourself can you constantly surpass yourself. Persist in pursuing your dreams and move forward bravely, and you will find that the process of struggle is so beautiful and worthwhile. Believe in yourself, you can do it!