开发者社区> 问答> 正文

#支付宝 如何使用RSA签名验签?

如何使用RSA签名验签?

展开
收起
保持可爱mmm 2020-05-05 16:49:34 1314 0
1 条回答
写回答
取消 提交回答
  • 各语言普通公钥方式sdk内签名生成sign值及各语言回调数据验签示例代码.

    开放平台SDK封装了同步返回响应参数的验签方法,只需在创建DefaultAlipayClient对象进行初始化,设置请求网关(gateway),应用id(app_id),应用私钥(private_key),编码格式(charset),支付宝公钥(alipay_public_key),签名类型(sign_type)即可,同步返回响应参数报文时会自动进行验签。

    注:本文示例代码仅供测试参考 java语言: 签名方法:

    //请求的待签名字符串(已升序排序处理) String content = "app_id=201****222&biz_content={"out_trade_no":"20190401144352106451724","total_amount":"0.01","subject":"土豪机","timeout_express":"10m","qr_code_timeout_express":"2m","store_id":"HK001"}&charset=UTF-8&format=json&method=alipay.trade.precreate&notify_url=http://notify.dengw.online/do/6e5e3bd0-c2c5-4565-bcfd-bf57ea822672&sign_type=RSA2&timestamp=2019-04-01 14:43:53&version=1.0"; //私钥 String privateKey=""; //编码格式 String charset="utf-8"; //签名方式 String sign_type="RSA2";

                //签名方法
                String sign=AlipaySignature.rsaSign(content, privateKey, charset,sign_type);
                System.out.println("sign:"+ sign);
    

    验签方法: 异步同步通知数据验签:

    //回调的待验签字符串 String resultInfo = "buyer_id=20842&total_amount=0.01&body=试™_no=20190329941025940236&notify_time=2019-03-29 19:42:04&subject=**电脑网站支付&sign_type=RSA2&charset=UTF-8&auth_app_id=201222&notify_type=trade_status_sync&invoice_amount=0.01&out_trade_no=20190329ygyg45484544100003™_status=TRADE_SUCCESS&gmt_payment=2019-03-29 19:42:03&version=1.0&point_amount=0.00&sign=LDDUIGQmc+1qNtk3oyoAKVeMUKTngdX3ZjVeZOK0EjiPDJ/+Nk+0WSqcE6J7/5xb96Z/vP0yY3pVhZUiFVJ1G45/ys/HAleHh+EERZ1lkCkule1sSyaGFTKQGKx4uHpTyqIgRB1bouf19RPbSx1EkA0VkCarSy9G/OEG5Qmg8UdL2dRulMhlbOHS7tdMJJycDA8vOspOUMeQmk/H6IK9R2Kou5hN2T3KR1GWLYFK+z1jeZhQB3q52lZynO0OFjSzU4aQUBMW5QskQppBYd/ghtY/2YP+2H6YVGNgVmaheZMQ3PVTBALEV+8rZa91salH9DkKN2UCYGvNSNDT1VGCTQ==&gmt_create=2019-03-29 19:42:00&buyer_pay_amount=0.01&receipt_amount=0.01&fund_bill_list=[{"amount":"0.01","fundChannel":"PCREDIT"}]&seller_id=208***5&app_id=2014100*22&notify_id=201903290022219420408"; //编码格式 String charset="utf-8"; //支付宝公钥 String publicKey=""; //签名方式 String sign_type="RSA2"; //对待签名字符串数据通过&进行拆分 String [] temp = resultInfo.split("&"); LinkedHashMap<String, String> map = new LinkedHashMap<String, String>();
    //把拆分数据放在map集合内 for (int i = 0; i < temp.length; i++) {
    String[] arr = temp[i].split("=", 2); //通过"="号分割成2个数据
    String[] tempAagin = new String[arr.length]; //再开辟一个数组用来接收分割后的数据
    for (int j = 0; j < arr.length; j++) {
    tempAagin[j] = arr[j];
    }
    map.put(tempAagin[0], tempAagin[1]);
    }
    System.out.println(map); //验签方法 boolean signVerified = AlipaySignature.rsaCheckV1(map,publicKey,charset,sign_type); if(signVerified){ // TODO 验签成功后 System.out.println("success"); }else{ System.out.println("fail");
    }

    生活号响应返回的数据验签:

    //回调的待验签字符串 String resultInfo = "biz_content= &sign=PuVStqgcU6cQw1bNx09+Dd7/5UkWXTuOKYvRKQSUSYnjR/fU2xYbat1x2bhHb2qScTxH71toVHaQq/he6FJQskTAaSrnFg+Du/WMz62UpalHA62iVQFlsr2j9mmPtOZoTqzG1debdnxOiN8O2joz/iHXluzfIPay+92I4XKALG8kCyn6Smpu40BNzJxmFqkzc4VmBONNesRS9FnN5C/X34J8D4Eo98sbD7BrUTege5Z2FOujma26MyT4o3A2zPGpP3f8KZXxwF7Xl4frV5IuDm6OHUnnhOfzn3cW+eA4Q6Jm0CA19Ez/ejub2lMGpw7GOPGIFae74AKRvdQDnD9hQQ==&sign_type=RSA2&service=alipay.service.check&charset=GBK"; //编码格式,生活号默认接收的数据都是gbk格式的 String charset="GBK"; //支付宝公钥 String publicKey=""; //签名方式 String sign_type="RSA2"; //对待签名字符串数据通过&进行拆分 String [] temp = resultInfo.split("&"); LinkedHashMap<String, String> map = new LinkedHashMap<String, String>();
    //把拆分数据放在map集合内 for (int i = 0; i < temp.length; i++) {
    String[] arr = temp[i].split("=", 2); //通过"="号分割成2个数据
    String[] tempAagin = new String[arr.length]; //再开辟一个数组用来接收分割后的数据
    for (int j = 0; j < arr.length; j++) {
    tempAagin[j] = arr[j];
    }
    map.put(tempAagin[0], tempAagin[1]);
    }
    System.out.println(map); //验签方法 boolean signVerified = AlipaySignature.rsaCheckV2(map,publicKey,charset,sign_type); if(signVerified){ // TODO 验签成功后 System.out.println("success"); }else{ System.out.println("fail");
    }

    同步响应数据验签:

    //响应的待验签字符串 String resultInfo = "{"code":"10000","msg":"Success","app_id":"2014115","auth_app_id":"2014175","charset":"utf-8","timestamp":"2019-04-01 14:33:01","out_trade_no":"0401022927-9449","total_amount":"0.01","trade_no":"2019040122751034473539","seller_id":"20856*5"}"; //响应数据返回的sign值 String sign=""; //编码格式 String charset="utf-8"; //支付宝公钥 String publicKey=""; //签名方式 String sign_type="RSA2"; //验签方法 boolean signVerified= AlipaySignature.rsaCheck(resultInfo, sign, publicKey, charset, sign_type); if(signVerified){ // TODO 验签成功后 System.out.println("success"); }else{ System.out.println("fail");
    }

    php语言: 签名方法:

    $aop = new AopClient(); //私钥 $privatekey=""; //签名方式 $signType="RSA2"; //待签名字符串 $data="app_id=201410***2&biz_content={"out_trade_no":"20190401144352106451724","total_amount":"0.01","subject":"土豪机","timeout_express":"10m","qr_code_timeout_express":"2m","store_id":"HK001"}&charset=UTF-8&format=json&method=alipay.trade.precreate&notify_url=http://notify.dengw.online/do/***&sign_type=RSA2&timestamp=2019-04-01 14:43:53&version=1.0"; //sdk内封装的签名方法 $sign=$aop->alonersaSign($data,$privatekey,$signType,false); echo "sign:".$sign;

    验签方法: 异步同步通知数据验签方法:

    $aop = new AopClient ();

    //支付宝公钥赋值 $aop->alipayrsaPublicKey="";

    //待签名字符串 $_POST="buyer_id=2088042&total_amount=0.01&body=煜雨电脑网站测试™_no=2019032922001481941025940236&notify_time=2019-03-29 19:42:04&subject=煜雨测试电脑网站支付&sign_type=RSA2&charset=UTF-8&auth_app_id=20122&notify_type=trade_status_sync&invoice_amount=0.01&out_trade_no=20190329ygyg45484544100003™_status=TRADE_SUCCESS&gmt_payment=2019-03-29 19:42:03&version=1.0&point_amount=0.00&sign=LDDUIGQmc+1qNtk3oyoAKVeMUKTngdX3ZjVeZOK0EjiPDJ/+Nk+0WSqcE6J7/5xb96Z/vP0yY3pVhZUiFVJ1G45/ys/HAleHh+EERZ1lkCkule1sSyaGFTKQGKx4uHpTyqIgRB1bouf19RPbSx1EkA0VkCarSy9G/OEG5Qmg8UdL2dRulMhlbOHS7tdMJJycDA8vOspOUMeQmk/H6IK9R2Kou5hN2T3KR1GWLYFK+z1jeZhQB3q52lZynO0OFjSzU4aQUBMW5QskQppBYd/ghtY/2YP+2H6YVGNgVmaheZMQ3PVTBALEV+8rZa91salH9DkKN2UCYGvNSNDT1VGCTQ==&gmt_create=2019-03-29 19:42:00&buyer_pay_amount=0.01&receipt_amount=0.01&fund_bill_list=[{"amount":"0.01","fundChannel":"PCREDIT"}]&seller_id=2088500**&app_id=20141***2&notify_id=2019032900222194204081941005192208";

    //签名方式 $sign_type="RSA2";

    //把字符串通过&符号拆分成数组 $data = explode('&', $_POST);

    $params = array(); //遍历数组 foreach ($data as $param) { $item = explode('=', $param,"2"); $params[$item[0]] = $item[1]; } //输出拆分后的数据 //print_r($params);

    //验签代码 $flag = $aop->rsaCheckV1($params, null, $sign_type);

    //输出验签结果 //echo $flag;

    if ($flag) { echo "success"; } else { echo "fail"; }

    生活号响应返回的数据验签:

    $aop = new AopClient ();

    //支付宝公钥赋值 $aop->alipayrsaPublicKey="";

    //待签名字符串 $_POST="biz_content= &sign=PuVStqgcU6cQw1bNx09+Dd7/5UkWXTuOKYvRKQSUSYnjR/fU2xYbat1x2bhHb2qScTxH71toVHaQq/he6FJQskTAaSrnFg+Du/WMz62UpalHA62iVQFlsr2j9mmPtOZoTqzG1debdnxOiN8O2joz/iHXluzfIPay+92I4XKALG8kCyn6Smpu40BNzJxmFqkzc4VmBONNesRS9FnN5C/X34J8D4Eo98sbD7BrUTege5Z2FOujma26MyT4o3A2zPGpP3f8KZXxwF7Xl4frV5IuDm6OHUnnhOfzn3cW+eA4Q6Jm0CA19Ez/ejub2lMGpw7GOPGIFae74AKRvdQDnD9hQQ==&sign_type=RSA2&service=alipay.service.check&charset=GBK";

    //签名方式 $sign_type="RSA2";

    //把字符串通过&符号拆分成数组 $data = explode('&', $_POST); //输出数据 //echo json_encode($data,JSON_UNESCAPED_UNICODE); $params = array(); //遍历数组 foreach ($data as $param) { $item = explode('=', $param,'2'); $params[$item[0]] = $item[1]; } //输出拆分后的数组集合 //echo json_encode($params,JSON_UNESCAPED_UNICODE);

    //验签代码 $flag = $aop->rsaCheckV2($params, null, $sign_type);

    if ($flag) { echo "success"; } else { echo "fail"; }

    同步响应数据验签:

    $aop = new AopClient ();

    //支付宝公钥赋值 $aop->alipayrsaPublicKey="";

    //待签名字符串 $_POST="{"code":"10000","msg":"Success","app_id":"2075","auth_app_id":"20145","charset":"utf-8","timestamp":"2019-04-01 14:33:01","out_trade_no":"0401022927-9449","total_amount":"0.01","trade_no":"201904012200145675**39","seller_id":"20****5"}"; //sign值 $sign=""; //签名方式 $sign_type="RSA2";

    //验签代码 $flag = $aop->verify($_POST, $sign,null,$sign_type);

    if ($flag) { echo "success"; } else { echo "fail"; }

    .net语言: 签名方法:

    //请求的待签名字符串(已升序排序处理) string content = "app_id=201*****2&biz_content={"out_trade_no":"2019040145454106451724","total_amount":"0.01","subject":"****","timeout_express":"10m","qr_code_timeout_express":"2m","store_id":"HK001"}&charset=UTF-8&format=json&method=alipay.trade.precreate&notify_url=http://notify.dengw.online/do/6e5e3bd0-c2c5-4565-bcfd-bf57ea822672&sign_type=RSA2&timestamp=2019-04-01 14:43:53&version=1.0";

    //应用私钥:PKCS1格式 string privateKey = "";

    //签名方法 string sign = AlipaySignature.RSASign(content, privateKey, "UTF-8", "RSA2", false);

    Response.Write("sign:" + sign);

    验签方法: 异步同步通知数据验签:

    //异步通知参数 string str = "buyer_id=208****&total_amount=0.01&body=煜雨电脑网站测试™_no=2019032922001481941025940236&notify_time=2019-03-29 19:42:04&subject=煜雨测试电脑网站支付&sign_type=RSA2&charset=UTF-8&auth_app_id=20141009****&notify_type=trade_status_sync&invoice_amount=0.01&out_trade_no=20190329ygyg45484544100003™_status=TRADE_SUCCESS&gmt_payment=2019-03-29 19:42:03&version=1.0&point_amount=0.00&sign=LDDUIGQmc+1qNtk3oyoAKVeMUKTngdX3ZjVeZOK0EjiPDJ/+Nk+0WSqcE6J7/5xb96Z/vP0yY3pVhZUiFVJ1G45/ys/HAleHh+EERZ1lkCkule1sSyaGFTKQGKx4uHpTyqIgRB1bouf19RPbSx1EkA0VkCarSy9G/OEG5Qmg8UdL2dRulMhlbOHS7tdMJJycDA8vOspOUMeQmk/H6IK9R2Kou5hN2T3KR1GWLYFK+z1jeZhQB3q52lZynO0OFjSzU4aQUBMW5QskQppBYd/ghtY/2YP+2H6YVGNgVmaheZMQ3PVTBALEV+8rZa91salH9DkKN2UCYGvNSNDT1VGCTQ==&gmt_create=2019-03-29 19:42:00&buyer_pay_amount=0.01&receipt_amount=0.01&fund_bill_list=[{"amount":"0.01","fundChannel":"PCREDIT"}]&seller_id=208850*****&app_id=20141*****2&notify_id=2019032900222194204081941005192208";

    string charset ="utf-8";

    string sign_type = "RSA2";

    var  dics = new Dictionary<string, string>();
    

    var rearray = str.Split('&'); foreach (var a in rearray) { var array = a.IndexOf('='); dics.Add(a.Substring(0, array), a.Substring(array+1)); Response.Write(a + "
    "); }

    //支付宝公钥 string alipaypublicKey = "";

    //验签方法
    bool flag = AlipaySignature.RSACheckV1(dics, alipaypublicKey, charset, sign_type, false);

     Response.Write(flag);
    

    生活号响应返回的数据验签:

    //异步通知参数 string str = "biz_content= &sign=PuVStqgcU6cQw1bNx09+Dd7/5UkWXTuOKYvRKQSUSYnjR/fU2xYbat1x2bhHb2qScTxH71toVHaQq/he6FJQskTAaSrnFg+Du/WMz62UpalHA62iVQFlsr2j9mmPtOZoTqzG1debdnxOiN8O2joz/iHXluzfIPay+92I4XKALG8kCyn6Smpu40BNzJxmFqkzc4VmBONNesRS9FnN5C/X34J8D4Eo98sbD7BrUTege5Z2FOujma26MyT4o3A2zPGpP3f8KZXxwF7Xl4frV5IuDm6OHUnnhOfzn3cW+eA4Q6Jm0CA19Ez/ejub2lMGpw7GOPGIFae74AKRvdQDnD9hQQ==&sign_type=RSA2&service=alipay.service.check&charset=GBK";

    var dics = new Dictionary<string, string>(); var rearray = str.Split('&');

    foreach (var a in rearray) { var array = a.IndexOf('='); dics.Add(a.Substring(0, array), a.Substring(array+1)); Response.Write(a + "
    "); }

    //支付宝公钥 string alipaypublicKey = "";

    //验签方法
    bool flag = AlipaySignature.RSACheckV2(dics, alipaypublicKey, "UTF-8","RSA2", false);

    Response.Write(flag);

    同步响应数据验签:

     //响应的待验签字符串
    string signContent = "{\"code\":\"10000\",\"msg\":\"Success\",\"app_id\":\"20141***5\",\"auth_app_id\":\"201411*****\",\"charset\":\"utf-8\",\"timestamp\":\"2019-04-01 14:33:01\",\"out_trade_no\":\"0401022927-9449\",\"total_amount\":\"0.01\",\"trade_no\":\"2019040122001456**9\",\"seller_id\":\"20***16245***\"}";
    
    //响应数据返回的sign值
    string sign = "";
    
    //支付宝公钥
    string alipaypublicKey = "";
    
    //验签方法
    bool flag = AlipaySignature.RSACheckContent(signContent, sign, alipaypublicKey, "UTF-8", "RSA2", false);
        
    Response.Write(flag);
    

    python语言: 签名方法:

    #!/usr/bin/env python

    -- coding: utf-8 --

    import urllib from alipay.aop.api.util.SignatureUtils import *

    请求的待签名字符串(已升序排序处理)

    content = "app_id=20***2&biz_content={"out_trade_no":"20190401144352106451724","total_amount":"0.01","subject":"土豪机","timeout_express":"10m","qr_code_timeout_express":"2m","store_id":"HK001"}&charset=UTF-8&format=json&method=alipay.trade.precreate&notify_url=http://notify.dengw.online/do/6e5e3bd0-c2c5-4565-bcfd-bf57ea822672&sign_type=RSA2&timestamp=2019-04-01 14:43:53&version=1.0"

    私钥

    privateKey = ""

    编码格式

    charset = "utf-8"

    请求网关地址

    gateway = "https://openapi.alipay.com/gateway.do"

    RSA2签名方式

    sign = sign_with_rsa2(privateKey, content, charset)

    RSA签名方式

    sign = sign_with_rsa(privateKey, content, charset)

    输出sign值

    print sign

    验签方法: 异步同步通知数据验签:

    #!/usr/bin/env python

    -- coding: utf-8 --

    from alipay.aop.api.util.SignatureUtils import verify_with_rsa

    支付宝公钥

    alipay_public_key = ""

    待签名字符串需要做升序处理,且去除sign和sign_type

    message = "app_id=2012&auth_app_id=20142&body=煜雨电脑网站测试&buyer_id=2088022*****2&buyer_pay_amount=0.01&charset=UTF-8&fund_bill_list=[{"amount":"0.01","fundChannel":"PCREDIT"}]&gmt_create=2019-03-29 19:42:00&gmt_payment=2019-03-29 19:42:03&invoice_amount=0.01&notify_id=2019032900222194204081941005192208&notify_time=2019-03-29 19:42:04&notify_type=trade_status_sync&out_trade_no=20190329ygyg45484544100003&point_amount=0.00&receipt_amount=0.01&seller_id=20*******5&subject=煜雨测试电脑网站支付&total_amount=0.01™_no=2019032922001481941025940236™_status=TRADE_SUCCESS&version=1.0"

    返回的sign值

    sign = ""

    签名方法

    flag = verify_with_rsa(alipay_public_key, message, sign)

    输出验签结果

    print flag

    生活号响应返回的数据验签:

    #!/usr/bin/env python

    -- coding: utf-8 --

    from alipay.aop.api.util.SignatureUtils import verify_with_rsa

    支付宝公钥

    alipay_public_key = ""

    待签名字符串需要做升序处理,去除sign

    message = "biz_content= &charset=GBK&service=alipay.service.check&sign_type=RSA2"

    返回的sign值

    sign = ""

    签名方法

    flag = verify_with_rsa(alipay_public_key, message, sign)

    输出验签结果

    print flag

    同步响应数据验签:

    #!/usr/bin/env python

    -- coding: utf-8 --

    from alipay.aop.api.util.SignatureUtils import verify_with_rsa

    支付宝公钥

    alipay_public_key = ""

    待签名字符串大框号内的值

    message = "{"code":"10000","msg":"Success","app_id":"201***5","auth_app_id":"201***","charset":"utf-8","timestamp":"2019-04-01 14:33:01","out_trade_no":"0401022927-9449","total_amount":"0.01","trade_no":"2019040122001456751034473539","seller_id":"2088***5"}"

    返回的sign值

    sign = ""

    签名方法

    flag = verify_with_rsa(alipay_public_key, message, sign)

    输出验签结果

    print flag

    更多详见【签名验签文档说明】。

    2020-05-05 16:49:52
    赞同 展开评论 打赏
问答地址:
问答排行榜
最热
最新

相关电子书

更多
低代码开发师(初级)实战教程 立即下载
冬季实战营第三期:MySQL数据库进阶实战 立即下载
阿里巴巴DevOps 最佳实践手册 立即下载