Signature and Verification
Generate request signature
Before generate signature, please make sure the following materials are ready:
- Get your
Merchant Safecode
- Generate a
RSA key pair
. Your can generate it via our service or by yourself - Upload your
RSA public key
to our service
Please follow this guideline to generate your request signature:
- Sort request parameters by key in
ASCII
order - Concat each parameters' key value by
=
and join all parameters by&
, then append&
and your safecode at suffix of sign string - Encrypt sign string in
SHA256
by yourRSA private key
- Encode encrypted string in
base64
to get your final signature
// Concatenated string before sign
amount=1&channel=alipay¤cy=CNY&merchantid=123456&mid=1¬ifyurl=www.abc.com/callback&returnurl=www.abc.com/returnurl&service=Payment&PUT_YOUR_SAFECODE_HERE
- PHP
- Java
- Python
function generateSignature($params, $safecode)
{
unset($params['remark'], $params['sign']);
ksort($params);
$concatStr = "";
foreach ($params as $key => $value) {
$concatStr .= "{$key}={$value}&";
}
$concatStr .= $safecode;
$priKey = openssl_get_privatekey(file_get_contents('your_private_key.pem'));
openssl_sign($concatStr, $signature, $priKey, 'SHA256');
openssl_free_key($priKey);
return base64_encode($signature);
}
import java.io.*;
import java.security.*;
import java.security.spec.PKCS8EncodedKeySpec;
public String generateSignature(Map params, String safecode, List<String> ignoreFields) {
SortedSet<String> sortedParams = new TreeSet<>(params.keySet());
String concatStr = "";
for (String key: sortedParams) {
if (ignoreFields.contains(key)) continue;
concatStr += String.format("%s=%s&", key, params.get(key));
}
concatStr += safecode;
try {
String strKey = Files
.readString(Path.of('your_priavte_key.pem'))
.replaceAll("(-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\n)", "");
byte [] binKey = Base64.getDecoder().decode(strKey);
PKCS8EncodedKeySpec pkcs8Key = new PKCS8EncodedKeySpec(binKey);
PrivateKey priKey = KeyFactory.getInstance("RSA").generatePrivate(pkcs8Key);
Signature rsa = Signature.getInstance("SHA256withRSA");
rsa.initSign(priKey);
rsa.update(concatStr.getBytes("UTF-8"));
return Base64.getEncoder().encodeToString(rsa.sign());
} catch (Exception e) {
return null;
}
}
from OpenSSL import crypto
def generateSignature(params, safecode):
concatStr = ''
for key in sorted(params):
if (key != "sign" and key != 'remark'):
value = params[key]
concatStr += f"{key}={value}&"
concatStr = concatStr + safecode
with open("your_private_key.pem", "r") as file:
priKey = crypto.load_privatekey(crypto.FILETYPE_PEM, file.read())
sign = crypto.sign(priKey, concatStr.encode('utf-8'), 'RSA-SHA256')
return base64.b64encode(sign)
Verify PTS response signature
Before verify signature, please make sure the following materials are ready:
- Get your
Merchant Safecode
- Get
RSA public key
of PTS platform
Please follow this guideline to verification signature sent from PTS:
- Sort response parameters except signature by key in ASCII order. All parameters except signature should participate in the verification string
- Concat key/value of parameters by
=
symbol, then join all parameters by&
symbol - Append
&
and your merchant safecode at suffix of the verification string - Decode response signature by base64 decoder to binary signature
- Verify the binary signature via SHA256 with verification string and PTS platform public key
- PHP
- Java
- Python
function verifySignature($response, $safecode)
{
$params = $response['data'];
$signature = base64_decode($params['sign']);
unset($params['remark'], $params['sign']);
ksort($params);
$verifyStr = '';
foreach ($params as $key => $value) {
$verifyStr .= "{$key}={$value}&";
}
$verifyStr .= $safecode;
$pubKey = openssl_get_publickey(file_get_contents('pts_public_key.pem'));
$verified = openssl_verify($verifyStr, $signature, $pubKey, OPENSSL_ALGO_SHA256);
openssl_free_key($pubKey);
return $verified !== 0;
}
public boolean verifySignature(String sign, String verifyStr, PublicKey pubKey) {
try {
Signature rsa = Signature.getInstance("SHA256withRSA");
rsa.initVerify(pubKey);
rsa.update(verifyStr.getBytes("UTF-8"));
byte [] decodedSign = Base64.getDecoder().decode(sign.replace("\n", ""));
return rsa.verify(decodedSign);
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
import base64
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
from Crypto.Signature import pkcs1_15
def verifySignature(sign, verifyStr, pubKey):
pubKey = RSA.import_key(pubKey)
hash = SHA256.new(verifyStr.encode('utf-8'))
binarySign = base64.b64decode(sign)
try:
pkcs1_15.new(pubKey).verify(hash, binarySign)
return True
except (ValueError, TypeError):
return False