通知报文解密

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

public class AesUtil {

    static final int KEY_LENGTH_BYTE = 32;
    static final int TAG_LENGTH_BIT = 128;
    private final byte[] aesKey;

    public AesUtil(byte[] key) {
        if (key.length != KEY_LENGTH_BYTE) {
            throw new IllegalArgumentException("无效的ApiV3Key，长度必须为32个字节");
        }
        this.aesKey = key;
    }

    public String decryptToString(byte[] nonce, String ciphertext,byte[] associatedData)
            throws GeneralSecurityException, IOException {
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            SecretKeySpec key = new SecretKeySpec(aesKey, "AES");
            GCMParameterSpec spec = new GCMParameterSpec(TAG_LENGTH_BIT, nonce);
            cipher.init(Cipher.DECRYPT_MODE, key, spec);
            cipher.updateAAD(associatedData);
            return new String(cipher.doFinal(Base64.getDecoder().decode(ciphertext)), "utf-8");
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new IllegalStateException(e);
        } catch (InvalidKeyException | InvalidAlgorithmParameterException e) {
            throw new IllegalArgumentException(e);
        }
    }
}

from cryptography.hazmat.primitives.ciphers.aead import AESGCM
import base64

def decrypt(nonce, ciphertext, associated_data):
    key = "d1f20ym47uaorjqdoe9irqxhjiiwyqu4"

    key_bytes = str.encode(key)
    nonce_bytes = str.encode(nonce)
    ad_bytes = str.encode(associated_data)
    data = base64.b64decode(ciphertext)

    aesgcm = AESGCM(key_bytes)
    return aesgcm.decrypt(nonce_bytes, data, ad_bytes)

public class AesGcm
{
    private static string ALGORITHM = "AES/GCM/NoPadding";
    private static int TAG_LENGTH_BIT = 128;
    private static int NONCE_LENGTH_BYTE = 12;
    private static string AES_KEY = "yourkeyhere";

    public static string AesGcmDecrypt(string associatedData, string nonce, string ciphertext)
    {
        GcmBlockCipher gcmBlockCipher = new GcmBlockCipher(new AesEngine());
        AeadParameters aeadParameters = new AeadParameters(
            new KeyParameter(Encoding.UTF8.GetBytes(AES_KEY)), 
            128, 
            Encoding.UTF8.GetBytes(nonce), 
            Encoding.UTF8.GetBytes(associatedData));
        gcmBlockCipher.Init(false, aeadParameters);

        byte[] data = Convert.FromBase64String(ciphertext);
        byte[] plaintext = new byte[gcmBlockCipher.GetOutputSize(data.Length)];
        int length = gcmBlockCipher.ProcessBytes(data, 0, data.Length, plaintext, 0);
        gcmBlockCipher.DoFinal(plaintext, length);
        return Encoding.UTF8.GetString(plaintext);
    }
}

class AesUtil {

 private $aesKey;

 const KEY_LENGTH_BYTE = 32;
 const AUTH_TAG_LENGTH_BYTE = 16;


 public
 function __construct($aesKey) {
  if (strlen($aesKey) != self::KEY_LENGTH_BYTE) {
   throw new InvalidArgumentException('无效的ApiV3Key，长度应为32个字节');
  }
  $this - > aesKey = $aesKey;
 }

 /**
  * Decrypt AEAD_AES_256_GCM ciphertext
  *
  * @param string    $associatedData     AES GCM additional authentication data
  * @param string    $nonceStr           AES GCM nonce
  * @param string    $ciphertext         AES GCM cipher text
  *
  * @return string|bool      Decrypted string on success or FALSE on failure
  */
 public
 function decryptToString($associatedData, $nonceStr, $ciphertext) {
  $ciphertext = \base64_decode($ciphertext);
  if (strlen($ciphertext) <= self::AUTH_TAG_LENGTH_BYTE) {
   return false;
  }

  // ext-sodium (default installed on >= PHP 7.2)
  if (function_exists('\sodium_crypto_aead_aes256gcm_is_available') && \sodium_crypto_aead_aes256gcm_is_available()) {
   return \sodium_crypto_aead_aes256gcm_decrypt($ciphertext, $associatedData, $nonceStr, $this - > aesKey);
  }

  // ext-libsodium (need install libsodium-php 1.x via pecl)
  if (function_exists('\Sodium\crypto_aead_aes256gcm_is_available') && \Sodium\crypto_aead_aes256gcm_is_available()) {
   return \Sodium\crypto_aead_aes256gcm_decrypt($ciphertext, $associatedData, $nonceStr, $this - > aesKey);
  }

  // openssl (PHP >= 7.1 support AEAD)
  if (PHP_VERSION_ID >= 70100 && in_array('aes-256-gcm', \openssl_get_cipher_methods())) {
   $ctext = substr($ciphertext, 0, -self::AUTH_TAG_LENGTH_BYTE);
   $authTag = substr($ciphertext, -self::AUTH_TAG_LENGTH_BYTE);

   return \openssl_decrypt($ctext, 'aes-256-gcm', $this - > aesKey, \OPENSSL_RAW_DATA, $nonceStr,
    $authTag, $associatedData);
  }

  throw new \RuntimeException('AEAD_AES_256_GCM需要PHP 7.1以上或者安装libsodium-php');
 }
}

    public static void main(String[] args) throws GeneralSecurityException, IOException {
        String aesKey = "d1f20ym47uaorjqdoe9irqxhjiiwyqu4";
        String nonce = "4vuo6n8vimq6";
        String associatedData = "";//保留字段,默认为空
        String ciphertext = "VTYYLoJvQr5vzv27Qmr6xyNMj0bYwBnn4NOfYFCkV6mklfsMmCK2+0eBG2rKGKArboohgFK1xKQHyOdDgBmLddQeuH5X3VPp4sEMoECWGDgqyG5IrnZOYIeRUAxPlrPUMYdm2S3+K++9vMovILmzOzxwCh51hfYGL0deFNdvRfzcJHrJPVJqjbw/8MWmfBxesY0f71mgB2mcD1kLPk/Ete2xo7NtBspnFw==";

        AesUtil util = new AesUtil(aesKey.getBytes());
        String a = util.decryptToString(nonce.getBytes(),ciphertext ,associatedData.getBytes());
        System.out.println(a);
        //{"expireTime":"2024-09-21 23:59:59","licenseType":"BUSINESS_LICENSE","mchId":"88084849","mchName":"上海益充电子商务有限公司","status":"WAIT"}
    }