1、 The importance of interface encryption

The difference between encryption and non encryption ：

When the client interacts with the server , For example, login operation , Open the debug window , After entering the user name and password, click login , You can see the login interface we call , In the return data of the interface , You can see that the login user name and password are displayed in clear text , It indicates that the interface does not perform encryption .
If a login interface is encrypted , Then we use it directly in the interface tool user name 、 Login with password cannot succeed , Even if your username and password are correct , He will still prompt that your user name and password are incorrect .

Importance ：

The client and server transmit data through the network , We need to be online when logging into a website （ Like a router ）, Any request sent by the client will pass through the router , That is, the router will record all network transmission data , Then it is sent to the server by the router , The router is like a middleware , So data is easy to be stolen by middleware , This is why interface encryption is needed .

HTTPS The encrypted

Before the official transmission of data , The client side and the server side should make a 【 encryption 】 The process of .
HTTPS Although it ensures some security of data in the transmission process , But it may still be caught , because https Between encryption and network proxy and server , client ----》 Network proxy -----(HTTPS encryption )-----》 The server , The network agent can still see the data sent by the client .
Suitable for the project of interface encryption ： Bank 、 payment 、 Finance and other projects involving money

client / Server side encryption

Symmetric encryption ： Encryption and decryption use the same key

cryptography ： Caesar code （ Exchange passwords 、 Replace password ）
eg： Plaintext （abc） -----（ encryption algorithm + secret key ）------ Ciphertext （def）
encryption algorithm ： Namely Alphabet offset 【 Encryption logic 】
secret key ： Offset - Right
Testers ---- Call symmetric encryption interface 【 Need to know 1、 encryption algorithm ,2、 secret key 】

Asymmetric encryption ： Different keys for encryption and decryption

Use public key encryption , Decrypt with private key
Asymmetric encryption 【 Little games 】
【 client 】---- Enter a 3 The number of digits 【 Plaintext 】
encryption ： Algorithm （ Mathematical operations of addition, subtraction, multiplication and division ）
secret key （ multiply 91）
To transmit data ：—426
【 Server side 】 — Analysis results 【686】
Decrypt ： Algorithm algorithm （ Mathematical operations of addition, subtraction, multiplication and division ）
secret key （ multiply 11）, after 3 Bit is the decrypted data

Encryption interface Test complexity

Symmetric encryption requires understanding 【 Algorithm 、 secret key 】
Asymmetric encryption requires understanding 【 Algorithm 、 Public key 、 Private key 】
Test the operation of interface encryption at work ：
1、 Develop and generate encrypted data , export .
shortcoming ： Data generated in advance , The test scenario covers less
2、 Encrypt and decrypt through code — Testers can write , Developers can also ）

• Development provides code snippets 【 Encryption and decryption code 】 — jmeter To carry out
• Development provides execution tools ---- Execute directly by command , Generate encrypted data