Solution to Alipay signature verification failure under PHP5.3 version

In recent years, with the popularity of electronic payment, Alipay has become one of the indispensable payment tools in people's lives. In order to ensure the security of payment, when conducting Alipay transactions, the transaction information needs to be signed and verified to prevent the transaction information from being tampered with or forged. However, some users have recently reported that Alipay signature verification failures are common when using PHP5.3 version. So, how to solve this problem?

1. Problem Analysis

First of all, we need to make it clear that the MD5 algorithm before the PHP5.3 version is not rigorous enough for the processing of Chinese characters, and Chinese characters occupy a large area in transaction information. proportion, which leads to the problem of unsuccessful Alipay signature verification. This problem does not only exist in PHP version 5.3, but other older versions also have similar problems. In response to this problem, Alipay officially recommends using the new RSA algorithm for signature and verification.

2. Solution

Use the RSA algorithm for signature verification, which is more secure and reliable than the MD5 algorithm. The full name of RSA is "Rivest-Shamir-Adleman", which is an asymmetric encryption algorithm. The main steps of using RSA algorithm for signature verification are as follows:

1. Generate public and private keys

In PHP, you can use the openssl extension library to generate RSA public and private keys, code As follows:

$config = array(
  "digest_alg" => "sha256",
  "private_key_bits" => 1024,
  "private_key_type" => OPENSSL_KEYTYPE_RSA,
);
$res = openssl_pkey_new($config);
openssl_pkey_export($res, $private_key);
$public_key = openssl_pkey_get_details($res);
$public_key = $public_key["key"];

2. Sign the transaction information

$sign = '';
openssl_sign($data, $sign, $private_key, OPENSSL_ALGO_SHA256);
$sign = base64_encode($sign);

It should be noted that before signing, the transaction information needs to be processed, such as removing null values ​​and the value of the signature field. For specific processing methods, please refer to Alipay’s official documentation.

3. Verify the signature

The code for signature verification is as follows:

$result = false;
if (!empty($sign) && !empty($public_key)) {
  $sign = base64_decode($sign);
  $result = openssl_verify($data, $sign, $public_key, OPENSSL_ALGO_SHA256);
}

It should be noted that the correctness of the public key needs to be ensured when verifying the signature, which can be developed in Alipay The user center uploads and manages public keys.

3. Summary

The problem of Alipay signature verification failure under PHP5.3 version is mainly caused by the loose handling of Chinese characters by the MD5 algorithm. In order to solve this problem, Alipay officially recommends using the new RSA algorithm for signature and verification, and provides corresponding code examples. When conducting Alipay transactions, it is recommended to use the RSA algorithm in PHP code for signature and signature verification to ensure the security and reliability of transaction information.

The above is the detailed content of Solution to Alipay signature verification failure under PHP5.3 version. For more information, please follow other related articles on the PHP Chinese website!