3.1.双向认证

商户、合作方与易生支付交易报文双向认证。

商户、合作方保存自己的私钥证书和易生支付公钥证书。

易生支付保存自己的私钥证书和商户、合作方的公钥证书。

商户、合作方向易生支付发起交易请求时，商户、合作方使用自己的私钥签名。

易生支付接收商户、合作交易请求时，易生支付使用商户、合作方公钥进行验签。

易生支付返回商户、合作方应答时，易生支付使用自己的私钥签名。

商户、合作方接收易生支付交易应答时，商户、合作方使用易生支付的公钥验签

3.2 增加签名方式

~~报文中增加signType字段包含SM2,SM3,RSA2(默认)--不传，根据requestid判断类别~~

3.2.多证书

支持多证书，多证书时交易报文上送证书号。

3.3.签名数据

易生用来验证发送上来的商户数据是否合法。

值为空字符不参与签名

对报文中的请求头reqHeader和请求体reqBody，按照名称的ASCII码从小到大先分别进行排序（注：如有空格不能TRIM），如果名称的首字母相同，则比较第二个字母，以此类推。将排序后的reqBody计算Md5(hex转大写)，再将排序后的请求头reqHeader和请求体reqBody计算得到的Md5值进行拼接，拼接后的字符串使用RSA2私钥签名（公私钥由商户自己生成，密钥位数为2048（SHA256WITHRSA）位【其他算法使用其他算法的密钥和加密方式】，私钥商户自己保存，公钥提供给易生验签，私钥见7.5），得到签名串reqSign。

reqBody排序后

{
    "attach": "江明圆离书想各传运老。",
    "cashRegisterNum": "002",
    "mchtCd": "555555555555555",
    "orderInfo": "听严风参适军。",
    "orderNo": "order000099",
    "origTransSequence": "2023112500000069",
    "printInfo": "油极从所科支着。",
    "recOprId": "9089877",
    "reqPayType": "01",
    "storeId": "S0010001",
    "transAmt": "558126"
}

MD5计算排序后的reqBody 并转成大写
9D28C7677ECCD5092269D90350EEEEF5

排序后reqHeader:

{
    "certificateId": "4032069546",
    "reqId": "631000000000247",
    "transCode": "0001",
    "transTime": "20240117105407"
}

待签名内容为[signString]

{"certificateId":"4032069546","reqId":"631000000000247","transCode":"0001","transTime":"20240117105407"}9D28C7677ECCD5092269D90350EEEEF5

reqHeader对象排序后的jsonString + MD5(reqBody排序后的signString).toUpperCase()

RSA私钥加密JsonString得到签名值reqSign：

m1eHFR2TiY/wnCpo//ni8X2NCoof7+E2W862/4NVWziDRQpouLxSXLI6StwboSbn9vuDYz+efFiSwUiOE0oCP4Q0CjuX4NWMnpLpdV44iofnpqszNDPrbyiHFks6LKlNh65PctELXzzbVCPjc6DsXabJaLVSyyK1T0AVyikEi/8RCjQulc+/Djshaf3aVccLELcC9/VUYajA3SYQ9y2RxBcvj/B/XY9vMVakjbO6HJyJq5h8Ntggd/nS/rnEtZuGPY2LoqNfRDgia2JOIjmpnUDlV04O51lBlBfvp34LDFK0dY6jtnH2O7C8fwu3a8TpMdfquCmwF0n2YrN2BpvD/A==

得到请求报文

{
    "reqHeader":
    {
        "transTime": "20231201221941",
        "certificateId": "4032069546",
        "transCode": "0001",
        "reqId": "631000000000246"
    },
    "reqBody":
    {
        "orderNo": "order000079",
        "storeId": "S0010001",
        "mchtCd": "831450072980001",
        "reqPayType": "01",
        "printInfo": "育生经热形十任示",
        "orderInfo": "再今六受气联接百",
        "transAmt": "946135",
        "attach": "得温加性北",
        "recOprId": "9089877"
    },
    "signType": "RSA2",
    "reqSign": "m1eHFR2TiY/wnCpo//ni8X2NCoof7+E2W862/4NVWziDRQpouLxSXLI6StwboSbn9vuDYz+efFiSwUiOE0oCP4Q0CjuX4NWMnpLpdV44iofnpqszNDPrbyiHFks6LKlNh65PctELXzzbVCPjc6DsXabJaLVSyyK1T0AVyikEi/8RCjQulc+/Djshaf3aVccLELcC9/VUYajA3SYQ9y2RxBcvj/B/XY9vMVakjbO6HJyJq5h8Ntggd/nS/rnEtZuGPY2LoqNfRDgia2JOIjmpnUDlV04O51lBlBfvp34LDFK0dY6jtnH2O7C8fwu3a8TpMdfquCmwF0n2YrN2BpvD/A=="
}

测试环境商户私钥【reqid 631000000000247】

MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCnObdngGTLht5wlk3rGrSrizmtKubE6DowxL1usHwRsJ5+LEVEOouxOkgcjOwI0JKZRHRd5dxjn3hPXhQyfQVvPJQGvQ49tv+5/Ly0n0hITsash2QqBkVcNYzhY/DVT/3Z+y6FsMiGl6jMEg6hx3uve3mPPlxxeQQkB6TpxYq5zH/+Scu9oqzyzhufs45b2KgVJ/3PLhKcA/UEIK40CDa+XqbBW6In7EmR/iX9VBhVjrFjJVPQpmCIYz7J6UAZUrzGtie9YMIgtK/3L+L+QWZsd3yoPz097p7vBwjVJlCaiPe9vzU6gx1sCRCFiMf2KO7fwgMlkkp7nkLg9aZC0tt/AgMBAAECggEAV2fcjDXY+WSqObDmUz+nNY7U+8VTz5IOcFU1KnkGsHxfq1Vacxoiz+TFsl6aNNVH+uKD7FxsAIpm6R0kc2tTftvsB0Wj/u/65GzM+Z/TuS+rupwd57VVZaf71gdV5zkjV19p5qkLdwYoTVoW2cqZxJRGam/PA+ScHHT+Zs5A/3GgfWfHc1y/bBWC6TnFJus5NwH9OpKyUm3d9nFFT0DoIZPIsgmvnQnTDSs/kxUh9T98pDV8pu2w+kVbuk23FoCh/Jw4V/s7J5kMIi/I7oNlDAfdnmxwXF4L7Mg1z35EfTnwJ6jDyRKmo1/ATgIiMe/P6jZ5FYZ15w89UujjYK8cQQKBgQDxwTykK/tme0m+0xgdXUuGyXKLDE4v/t7h8taeXWA5j6mEJ/oYaB/RLyuPhgqeq4eJGwdG/Fq+ABtVr4CPdynu7tZxp+TKFoXJDyq0imogug2KxjSIvfZb5SHUQi64SAF7wDCaN9eSZKlmWYbg2VdGunJ84SUJCDjLDeRAEs3pnwKBgQCxFDzCzfgtDwZmJn/JgPGWA1H9s6bhEsoATLNml8QpIxwKktiwQQhDkmNokc/pyqkqa95114OPCsc6DLblUap4gMzZTes1eNrOZkDezJeUgBbBBwbs188BuQZrhya1C9m35mH8eMSzWO9fVeCdas+YZEc95TCNx6CneyKC0juCIQKBgQCtp8TLmNxJTR43+KJF1ZI/C80/nGM9jrLDUxBfSWupbUyzJZQ8m+7e8Cc2PW67czM0hTnA/9yexqzb6+lJJKv2eZGIqrVphKwtNLvUW+jIAV1g5ecuomWotPqL4c51iSOnpPJElQBApBYa8wwzz2sl3yAGHCPiTQmesifW7qsCuQKBgQCu6BtgG4wADbA3Y92izj9R+nOZEUNLW4C1LQ2iz1NNgsVm2Ec6SPH9tHGGT0g7WBchtKxmX3ot5uqENxzMg47LOgWcuq8SAQ63Ah8fMpyibKaNAQDhHgT1YamqujMMbukdEW1FsJAxyi2eUDftpRvqHVqVE3WTBVR1OVYMO9XVoQKBgQCo7Rcjh5bzsAVB44iMSuHps7CWREWSnJ0Z5I6fLgXw52Z0BbgXKVMIi62G2mtOiG3Z5hzST+37CrlvIXwBQSEGXyE/WkHrlEuYW033C6bivAjmfmi4FH3GVmCHZLrhVvPi5IyC36HzUTE4FJ4wqDyj/ayoeTGdeJ0D82iKLT955w==

测试环境商户公钥【reqid 631000000000247】

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzm3Z4Bky4becJZN6xq0q4s5rSrmxOg6MMS9brB8EbCefixFRDqLsTpIHIzsCNCSmUR0XeXcY594T14UMn0FbzyUBr0OPbb/ufy8tJ9ISE7GrIdkKgZFXDWM4WPw1U/92fsuhbDIhpeozBIOocd7r3t5jz5ccXkEJAek6cWKucx//knLvaKs8s4bn7OOW9ioFSf9zy4SnAP1BCCuNAg2vl6mwVuiJ+xJkf4l/VQYVY6xYyVT0KZgiGM+yelAGVK8xrYnvWDCILSv9y/i/kFmbHd8qD89Pe6e7wcI1SZQmoj3vb81OoMdbAkQhYjH9iju38IDJZJKe55C4PWmQtLbfwIDAQAB

生产环境商户公钥

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKR8izaCvixUREgvzZSNmo6mLLa83AuGs53YNUgNXGNXiIJEi4mhfQg5MPcNVj91DrjbUXeWsGUAZOfnbCOJ+cw6ocpp8om6Q1hqp4C+W4sNT+y5xCU9yaLjBTdaecku2Dzvt22KlrFzMgAoI0gPPLNwXVojbam2VxO5vAnMLas2nRmsLau6FCmPZ9kbDPLmPXW0l8eeC34VhisxIOzfqgInrrZkim8fjEs5IleKnkbfnxuBkUP8x9aTNFSFtBKDLHKrbzAXa/Ce8J1+CN3q/D0ZGfhHc3ItTX8uaBNh2XZV+7Ig1u8kcO7k6J5WfhUZirzEh9p9k9G7koX2EylK1QIDAQAB

3.4.验签数据

商户/代理方用以验证返回的报文是否合法。

值为空字符不参与签名

对返回报文中的返回头rspHeader和返回体rspBody，按照名称的ASCII码从小到大先分别进行排序（注：如有空格不能TRIM），如果名称的首字母相同，则比较第二个字母，以此类推。将排序后的rspBody计算Md5(hex转大写)，再将排序后的请求头rspHeader和请求体rspBody计算得到的Md5值进行拼接，拼接后的字符串，返回报文中rspSign签名，使用RSA公钥验签（公钥由易生提供，密钥位数为2048（SHA256WITHRSA）位【其他算法使用其他算法的密钥和加密方式】，计算签名是否正确用以确认易生签发的报文数据。

rspBody排序后

{"transSequence":"2023120100000800"}

MD5计算排序后的rspBody 并转成大写
00552628F4B6E43A6F481A60BB88AB34

排序后rspHeader:

{"rspCode":"000000","rspInfo":"成功","transCode":"0001"}

待验签内容为[verfyString]

{"rspCode":"000000","rspInfo":"成功","transCode":"0001"}00552628F4B6E43A6F481A60BB88AB34

rspHeader对象排序后的jsonString + MD5(rspBody排序后的verfyString).toUpperCase()

签名信息

qSIdJLmrrgdBIBScM3MrbCPwZQBdTtDXwwtUgY2KwMxG3aOSrkPYOeEZfiEplUv0iezkS7Nxg61MVUS80gYnvkpudncdYfx2onKSEhM+uhHtN7OuhFlb+9WMtzJKHX/sOwSx3y8hnsY3S608Ot5CFU4NgR1MnU7uWoRCEWbH9QbF2P/ukR0IKHNYvngv4VERAYOkiozorO4rkdoc5iILatA+NgoMevy6ftTZt8v0pTr7ONS3okdFIuR0Tu8M7GupdHXkXG7KVPYkoh5WTM6msVPILw5FHjff6bKBowSxbpfqDO8HLxADKeru1FGxRYJTowjk9zDpoJzHYKP+UFCP9g==

易生提供的RSA公钥对VerfyString进行验签

易生测试公钥

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgVerkGaSEQvZIOpLjeUoVpL0lSYLc04+txtPFtfm5r5XFbaNaf5Ahu0lziGEwWzrGONThSsnb3U9pqoY6BpqviN4h+Guw5oEdHr1T/eDkQD5urgQUaZA6lDoU9XC662r+0kpbKidvXIsK2CrShN+BF8HEJmRZuhglxh25OHWIWqQiUDjLZC+QJRZqUu9Uzy9RBBu7qa0f0xbqYl3hnYi+vH++SsyOavO2gUVQyKU5Kkt5ZJVpZFQvD3BXePgwJSpsvrjhj0hiYp2v6PScN9XHP1vXB4wtIYSFYwmVus1KkV/LfDzUm6zHjliHYTVl6lPMhveIVJlRIqInRZRHxg5QIDAQAB

验签结果
true

得到请求报文

{
    "rspHeader": {
        "rspCode": "000000",
        "rspInfo": "成功",
        "transCode": "0001"
    },
    "rspBody": {
        "transSequence": "2023120100000800"
    },
    "rspSign": "qSIdJLmrrgdBIBScM3MrbCPwZQBdTtDXwwtUgY2KwMxG3aOSrkPYOeEZfiEplUv0iezkS7Nxg61MVUS80gYnvkpudncdYfx2onKSEhM+uhHtN7OuhFlb+9WMtzJKHX/sOwSx3y8hnsY3S608Ot5CFU4NgR1MnU7uWoRCEWbH9QbF2P/ukR0IKHNYvngv4VERAYOkiozorO4rkdoc5iILatA+NgoMevy6ftTZt8v0pTr7ONS3okdFIuR0Tu8M7GupdHXkXG7KVPYkoh5WTM6msVPILw5FHjff6bKBowSxbpfqDO8HLxADKeru1FGxRYJTowjk9zDpoJzHYKP+UFCP9g==",
    "signType": "RSA2",
    "time": "2023-12-01 22:19:43"
}

3. 签名验签

3.1.双向认证

3.2 增加签名方式

3.2.多证书

3.3.签名数据

3.4.验签数据

3.5示例代码【RSA为例】

3. 签名验签

3.1.双向认证#

3.2 增加签名方式#

3.2.多证书#

3.3.签名数据#

3.4.验签数据#

3.5示例代码【RSA为例】#

3.1.双向认证

3.2 增加签名方式

3.2.多证书

3.3.签名数据

3.4.验签数据

3.5示例代码【RSA为例】