To prevent client requests from being tampered or forged, a signature mechanism is used for RPC requests. The RPC module automatically implements the signing functions.
The basic signing and signature verification process is as follows:
- Convert the
requestBody
content to a character string. - Use the Security Guard module to sign the character string with the encryption key stored in the encryption image (Security Guard image).
- Send the encrypted signature in the request to the gateway.
- The gateway signs with the same method. The system then checks whether the two signatures are consistent.