2.2.1.双向认证

商户、合作方与易生支付交易报文双向认证。

商户、合作方保存自己的私钥证书和易生支付公钥证书。

易生支付保存自己的私钥证书和商户、合作方的公钥证书。

商户、合作方向易生支付发起交易请求时，商户、合作方使用自己的私钥签名。

易生支付接收商户、合作交易请求时，易生支付使用商户、合作方公钥进行验签。

易生支付返回商户、合作方应答时，易生支付使用自己的私钥签名。

商户、合作方接收易生支付交易应答时，商户、合作方使用易生支付的公钥验签

2.2.2 多证书

支持多证书，多证书时交易报文上送证书号certificateId。

2.2.3 秘钥信息

联调环境商户rsa2签名私钥

MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCc1mku1mtfTc1vZM9z3TkRMZ9SaKP+6MdoQhjDHB9vJUOuG2Jnegej4gtzcm8MVYomV1azJMtCbPq4PN9aHegH13JthvrUPR3nAKp8AUp9Fh47ded//snNyAf7C7o8xKN5e7n89ROwacCAL2QDno76ngXzQQVj1TxY9pBdekZ03ezuDk1sv/u4FBlW8kRyaVdqyl4FdvP+EEljDe8gGxRikLyb3cK1B6G7w2BXgM/svft5SOoiqStx2XvgHRrFRB5w96TdoKNH9yxHU2clMJiz+5cej1VL6OHZspuY3cnPyJtyS+weYjDT+COLLBUe9UwbOV15DXDNpBLd34W4GiqtAgMBAAECggEAYaVwmVOwSAblp7wJGScb16OggStbJ2MAe93jEt7Yh1eZGrY7/xbP2O3smTUfBHvhZlusRB7dWf8F3l0v5iiGhRNTT/PhCPEARAl7G3emS9jQe869kkgslq06ose7bQg0i3dH5cEkQAqnameXClXWyRxHshrCY1SonO7uFPUDFtD2Z9GHu6dOWkOHfX7UETHV5/NTSqvner5M2YNsV/5To87zrmaeeNyvu91JgJSYofTD8IcMyhxcswxB9F3ECP7nulLDdCV+9mvE9zO0i4mPBxYb++87J0pu35TN9OY+gpiCK3Ed0gDqvvkTiCQEFu6y7OiqsQwy03CE5hAwWZR2YQKBgQDdb6e7+FWJSr9fIknfvZPPtKmbEkMHP1RYnVo3pmuVm14Z3UmostiSBRPMfVjeOX0N82SONM9P+1v9SDgSK3pL8rlk9Hx6D5KI7uj2IMtTVt00pO31KtxDLmXfgapDbWHK1RGEn1PDrnKYy5yOKJ8n0Wgp4lVEPIBN6uIud0A9iQKBgQC1UXdhEXFETyqEYWb9OnWbBjiVIw3D2/qW5c+WQGsHYdMEImC/0oTWIH9fKd4Azf26JjZ9nQvs5VcijJP6BXbGPqir5NgGVkwCj33PoNg4dDgIVE4BYaSp//7B6jCi5QiRTzCSOmUSkZ5L1Kz4SNEDe9r0MpLhxrsAzmR9aEJ/BQKBgHI71Ks63F2cSwd39+ZNtYA0cj7Gd/+4IvooCs+kseGXKj9rkkFOKj2CEwmuLHdP7vyQcHKQOdbIFFegtxRgi5G8oPm8yq5pdC3iGhpHJr1SlYFACGYu+zxJJlLcYIqyVf2+V3A0hZDwYLwEZjpMKHbxJ6xbz6MJFyObJZ3U9TYJAoGANXoGjJF5Z501u/+CQZN5VjSagZnqGGcL3G+BLx5msrGua9y7zjeHyCOjjWyqtnAKsllM3vVvq/nkHiN6DVaJNmUKmFARSqUvG944TAFzZAsa75H1w8CJsT34ZDbvC0wjn7/MYoRohPZ/ynu6XCwVwUJJTJaR7ZcQVmeJCdezLQUCgYEAszix6V9oL80Clb1nMwIly6I78+pcFKyk82yXxvySb6XPJvgoasbz9xYIeKlPyy6r8Aj/ujz5GVtDtkE6n6bsjekCdnUKUY3uTvFAX+YGQkuZnaPoisELJFI2Hal22tNnJyCOYh//AGAiHYpHNUKD4hsKBb45MhK1xwvTHpuLkdc=

联调环境对易生响应报文/异步通知验签公钥

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgVerkGaSEQvZIOpLjeUoVpL0lSYLc04+txtPFtfm5r5XFbaNaf5Ahu0lziGEwWzrGONThSsnb3U9pqoY6BpqviN4h+Guw5oEdHr1T/eDkQD5urgQUaZA6lDoU9XC662r+0kpbKidvXIsK2CrShN+BF8HEJmRZuhglxh25OHWIWqQiUDjLZC+QJRZqUu9Uzy9RBBu7qa0f0xbqYl3hnYi+vH++SsyOavO2gUVQyKU5Kkt5ZJVpZFQvD3BXePgwJSpsvrjhj0hiYp2v6PScN9XHP1vXB4wtIYSFYwmVus1KkV/LfDzUm6zHjliHYTVl6lPMhveIVJlRIqInRZRHxg5QIDAQAB

2.2.4 签名

对报文中的请求头reqHeader和请求体reqBody，按照名称的ASCII码从小到大先分别进行排序，如果名称的首字母相同，则比较第二个字母，以此类推。

将排序后的reqBody计算Md5(hex转大写)，再将排序后的请求头reqHeader和请求体reqBody计算得到的Md5值进行拼接，拼接后的字符串使用RSA2私钥签名（公私钥由商户自己生成，密钥位数为2048（SHA256WITHRSA）位【其他算法使用其他算法的密钥和加密方式】，私钥商户自己保存，公钥提供给易生验签，私钥见5.5），得到签名串reqSign。

请求报文--待加签的内容

{
    "reqHeader":
    {
        "transTime": "20241212100850",
        "reqId": "531000023045074"
    },
    "reqSign": "jCj+qYLEE85axEkGwxzagXVFE/W3e3fR5XfqBqyeRgL3lzRpA5nO/gO6vioj+CHigtCAFvMIqHRwgBEkdhQB8Xni8APZuBjQ3HPG4dkcBPk6RWxfJR6WhBlDj27gamDhaRXj7P+JP0DBF1CtRRnxwUkwCRjk0NydQ7VP5n7O2ztPq3YgyU8mLSDTtDKPNE0C0Y57WeefeINKZAKij1dUzq0c1a6h2ExpshUfwYbRoc43Bo6Pqn+5MkAmbMUJOEWKN9u6F+SGRBNU7zAyiUZE+0QXUkdPg0IdhzU1CUgCF36+cEwfIDVA8KMh6QcaYcoX60I4AXVX7gV2rVbLp6A7kw==",
    "reqBody":
    {
        "reqInfo":
        {
            "mchtCode": "531000023045074"
        },
        "settleParamInfo":
        {
            "delaySettleFlag": "0",
            "splitSettleFlag": "0",
            "patnerSettleFlag": "0"
        },
        "reqOrderInfo":
        {
            "orgTrace": "123456789020241212100848",
            "transAmount": 10,
            "returnRate": false,
            "authCode": "281304752640286116",
            "orderSub": "jkkkkkkkkkkkkk",
            "backUrl": "http://106.14.187.117:8881/yqtNoSign/trade/selfNotice/backNotice",
            "orgInfo": "自定义信息"
        },
        "riskData":
        {
            "customerIp": "127.0.0.1",
            "terminalInfo":
            {
                "location": "+37.12/-121.213",
                "terminalIp": "192.168.2.1"
            }
        },
        "payInfo":
        {
            "payType": "AliPayScan",
            "transDate": "20241212"
        }
    }
}

步骤1: ASCII排序(reqHeader)

{"reqId":"531000023045074","transTime":"20241212100850"}

步骤2: ASCII排序(reqBody)

{"payInfo":{"payType":"AliPayScan","transDate":"20241212"},"reqInfo":{"mchtCode":"531000023045074"},"reqOrderInfo":{"authCode":"281304752640286116","backUrl":"http://106.14.187.117:8881/yqtNoSign/trade/selfNotice/backNotice","orderSub":"jkkkkkkkkkkkkk","orgInfo":"自定义信息","orgTrace":"123456789020241212100848","returnRate":false,"transAmount":10},"riskData":{"customerIp":"127.0.0.1","terminalInfo":{"location":"+37.12/-121.213","terminalIp":"192.168.2.1"}},"settleParamInfo":{"delaySettleFlag":"0","patnerSettleFlag":"0","splitSettleFlag":"0"}}

步骤3: 对排序后的reqBody MD5加密

D0F4B5775B53EFA9275B8F6D54463F40

步骤4: 待签名字段（排序后的reqHeader + MD5）

{"reqId":"531000023045074","transTime":"20241212100850"}D0F4B5775B53EFA9275B8F6D54463F40

签名结果reqSign=RSA(待签名字段, 商户RSA私钥)

jCj+qYLEE85axEkGwxzagXVFE/W3e3fR5XfqBqyeRgL3lzRpA5nO/gO6vioj+CHigtCAFvMIqHRwgBEkdhQB8Xni8APZuBjQ3HPG4dkcBPk6RWxfJR6WhBlDj27gamDhaRXj7P+JP0DBF1CtRRnxwUkwCRjk0NydQ7VP5n7O2ztPq3YgyU8mLSDTtDKPNE0C0Y57WeefeINKZAKij1dUzq0c1a6h2ExpshUfwYbRoc43Bo6Pqn+5MkAmbMUJOEWKN9u6F+SGRBNU7zAyiUZE+0QXUkdPg0IdhzU1CUgCF36+cEwfIDVA8KMh6QcaYcoX60I4AXVX7gV2rVbLp6A7kw==

商户rsa私钥

MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCc1mku1mtfTc1vZM9z3TkRMZ9SaKP+6MdoQhjDHB9vJUOuG2Jnegej4gtzcm8MVYomV1azJMtCbPq4PN9aHegH13JthvrUPR3nAKp8AUp9Fh47ded//snNyAf7C7o8xKN5e7n89ROwacCAL2QDno76ngXzQQVj1TxY9pBdekZ03ezuDk1sv/u4FBlW8kRyaVdqyl4FdvP+EEljDe8gGxRikLyb3cK1B6G7w2BXgM/svft5SOoiqStx2XvgHRrFRB5w96TdoKNH9yxHU2clMJiz+5cej1VL6OHZspuY3cnPyJtyS+weYjDT+COLLBUe9UwbOV15DXDNpBLd34W4GiqtAgMBAAECggEAYaVwmVOwSAblp7wJGScb16OggStbJ2MAe93jEt7Yh1eZGrY7/xbP2O3smTUfBHvhZlusRB7dWf8F3l0v5iiGhRNTT/PhCPEARAl7G3emS9jQe869kkgslq06ose7bQg0i3dH5cEkQAqnameXClXWyRxHshrCY1SonO7uFPUDFtD2Z9GHu6dOWkOHfX7UETHV5/NTSqvner5M2YNsV/5To87zrmaeeNyvu91JgJSYofTD8IcMyhxcswxB9F3ECP7nulLDdCV+9mvE9zO0i4mPBxYb++87J0pu35TN9OY+gpiCK3Ed0gDqvvkTiCQEFu6y7OiqsQwy03CE5hAwWZR2YQKBgQDdb6e7+FWJSr9fIknfvZPPtKmbEkMHP1RYnVo3pmuVm14Z3UmostiSBRPMfVjeOX0N82SONM9P+1v9SDgSK3pL8rlk9Hx6D5KI7uj2IMtTVt00pO31KtxDLmXfgapDbWHK1RGEn1PDrnKYy5yOKJ8n0Wgp4lVEPIBN6uIud0A9iQKBgQC1UXdhEXFETyqEYWb9OnWbBjiVIw3D2/qW5c+WQGsHYdMEImC/0oTWIH9fKd4Azf26JjZ9nQvs5VcijJP6BXbGPqir5NgGVkwCj33PoNg4dDgIVE4BYaSp//7B6jCi5QiRTzCSOmUSkZ5L1Kz4SNEDe9r0MpLhxrsAzmR9aEJ/BQKBgHI71Ks63F2cSwd39+ZNtYA0cj7Gd/+4IvooCs+kseGXKj9rkkFOKj2CEwmuLHdP7vyQcHKQOdbIFFegtxRgi5G8oPm8yq5pdC3iGhpHJr1SlYFACGYu+zxJJlLcYIqyVf2+V3A0hZDwYLwEZjpMKHbxJ6xbz6MJFyObJZ3U9TYJAoGANXoGjJF5Z501u/+CQZN5VjSagZnqGGcL3G+BLx5msrGua9y7zjeHyCOjjWyqtnAKsllM3vVvq/nkHiN6DVaJNmUKmFARSqUvG944TAFzZAsa75H1w8CJsT34ZDbvC0wjn7/MYoRohPZ/ynu6XCwVwUJJTJaR7ZcQVmeJCdezLQUCgYEAszix6V9oL80Clb1nMwIly6I78+pcFKyk82yXxvySb6XPJvgoasbz9xYIeKlPyy6r8Aj/ujz5GVtDtkE6n6bsjekCdnUKUY3uTvFAX+YGQkuZnaPoisELJFI2Hal22tNnJyCOYh//AGAiHYpHNUKD4hsKBb45MhK1xwvTHpuLkdc=

2.2.5 验签

商户/代理方用以验证返回的报文是否合法。

值为空字符不参与签名

对返回报文中的返回头rspHeader和返回体rspBody，按照名称的ASCII码从小到大先分别进行排序，如果名称的首字母相同，则比较第二个字母，以此类推。将排序后的rspBody计算Md5(hex转大写)，再将排序后的请求头rspHeader和请求体rspBody计算得到的Md5值进行拼接，拼接后的字符串，返回报文中rspSign签名，使用RSA公钥验签（公钥由易生提供，密钥位数为2048（SHA256WITHRSA）位【其他算法使用其他算法的密钥和加密方式】，计算签名是否正确用以确认易生签发的报文数据。

注意

若rspBody没有返回则算MD5的时候用 {}

响应报文--待验签的内容

{
    "rspHeader":
    {
        "easyPayCertificateId": "00000000",
        "rspCode": "000000",
        "rspInfo": "SUCCESS"
    },
    "rspSign": "R5LaIM4SrFohez3kN/yx8UiZ/vrxWIkgMBDzhhf7plZT/nPMFNOIscj5FT2Rc72FMdmbDeLZUXzRFbl7OWYozfifkmxp3H5ki1h6o8sNkZu32kbsVOZq9cVg4zvH7hH2w19DU5nVWWDEgiDh+zn+uOkDmV8caEFAq/8uRlHOmMN7l0cscJIP1DATfPHALQQM6VaUEiaKpyJh+0FLc9ZoTCNudEbYJOSfc2QN0jcUY63tcxAneSjh3NErvtorF6oE3UQgK4osSGuZnn5vhskmEj/wszWF6FBGBWaklDICjtNsBxPzt6IIoMC/5tXOzf2/Yo1PwOyK3n57ySj5gV5rNg==",
    "rspBody":
    {
        "aliRespParamInfo":
        {},
        "respStateInfo":
        {
            "respDesc": "SUCCESS",
            "transStatusDesc": "支付中",
            "appendRetMsg": " order success pay inprocess",
            "appendRetCode": "10003",
            "transState": "9",
            "respCode": "000000"
        },
        "settleRespParamInfo":
        {
            "delaySettleFlag": "0",
            "splitSettleFlag": "0",
            "patnerSettleFlag": "0"
        },
        "respOrderInfo":
        {
            "orgTrace": "123456789020241212100848",
            "transAmount": 10,
            "outTrace": "9988622120401541947392",
            "productTrace": "YQ2024121210085011949"
        }
    }
}

rspHeader 排序

{"easyPayCertificateId":"00000000","rspCode":"000000","rspInfo":"SUCCESS"}

rspBody 排序:

{"aliRespParamInfo":{},"respOrderInfo":{"orgTrace":"123456789020241212100848","outTrace":"9988622120401541947392","productTrace":"YQ2024121210085011949","transAmount":10},"respStateInfo":{"appendRetCode":"10003","appendRetMsg":" order success pay inprocess","respCode":"000000","respDesc":"SUCCESS","transState":"9","transStatusDesc":"支付中"},"settleRespParamInfo":{"delaySettleFlag":"0","patnerSettleFlag":"0","splitSettleFlag":"0"}}

对排序后的 rspBody MD5加密：

5F66934CE6B409B0AAE1285485773D3A

待验签字段(排序后的rspHeader + MD5)

{"easyPayCertificateId":"00000000","rspCode":"000000","rspInfo":"SUCCESS"}5F66934CE6B409B0AAE1285485773D3A

取出 rspSign

R5LaIM4SrFohez3kN/yx8UiZ/vrxWIkgMBDzhhf7plZT/nPMFNOIscj5FT2Rc72FMdmbDeLZUXzRFbl7OWYozfifkmxp3H5ki1h6o8sNkZu32kbsVOZq9cVg4zvH7hH2w19DU5nVWWDEgiDh+zn+uOkDmV8caEFAq/8uRlHOmMN7l0cscJIP1DATfPHALQQM6VaUEiaKpyJh+0FLc9ZoTCNudEbYJOSfc2QN0jcUY63tcxAneSjh3NErvtorF6oE3UQgK4osSGuZnn5vhskmEj/wszWF6FBGBWaklDICjtNsBxPzt6IIoMC/5tXOzf2/Yo1PwOyK3n57ySj5gV5rNg==

验签 RSAUtils.verify（待验签字段，rspSign，易生公钥）

验签结果
ture

测试环境易生支付公钥

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgVerkGaSEQvZIOpLjeUoVpL0lSYLc04+txtPFtfm5r5XFbaNaf5Ahu0lziGEwWzrGONThSsnb3U9pqoY6BpqviN4h+Guw5oEdHr1T/eDkQD5urgQUaZA6lDoU9XC662r+0kpbKidvXIsK2CrShN+BF8HEJmRZuhglxh25OHWIWqQiUDjLZC+QJRZqUu9Uzy9RBBu7qa0f0xbqYl3hnYi+vH++SsyOavO2gUVQyKU5Kkt5ZJVpZFQvD3BXePgwJSpsvrjhj0hiYp2v6PScN9XHP1vXB4wtIYSFYwmVus1KkV/LfDzUm6zHjliHYTVl6lPMhveIVJlRIqInRZRHxg5QIDAQAB

生产环境易生支付公钥【易生支付通用】

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLLVY70e67BcK4V08P+69dfBeMmMYDopf3HF9G6meqPTVxyGYlEb0XwT0UA6g8t2HzG8FaKgTFKgOvhr+EFbBcF+AYdrgFYZSjR4hWBkWiOyKC66wQ7kQhYzC4kwetcDp5TftJfSivbAC1Lm8/Gf2+ZpaDuHDPjLCFS2gQYI5dqwIDAQAB

2.2 加签验签说明

2.2.1.双向认证

2.2.2 多证书

2.2.3 秘钥信息

2.2.4 签名

2.2.5 验签

2.2.6 示例代码【RSA为例】

2.2 加签验签说明

2.2.1.双向认证#

2.2.2 多证书#

2.2.3 秘钥信息#

2.2.4 签名#

2.2.5 验签#

2.2.6 示例代码【RSA为例】#

2.2.1.双向认证

2.2.2 多证书

2.2.3 秘钥信息

2.2.4 签名

2.2.5 验签

2.2.6 示例代码【RSA为例】