This document describes how to use the DES and AES encryption algorithms. They can be used to encrypt the request parameters and decrypt the response data so as to prevent requests in plaintext from being maliciously altered during transfer.
You have added the domain to be queried in the HTTPDNS console as instructed in Adding a Domain.
Flowchart
Step 1. Determine the encryption method. Currently, HTTP requests to HTTPDNS can be encrypted with DES or AES.
Note:
Encrypt the domain to be resolved with the corresponding key and algorithm (if you want to use the ip parameter, you also need to encrypt it) and use the encrypted result and ID (which does not need to be encrypted) as the request parameters.
Step 2. Send an encrypted request.
Step 3. Receive an encrypted response.
Step 4. Decrypt the result.
Encryption and Decryption Algorithm Use Instructions
DES algorithm
Note:
For encryption and decryption with DES, the key is 8 characters in length, the block cipher mode is ECB, and the padding algorithm is PKCS5Padding.
The encrypted data is encoded by using Hex(Base16) to convert the binary data into a visible hexadecimal ID, and the length of the encoded data will double. The detailed process is as shown below:
Decryption of the response data involves decoding the data to binary data with Hex(Base16) first and then decrypting the binary data with the DES algorithm into plaintext data. The detailed process is as shown below:
For example, if your domain is www.dnspod.cn and the encryption key is dnspodpass, the process will be as follows:
2. Encrypt the domain with the encryption algorithm DES-ECB-PKCS5 and DES encryption keydnspodpass, and you will get the encrypted string 87ae992c1321f299da3c0210a9900ae7.
3. Call the curl "http://43.132.55.55/d?dn=87ae992c1321f299da3c0210a9900ae7&id={authorization ID}" API to request the A record. You will get an encrypted string with a doubled length, such as 55915a682ea20840ff74aa6e7bebf11454ed0f4050a63e93e6e89521553a01a8.
4. Decrypt the encrypted string with the encryption algorithm DES-ECB-PKCS5 and DES encryption keydnspodpass, and you will get the plaintext data 121.12.53.35;106.227.19.35.
Note:
The above strings are used as an example only and cannot be used for normal requests.
AES algorithm
Note:
For encryption and decryption with AES, the key is 16 characters in length, the block cipher mode is CBC, and the padding algorithm is PKCS7.
The CBC mode requires a random IV as the initial input for encryption and decryption, so the IV will also be carried in the request and response. The encrypted data along with the IV is encoded by using Hex and converted into a visible hexadecimal ID. The detailed process is as shown below:
During decryption, the data is decoded to binary data by using Hex, where the first 16 bytes is the IV value, and the bytes after IV is the data to be decrypted with the AES algorithm. The plaintext data will be obtained after decryption. The detailed process is as shown below:
