diff --git a/functions.php b/functions.php
index f832fe6..879009c 100644
--- a/functions.php
+++ b/functions.php
@@ -1616,7 +1616,7 @@ function output_comments_qq_columns( $column_name, $comment_id ){
  */
 add_filter( 'get_avatar', 'change_avatar', 10, 3 );
 function change_avatar($avatar){
-    global $comment,$sakura_pubkey;
+    global $comment,$sakura_privkey;
     if ($comment) {
         if( get_comment_meta( $comment->comment_ID, 'new_field_qq', true )){
             $qq_number =  get_comment_meta( $comment->comment_ID, 'new_field_qq', true );
@@ -1627,9 +1627,9 @@ function change_avatar($avatar){
                 preg_match('/:\"([^\"]*)\"/i',$qqavatar,$matches);
                 return '<img src="'.$matches[1].'" data-src="'.stripslashes($m[1]).'" class="lazyload avatar avatar-24 photo" alt="😀" width="24" height="24" onerror="imgError(this,1)">';
             }else{
-                openssl_public_encrypt($qq_number, $encrypted, openssl_pkey_get_public($sakura_pubkey));
-                $qq_number = urlencode(base64_encode($encrypted));
-                return '<img src="'.rest_url("sakura/v1/qqinfo/avatar").'?qq='.$qq_number.'"class="lazyload avatar avatar-24 photo" alt="😀" width="24" height="24" onerror="imgError(this,1)">';
+                $encrypted = openssl_encrypt($qq_number, 'aes-128-cbc', $sakura_privkey, 0);
+                $encrypted = urlencode(base64_encode($encrypted));
+                return '<img src="'.rest_url("sakura/v1/qqinfo/avatar").'?qq='.$encrypted.'"class="lazyload avatar avatar-24 photo" alt="😀" width="24" height="24" onerror="imgError(this,1)">';
             }
         }else{
             return $avatar ;
@@ -1729,7 +1729,7 @@ add_action('pre_comment_on_post', 'allow_more_tag_in_comment');
  * 随机图
  */
 function create_sakura_table(){
-    global $wpdb;
+    global $wpdb,$sakura_image_array,$sakura_privkey;
     $sakura_table_name = $wpdb->base_prefix.'sakura';
     require_once(ABSPATH . "wp-admin/includes/upgrade.php"); 
     dbDelta("CREATE TABLE IF NOT EXISTS `" . $sakura_table_name . "` (
@@ -1755,22 +1755,13 @@ function create_sakura_table(){
     if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'privkey'") ){
         $privkey = array(
             "mate_key" => "privkey",
-            "mate_value" => file_get_contents(get_template_directory()."/manifest/private.key")
+            "mate_value" => wp_generate_password(8)
         );
         $wpdb->insert($sakura_table_name,$privkey);
     }
-    if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'pubkey'") ){
-        $pubkey = array(
-            "mate_key" => "pubkey",
-            "mate_value" => file_get_contents(get_template_directory()."/manifest/public.key")
-        );
-        $wpdb->insert($sakura_table_name,$pubkey);
-    }
     //reduce sql query
-    global $sakura_image_array,$sakura_privkey,$sakura_pubkey;
     $sakura_image_array = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='manifest_json'");
     $sakura_privkey = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='privkey'");
-    $sakura_pubkey = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='pubkey'");
 }
 add_action( 'after_setup_theme', 'create_sakura_table' );
 
diff --git a/inc/api.php b/inc/api.php
index ef77961..b651fc5 100644
--- a/inc/api.php
+++ b/inc/api.php
@@ -407,25 +407,6 @@ function update_database() {
                 $wpdb->insert($sakura_table_name,$time);
                 $message = "manifest.json has been stored into database.";
             }
-            if(isset($_FILES["rsa"])){
-                if($_FILES["rsa"]["name"]=="public.key"){
-                    $pubkey = array(
-                        "mate_key" => "pubkey",
-                        "mate_value" => file_get_contents($_FILES["rsa"]["tmp_name"])
-                    );
-                    $wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='pubkey'");
-                    $wpdb->insert($sakura_table_name,$pubkey);
-                }
-                if($_FILES["rsa"]["name"]=="private.key"){
-                    $privkey = array(
-                        "mate_key" => "privkey",
-                        "mate_value" => file_get_contents($_FILES["rsa"]["tmp_name"])
-                    );
-                    $wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='privkey'");
-                    $wpdb->insert($sakura_table_name,$privkey);
-                }
-                $message = "key pairs has been stored into database.";
-            }
             $output = array(
                 'status' => 200,
                 'success' => true,
@@ -453,20 +434,21 @@ function update_database() {
  */
 function get_qq_avatar(){
     global $sakura_privkey;
-    $qq_number=$_GET["qq"];
-    $encrypted = urldecode(base64_decode($qq_number));
-    openssl_private_decrypt($encrypted, $qq_number, openssl_pkey_get_private($sakura_privkey));
-    preg_match('/^\d{3,}$/', $qq_number, $matches);
-    $imgurl='https://q2.qlogo.cn/headimg_dl?dst_uin='.$matches[0].'&spec=100';
-    if(akina_option('qq_avatar_link')=='off'){
-        $imgdata = file_get_contents($imgurl);
-        header("Content-type: image/jpeg");
-        echo $imgdata;
-    }else{
-        $response = new WP_REST_Response();
-        $response->set_status(302);
-        $response->header('Location', $imgurl);
-        return $response;
-    }
-    
+    $encrypted=$_GET["qq"];
+    if(isset($encrypted)){
+        $encrypted = urldecode(base64_decode($encrypted));
+        $qq_number = openssl_decrypt($encrypted, 'aes-128-cbc', $sakura_privkey, 0);
+        preg_match('/^\d{3,}$/', $qq_number, $matches);
+        $imgurl='https://q2.qlogo.cn/headimg_dl?dst_uin='.$matches[0].'&spec=100';
+        if(akina_option('qq_avatar_link')=='type_1'){
+            $imgdata = file_get_contents($imgurl);
+            header("Content-type: image/jpeg");
+            echo $imgdata;
+        }else{
+            $response = new WP_REST_Response();
+            $response->set_status(302);
+            $response->header('Location', $imgurl);
+            return $response;
+        }
+    } 
 }
diff --git a/manifest/README.md b/manifest/README.md
index 2209345..10c0fab 100644
--- a/manifest/README.md
+++ b/manifest/README.md
@@ -24,7 +24,7 @@ pip3 install Pillow
 pip install Pillow --user
 ```
 
-用同样的方法安装`requests`、`pycryptodome`
+用同样的方法安装`requests`
 
 ### 运行
 把图片文件放到 `gallary` 目录，Windows 可直接双击 manifest.py，或者和其他操作系统一样，在 Terminal、Powershell、CMD 中运行：
diff --git a/manifest/manifest.py b/manifest/manifest.py
index 941b3fd..9828390 100644
--- a/manifest/manifest.py
+++ b/manifest/manifest.py
@@ -10,7 +10,6 @@ import json
 import requests
 import base64
 import hashlib
-from Crypto.PublicKey import RSA
 from PIL import Image
 
 class Single(object):
@@ -52,7 +51,7 @@ class Single(object):
     return self.mani
 
 
-class Upload2Wordpress:
+class Upload2Wordpress(object):
   def __init__(self, username, password, url):
     self.username = username
     self.password = password
@@ -69,20 +68,10 @@ class Upload2Wordpress:
     reply = requests.post(self.url, headers=headers, files=files)
     print(json.loads(reply.content)['message'])
 
-  def upload_manifest(self):
+  def main(self):
     print('start uploading `manifest.json`...')
     self.upload('manifest.json', 'manifest')
 
-  def upload_key(self):
-    print('start uploading `private.key`...')
-    self.upload('private.key', 'rsa')
-    print('start uploading `public.key`...')
-    self.upload('public.key', 'rsa')
-
-  def main(self):
-    self.upload_manifest()
-    self.upload_key()
-
 
 def gen_manifest_json():
   onlyfiles = [f for f in os.listdir('gallary') if os.path.isfile(os.path.join('gallary', f))]
@@ -97,21 +86,8 @@ def gen_manifest_json():
     json.dump(Manifest, json_file)
 
 
-def gen_key_pairs():
-  key = RSA.generate(1024)
-  pv_key_string = key.exportKey()
-  with open("private.key", "w+") as prv_file:
-    print("{}".format(pv_key_string.decode()), file=prv_file)
-  pb_key_string = key.publickey().exportKey()
-  with open("public.key", "w+") as pub_file:
-    print("{}".format(pb_key_string.decode()), file=pub_file)
-
-
 def main():
   gen_manifest_json()
-  if not os.path.exists("public.key") or not os.path.exists("private.key"):
-    print("start generating key pairs...")
-    gen_key_pairs()
   username = input('Enter your username: ')
   password = input('Enter your password: ')
   url = input('Enter your rest api url: ')
diff --git a/manifest/private.key b/manifest/private.key
deleted file mode 100644
index 32d26d4..0000000
--- a/manifest/private.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDC2aXWaqi3rnlmHm97aEPtgvfW6brUztfev88GxdizNLCItEfy
-qrNEovewoXXNOVlEfzgWpGyMbcdno5S0Q4H+nc9WPIzKIrx3AeSyzGAuammcZ/m9
-5fPlS9oVCcH9kakgpkvut6VCx2DMNz+UeHJ7E0qyIIbZH2o3t0ZXuJ+fEQIDAQAB
-AoGAI3ucEhhZQh3ROLH5Ljl2CUYM2QO2RLOoJwW57ytPQ48oSLS/12aTf7/HqFA2
-0hkL8wfR0Hm/1LDXG73zwgH7JW9ByYGNFbnjEIAcY6DZc0zFuV++yUqNiYVggkVa
-ae0e0Z0aoLC1S5494Oa5XEYb9kCCezb6n5GMyqlmlcPr5ksCQQDC9BYYuTilSOVC
-AnwOXaIE88Yr006WXQFYBeEeNB17eDSpNKsc/1z+K+NOZacCRP5rTViIsiNWcodM
-3EWhPljfAkEA/91IXqF8gxutvRN1eAa6YZlFEeZtDSPDtB7bmds4NEqgCMwxKQaG
-VLAmbVsJpevXRiu10ewOz688XWN+GBLWDwJBAJal7YlPX/GBYf9fUiP7wN6YzdNB
-52GUHxy49lvTo9Csc+0pEO1Ie8DBg1YqgSLk08FxNG/1UA9WUy1WrcvLFPsCQQCW
-agDEWMy4yom9cHYLJHFnNNJM7phHNDI1bjqM3TnSS9h+s4Nm6cYIfTFp8i3e06FP
-SBzwFoSyhQLIp9eV0WTzAkEAo8ByUQGurZnv7PeLoEt2P2pBPYYEU6iA1qUNq7oY
-cnVtlsQiDWiecc+aqhX3LQ3VVNdDvg0BSywB0nixDeD0CQ==
------END RSA PRIVATE KEY-----
diff --git a/manifest/public.key b/manifest/public.key
deleted file mode 100644
index f94d13f..0000000
--- a/manifest/public.key
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2aXWaqi3rnlmHm97aEPtgvfW
-6brUztfev88GxdizNLCItEfyqrNEovewoXXNOVlEfzgWpGyMbcdno5S0Q4H+nc9W
-PIzKIrx3AeSyzGAuammcZ/m95fPlS9oVCcH9kakgpkvut6VCx2DMNz+UeHJ7E0qy
-IIbZH2o3t0ZXuJ+fEQIDAQAB
------END PUBLIC KEY-----