Verifying the signature
Read the following sections for details on how to verify the signature.
MD5 sign type
After receiving the character string of the response or notification from Alipay system, similar to the steps taken in Signing the data, append the MD5 secret key to the character string to generate a new string. Then, calculate this new string with the MD5 signature algorithm. After the 32-byte signature result string is generated, verify whether the value is equal to the value passed in the sign parameter. If Yes, the verification is passed.
RSA2/RSA sign type
After receiving a response or notification, perform the following steps to verify the signature:
- Generate the pre-sign string as described in Generating Pre-sign String.
- Use the RSA/RSA2 algorithm to calculate a message digest.
- Use the RSA/RSA2 public key to de-sign the signature (the value of the sign field) to a message digest.
- Compare the two message digests obtained in step 2 and step 3. If the digests are the same, then it indicates that the signed data has not been changed.