Antom, leading provider of tailored payment solutionsAntom, leading provider of tailored payment solutions

Verify the signature

This section describes how to verify the signature.

MD5 sign type

After receiving the character string of the response or notification from Alipay system, generate a new string by appending the MD5 secret key to the character string. Then, calculate this new string with the MD5 signature algorithm. After the 32-byte signature result string is generated, verify whether the value is equal to the value passed in the sign parameter. If the values equate, the verification is passed.

RSA2/RSA sign type

After receiving a response or notification, perform the following steps to verify the signature:

  1. Generate the pre-sign string as described in Generate Pre-sign String.
  2. Use the RSA/RSA2 algorithm to calculate a message digest.
  3. Use the RSA/RSA2 public key to de-sign the signature (the value of the sign field) to a message digest.
  4. Compare the two message digests obtained in step 2 and step 3. If the digests are the same, it indicates that the signed data is verified.