Alipay, China's leading third-party online payment solutionAlipay, China's leading third-party online payment solution

Verify the signature

A sample response is shown as below:

image

After receiving a response, perform the following steps to verify the signature:

  1. Split the full response contents to 2 parts, the response JSON string and the signature string, by using the regular expression instead of JSON object.
  2. Hash the response JSON string by using the SHA1 algorithm to obtain a message digest.
  3. Use the public key to decrypt the signature to a message digest.
  4. Compare the two message digests obtained in step 2 and step 3. If the digests are the same, then it indicates that the signed data has not been changed.