Signature and Verification

Generate request signature

Before generate signature, please make sure the following materials are ready:

Get your Merchant Safecode
Generate a RSA key pair. Your can generate it via our service or by yourself
Upload your RSA public key to our service

Please follow this guideline to generate your request signature:

Sort request parameters by key in ASCII order
Concat each parameters' key value by = and join all parameters by &, then append & and your safecode at suffix of sign string
Encrypt sign string in SHA256 by your RSA private key
Encode encrypted string in base64 to get your final signature

// Concatenated string before sign
amount=1&channel=alipay&currency=CNY&merchantid=123456&mid=1&notifyurl=www.abc.com/callback&returnurl=www.abc.com/returnurl&service=Payment&PUT_YOUR_SAFECODE_HERE

PHP
Java
Python

function generateSignature($params, $safecode)
{
  unset($params['remark'], $params['sign']);
  ksort($params);

  $concatStr = "";
  foreach ($params as $key => $value) {
    $concatStr .= "{$key}={$value}&";
  }
  $concatStr .= $safecode;

  $priKey = openssl_get_privatekey(file_get_contents('your_private_key.pem'));
  openssl_sign($concatStr, $signature, $priKey, 'SHA256');
  openssl_free_key($priKey);

  return base64_encode($signature);
}

import java.io.*;
import java.security.*;
import java.security.spec.PKCS8EncodedKeySpec;

public String generateSignature(Map params, String safecode, List<String> ignoreFields) {

  SortedSet<String> sortedParams = new TreeSet<>(params.keySet());
  String concatStr = "";
  for (String key: sortedParams) {
    if (ignoreFields.contains(key)) continue;
    concatStr += String.format("%s=%s&", key, params.get(key));
  }
  concatStr += safecode;

  try {
    String strKey = Files
      .readString(Path.of('your_priavte_key.pem'))
      .replaceAll("(-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\n)", "");
    byte [] binKey = Base64.getDecoder().decode(strKey);
    PKCS8EncodedKeySpec pkcs8Key = new PKCS8EncodedKeySpec(binKey);
    PrivateKey priKey = KeyFactory.getInstance("RSA").generatePrivate(pkcs8Key);

    Signature rsa = Signature.getInstance("SHA256withRSA");
    rsa.initSign(priKey);
    rsa.update(concatStr.getBytes("UTF-8"));
    return Base64.getEncoder().encodeToString(rsa.sign());
  } catch (Exception e) {
    return null;
  }
}

from OpenSSL import crypto

def generateSignature(params, safecode):

  concatStr = ''
  for key in sorted(params):
    if (key != "sign" and key != 'remark'):
      value = params[key]
      concatStr += f"{key}={value}&"
  concatStr = concatStr + safecode

  with open("your_private_key.pem", "r") as file:
    priKey = crypto.load_privatekey(crypto.FILETYPE_PEM, file.read())

  sign = crypto.sign(priKey, concatStr.encode('utf-8'), 'RSA-SHA256')
  return base64.b64encode(sign)

Verify PTS response signature

Before verify signature, please make sure the following materials are ready:

Get your Merchant Safecode
Get RSA public key of PTS platform

Please follow this guideline to verification signature sent from PTS:

Sort response parameters except signature by key in ASCII order. All parameters except signature should participate in the verification string
Concat key/value of parameters by = symbol, then join all parameters by & symbol
Append & and your merchant safecode at suffix of the verification string
Decode response signature by base64 decoder to binary signature
Verify the binary signature via SHA256 with verification string and PTS platform public key

PHP
Java
Python

function verifySignature($response, $safecode)
{
  $params = $response['data'];
  $signature = base64_decode($params['sign']);

  unset($params['remark'], $params['sign']);
  ksort($params);

  $verifyStr = '';
  foreach ($params as $key => $value) {
    $verifyStr .= "{$key}={$value}&";
  }
  $verifyStr .= $safecode;

  $pubKey = openssl_get_publickey(file_get_contents('pts_public_key.pem'));
  $verified = openssl_verify($verifyStr, $signature, $pubKey, OPENSSL_ALGO_SHA256);
  openssl_free_key($pubKey);

  return $verified !== 0;
}

public boolean verifySignature(String sign, String verifyStr, PublicKey pubKey) {
  try {
    Signature rsa = Signature.getInstance("SHA256withRSA");
    rsa.initVerify(pubKey);
    rsa.update(verifyStr.getBytes("UTF-8"));

    byte [] decodedSign = Base64.getDecoder().decode(sign.replace("\n", ""));
    return rsa.verify(decodedSign);
  } catch (Exception e) {
    e.printStackTrace();
    return false;
  }
}

import base64
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
from Crypto.Signature import pkcs1_15

def verifySignature(sign, verifyStr, pubKey):
  pubKey = RSA.import_key(pubKey)
  hash = SHA256.new(verifyStr.encode('utf-8'))
  binarySign = base64.b64decode(sign)

  try:
    pkcs1_15.new(pubKey).verify(hash, binarySign)
    return True
  except (ValueError, TypeError):
    return False

Signature and Verification

Generate request signature​

Verify PTS response signature​

Generate request signature

Verify PTS response signature