How do i encrypt a password for Tuya Smart Lock Open API

Question

Keep in mind that I'm very new and lost when it comes to coding.

I'm trying to generate a temporary for a smart lock that uses the Tuya App using Postman. I am currently stuck on the password as it requires it to be encrypted. password requirements from tuya It says that i need to decrypt the "ticket_key" (which i manage get through the "Get a temporary key for password encryption" request) using the "accessKey". Can anyone help me locate this accessKey and explain how i am supposed to encrypt and decrypt (do i need to create a program for it or is there one already available).

Thanks in advance!

I tried using ChatGPT to write me a program that encrypts and decrypts but didnt manage to get anything usable out of it.

Answer 1

I encountered a similar challenge and managed to achieve the desired outcome through a JavaScript program. Below are the steps I followed, which can also be accomplished using only Postman and online tools:

1. Obtain Access Token:

   • Endpoint: /v1.0/token?grant_type=1 (GET method)
   • Description: Acquire an access token from Tuya's API, essential for authentication and authorization to make further requests.

2. Request Access Key:

   • Endpoint: /v1.0/devices/[device_id]/door-lock/password-ticket (POST method)
   • Description: Use the acquired access token to request an access key (or password ticket) from Tuya's API, necessary for generating a new door lock password.

3. Decrypt Access Key:

   • Description: Decrypt the obtained ticket key using https://www.lddgo.net/en/encrypt/aes. Use the following settings: Mode=ECB, Padding=pkcs7padding, Input Format=Hex, Output Format=String, Password=Your Tuya project client secret (details at https://support.tuya.com/en/help/_detail/Kasgyvlkrcufp), Charset=UTF-8.

4. Encrypt Pin Code:

   • Description: Encrypt the chosen 7-digit pin code using the same online tool as above. Modify the password to the decrypted value from the previous step, Input Format=String, Output Format=Hex.

5. Create a Password:

   • Endpoint: /v1.0/devices/[device_id]/door-lock/temp-password (POST method)
   • Description: Submit the encrypted pin code with additional required details (effective and expiration time of the password) to Tuya's API. This is for creating a temporary password for the door lock. In the request body, include the encrypted pin code as "password", the ticket_id from step 2, and timestamps for the effective and invalid times, as shown in this example.

   { "password": "9c63efba8fb57e89319dff9117d3765a", "password_type": "ticket", "ticket_id": "cNOYOdpM", "effective_time": 1701187200000, "invalid_time": 1701360000000, "name": "test666", "time_zone": "" }

Note: For Postman users, it's recommended to use the Postman collection from https://developer.tuya.com/en/docs/iot/set-up-postman-environment?id=Ka7o385w1svns. This collection includes pre-written JavaScript code that calculates the sign value for each request.

Answer 2

If someone is looking for how the implementation should look like for Node:

private static encrypt_AES_128(data: string, secretKey: string) {
    const key = CryptoJs.enc.Utf8.parse(secretKey);
    const encrypted = CryptoJs.AES.encrypt(data, key, {
        mode: CryptoJs.mode.ECB,
        padding: CryptoJs.pad.Pkcs7,
    });
    return encrypted.ciphertext.toString(CryptoJs.enc.Hex);
}
private static decrypt_AES_128(data: string, secretKey: string) {
    const key = CryptoJs.enc.Utf8.parse(secretKey);
    const encryptedHexStr = CryptoJs.enc.Hex.parse(data);
    const encryptedBase64Str = CryptoJs.enc.Base64.stringify(encryptedHexStr);
    const decryptedData = CryptoJs.AES.decrypt(encryptedBase64Str, key, {
        mode: CryptoJs.mode.ECB,
        padding: CryptoJs.pad.Pkcs7,
    });
    return decryptedData.toString(CryptoJs.enc.Utf8);
}