2.3.1.双向认证

商户、合作方与易生支付交易报文双向认证。

商户、合作方保存自己的私钥证书和易生支付公钥证书。

易生支付保存自己的私钥证书和商户、合作方的公钥证书。

商户、合作方向易生支付发起交易请求时，商户、合作方使用自己的私钥签名。

易生支付接收商户、合作交易请求时，易生支付使用商户、合作方公钥进行验签。

易生支付返回商户、合作方应答时，易生支付使用自己的私钥签名。

商户、合作方接收易生支付交易应答时，商户、合作方使用易生支付的公钥验签

2.3.2 多证书

支持多证书，多证书时交易报文上送证书号certificateId。

2.3.3 签名数据

易生用来验证发送上来的商户数据是否合法。

值为空字符不参与签名

对报文中的请求头reqHeader和请求体reqBody，按照名称的ASCII码从小到大先分别进行排序，如果名称的首字母相同，则比较第二个字母，以此类推。将排序后的reqBody计算Md5(hex转大写)，再将排序后的请求头reqHeader和请求体reqBody计算得到的Md5值进行拼接，拼接后的字符串使用RSA2私钥签名（公私钥由商户自己生成，密钥位数为2048（SHA256WITHRSA）位【其他算法使用其他算法的密钥和加密方式】，私钥商户自己保存，公钥提供给易生验签，私钥见5.5），得到签名串reqSign。

原报文--待加签的内容

{
  "reqHeader": {
    "transTime": "20240313171220",
    "certificateId": "4032069546",
    "transCode": "0001",
    "reqId": "631000000000247"
  },
  "reqBody": {
    "orderNo": "20240313171220",
    "termId": "00000001",
    "mchtCd": "W00000000007321",
    "reqPayType": "00",
    "printInfo": "示例打印信息",
    "orderInfo": "示例订单信息",
    "transAmt": "100000",
    "attach": "示例附件信息",
    "recOprId": "9089877",
    "cashRegisterNum": "0",
    "notifyUrl": "https://mtest.eycard.cn/misNotify/misPayStateNotify"
  }
}

reqBody进行ASCII排序后

{
    "attach": "示例附件信息",
    "cashRegisterNum": "0",
    "mchtCd": "W00000000007321",
    "notifyUrl": "https://mtest.eycard.cn/misNotify/misPayStateNotify",
    "orderInfo": "示例订单信息",
    "orderNo": "20240313171220",
    "printInfo": "示例打印信息",
    "recOprId": "9089877",
    "reqPayType": "00",
    "termId": "00000001",
    "transAmt": "100000"
}

reqBody字符串压缩

{"attach":"示例附件信息","cashRegisterNum":"0","mchtCd":"W00000000007321","notifyUrl":"https://mtest.eycard.cn/misNotify/misPayStateNotify","orderInfo":"示例订单信息","orderNo":"20240313171220","printInfo":"示例打印信息","recOprId":"9089877","reqPayType":"00","termId":"00000001","transAmt":"100000"}

对压缩字符串进行MD5 并转成大写
F0C4F8B7FDD44A5F3742E53D22FC21CE

排序后reqHeader:

{
    "certificateId": "4032069546",
    "reqId": "631000000000247",
    "transCode": "0001",
    "transTime": "20240313171220"
}

待签名内容为[signString]

{"certificateId":"4032069546","reqId":"631000000000247","transCode":"0001","transTime":"20240313171220"}F0C4F8B7FDD44A5F3742E53D22FC21CE

reqHeader对象排序后的jsonString + MD5(reqBody排序后的signString).toUpperCase()

RSA私钥加密JsonString得到签名值reqSign：

bdA+WTYyQe1Le35mivhcXHfD0Hf1Y2XqAg9FfkgW0UHG/eKXx3wjBJ9G+Rrx5UdQeQdW3GRwOWOQHj8e9Wwj1InI+BbtfA1I768ikT8waeG2S5jNZ5ERqIuG2etfBTI6mGRecm1aBaGia2T1j2eMxUOjnpS3gGKL79yxbdeu447dEqCGw/ywsTLV/fPj1KMMrMg67G+QCn05ghv1KmQHv1194uHD/bE+j/ojmw13nxCQzNbsqMlPn5UamO+YLZ1hCbc5kuLnKnSbh0foC7Cpmp0LpLTtTXs1MsrzU7ATgbVXLSbk/TUc3lIOZsHqJ6eCSbQQ8KHFHvVP6mx6+l0ftw==

得到请求报文

{
  "reqHeader": {
    "transTime": "20240313171220",
    "certificateId": "4032069546",
    "transCode": "0001",
    "reqId": "631000000000247"
  },
  "reqBody": {
    "orderNo": "20240313171220",
    "termId": "00000001",
    "mchtCd": "W00000000007321",
    "reqPayType": "00",
    "printInfo": "示例打印信息",
    "orderInfo": "示例订单信息",
    "transAmt": "100000",
    "attach": "示例附件信息",
    "recOprId": "9089877",
    "cashRegisterNum": "0",
    "notifyUrl": "https://mtest.eycard.cn/misNotify/misPayStateNotify"
  },
  "reqSign": "bdA+WTYyQe1Le35mivhcXHfD0Hf1Y2XqAg9FfkgW0UHG/eKXx3wjBJ9G+Rrx5UdQeQdW3GRwOWOQHj8e9Wwj1InI+BbtfA1I768ikT8waeG2S5jNZ5ERqIuG2etfBTI6mGRecm1aBaGia2T1j2eMxUOjnpS3gGKL79yxbdeu447dEqCGw/ywsTLV/fPj1KMMrMg67G+QCn05ghv1KmQHv1194uHD/bE+j/ojmw13nxCQzNbsqMlPn5UamO+YLZ1hCbc5kuLnKnSbh0foC7Cpmp0LpLTtTXs1MsrzU7ATgbVXLSbk/TUc3lIOZsHqJ6eCSbQQ8KHFHvVP6mx6+l0ftw=="
}

测试环境商户私钥【reqid 631000000000247】

MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCnObdngGTLht5wlk3rGrSrizmtKubE6DowxL1usHwRsJ5+LEVEOouxOkgcjOwI0JKZRHRd5dxjn3hPXhQyfQVvPJQGvQ49tv+5/Ly0n0hITsash2QqBkVcNYzhY/DVT/3Z+y6FsMiGl6jMEg6hx3uve3mPPlxxeQQkB6TpxYq5zH/+Scu9oqzyzhufs45b2KgVJ/3PLhKcA/UEIK40CDa+XqbBW6In7EmR/iX9VBhVjrFjJVPQpmCIYz7J6UAZUrzGtie9YMIgtK/3L+L+QWZsd3yoPz097p7vBwjVJlCaiPe9vzU6gx1sCRCFiMf2KO7fwgMlkkp7nkLg9aZC0tt/AgMBAAECggEAV2fcjDXY+WSqObDmUz+nNY7U+8VTz5IOcFU1KnkGsHxfq1Vacxoiz+TFsl6aNNVH+uKD7FxsAIpm6R0kc2tTftvsB0Wj/u/65GzM+Z/TuS+rupwd57VVZaf71gdV5zkjV19p5qkLdwYoTVoW2cqZxJRGam/PA+ScHHT+Zs5A/3GgfWfHc1y/bBWC6TnFJus5NwH9OpKyUm3d9nFFT0DoIZPIsgmvnQnTDSs/kxUh9T98pDV8pu2w+kVbuk23FoCh/Jw4V/s7J5kMIi/I7oNlDAfdnmxwXF4L7Mg1z35EfTnwJ6jDyRKmo1/ATgIiMe/P6jZ5FYZ15w89UujjYK8cQQKBgQDxwTykK/tme0m+0xgdXUuGyXKLDE4v/t7h8taeXWA5j6mEJ/oYaB/RLyuPhgqeq4eJGwdG/Fq+ABtVr4CPdynu7tZxp+TKFoXJDyq0imogug2KxjSIvfZb5SHUQi64SAF7wDCaN9eSZKlmWYbg2VdGunJ84SUJCDjLDeRAEs3pnwKBgQCxFDzCzfgtDwZmJn/JgPGWA1H9s6bhEsoATLNml8QpIxwKktiwQQhDkmNokc/pyqkqa95114OPCsc6DLblUap4gMzZTes1eNrOZkDezJeUgBbBBwbs188BuQZrhya1C9m35mH8eMSzWO9fVeCdas+YZEc95TCNx6CneyKC0juCIQKBgQCtp8TLmNxJTR43+KJF1ZI/C80/nGM9jrLDUxBfSWupbUyzJZQ8m+7e8Cc2PW67czM0hTnA/9yexqzb6+lJJKv2eZGIqrVphKwtNLvUW+jIAV1g5ecuomWotPqL4c51iSOnpPJElQBApBYa8wwzz2sl3yAGHCPiTQmesifW7qsCuQKBgQCu6BtgG4wADbA3Y92izj9R+nOZEUNLW4C1LQ2iz1NNgsVm2Ec6SPH9tHGGT0g7WBchtKxmX3ot5uqENxzMg47LOgWcuq8SAQ63Ah8fMpyibKaNAQDhHgT1YamqujMMbukdEW1FsJAxyi2eUDftpRvqHVqVE3WTBVR1OVYMO9XVoQKBgQCo7Rcjh5bzsAVB44iMSuHps7CWREWSnJ0Z5I6fLgXw52Z0BbgXKVMIi62G2mtOiG3Z5hzST+37CrlvIXwBQSEGXyE/WkHrlEuYW033C6bivAjmfmi4FH3GVmCHZLrhVvPi5IyC36HzUTE4FJ4wqDyj/ayoeTGdeJ0D82iKLT955w==

测试环境商户公钥【reqid 631000000000247】

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzm3Z4Bky4becJZN6xq0q4s5rSrmxOg6MMS9brB8EbCefixFRDqLsTpIHIzsCNCSmUR0XeXcY594T14UMn0FbzyUBr0OPbb/ufy8tJ9ISE7GrIdkKgZFXDWM4WPw1U/92fsuhbDIhpeozBIOocd7r3t5jz5ccXkEJAek6cWKucx//knLvaKs8s4bn7OOW9ioFSf9zy4SnAP1BCCuNAg2vl6mwVuiJ+xJkf4l/VQYVY6xYyVT0KZgiGM+yelAGVK8xrYnvWDCILSv9y/i/kFmbHd8qD89Pe6e7wcI1SZQmoj3vb81OoMdbAkQhYjH9iju38IDJZJKe55C4PWmQtLbfwIDAQAB

2.3.4 验签数据

商户/代理方用以验证返回的报文是否合法。

值为空字符不参与签名

对返回报文中的返回头rspHeader和返回体rspBody，按照名称的ASCII码从小到大先分别进行排序，如果名称的首字母相同，则比较第二个字母，以此类推。将排序后的rspBody计算Md5(hex转大写)，再将排序后的请求头rspHeader和请求体rspBody计算得到的Md5值进行拼接，拼接后的字符串，返回报文中rspSign签名，使用RSA公钥验签（公钥由易生提供，密钥位数为2048（SHA256WITHRSA）位【其他算法使用其他算法的密钥和加密方式】，计算签名是否正确用以确认易生签发的报文数据。

注意

若rspBody没有返回则算MD5的时候用 {}

rspBody排序后

{"orderNo":"20240524162916","transSequence":"2024052404265933"}

MD5计算排序后的rspBody 并转成大写
121E9DF4157A519349A718EC72A7C477

排序后rspHeader:

{"easyPayCertificateId":"00000000","rspCode":"000000","rspInfo":"成功","transCode":"0001"}

待验签内容为[verfyString]

{"easyPayCertificateId":"00000000","rspCode":"000000","rspInfo":"成功","transCode":"0001"}121E9DF4157A519349A718EC72A7C477

rspHeader对象排序后的jsonString + MD5(rspBody排序后的verfyString).toUpperCase()

签名信息

OR6IIlx4d/ozOkXde9K4oQM7rMyNXWmxOBMa6w/CGSW/uNzfRRcusMax8p1tkS2SJRjwPj5pDaRSPacNvu8qVSvEjU829qO5rKStFtzneW9JvGlsO+G4ftO0SbGdC2mvtuk/drvM4MJwFdqsttR6w5Cr+TMaD71GTVzq0/+qMFDJlbNMxYvC1EeYAFMQirZ55jVK+KhREsZ6LI4o7WGbC7+AljsUAoZ1+cQ/gIKfwLBJhu/yofxhE/idf5x6bt5omnHf9PDIIadLUXdjfspPlKOUVsZ23MoRz94WSAHPEsHDXv+ImQP+jYjBEI6BWuSZ1XYrp1b2wAe0bmY5aI/PXg==

易生提供的RSA公钥对VerfyString进行验签

测试环境易生支付公钥

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgVerkGaSEQvZIOpLjeUoVpL0lSYLc04+txtPFtfm5r5XFbaNaf5Ahu0lziGEwWzrGONThSsnb3U9pqoY6BpqviN4h+Guw5oEdHr1T/eDkQD5urgQUaZA6lDoU9XC662r+0kpbKidvXIsK2CrShN+BF8HEJmRZuhglxh25OHWIWqQiUDjLZC+QJRZqUu9Uzy9RBBu7qa0f0xbqYl3hnYi+vH++SsyOavO2gUVQyKU5Kkt5ZJVpZFQvD3BXePgwJSpsvrjhj0hiYp2v6PScN9XHP1vXB4wtIYSFYwmVus1KkV/LfDzUm6zHjliHYTVl6lPMhveIVJlRIqInRZRHxg5QIDAQAB

生产环境易生支付公钥【易生支付通用】

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLLVY70e67BcK4V08P+69dfBeMmMYDopf3HF9G6meqPTVxyGYlEb0XwT0UA6g8t2HzG8FaKgTFKgOvhr+EFbBcF+AYdrgFYZSjR4hWBkWiOyKC66wQ7kQhYzC4kwetcDp5TftJfSivbAC1Lm8/Gf2+ZpaDuHDPjLCFS2gQYI5dqwIDAQAB

验签结果
true

得到请求报文

{
    "rspHeader": {
        "rspCode": "000000",
        "rspInfo": "成功",
        "transCode": "0001"
    },
    "rspBody": {
        "transSequence": "2023120100000800"
    },
    "rspSign": "qSIdJLmrrgdBIBScM3MrbCPwZQBdTtDXwwtUgY2KwMxG3aOSrkPYOeEZfiEplUv0iezkS7Nxg61MVUS80gYnvkpudncdYfx2onKSEhM+uhHtN7OuhFlb+9WMtzJKHX/sOwSx3y8hnsY3S608Ot5CFU4NgR1MnU7uWoRCEWbH9QbF2P/ukR0IKHNYvngv4VERAYOkiozorO4rkdoc5iILatA+NgoMevy6ftTZt8v0pTr7ONS3okdFIuR0Tu8M7GupdHXkXG7KVPYkoh5WTM6msVPILw5FHjff6bKBowSxbpfqDO8HLxADKeru1FGxRYJTowjk9zDpoJzHYKP+UFCP9g==",
    "signType": "RSA2",
    "time": "2023-12-01 22:19:43"
}

2.3 签名验签

2.3.1.双向认证

2.3.2 多证书

2.3.3 签名数据

2.3.4 验签数据

2.3.5 示例代码【RSA为例】

2.3 签名验签

2.3.1.双向认证#

2.3.2 多证书#

2.3.3 签名数据#

2.3.4 验签数据#

2.3.5 示例代码【RSA为例】#

2.3.1.双向认证

2.3.2 多证书

2.3.3 签名数据

2.3.4 验签数据

2.3.5 示例代码【RSA为例】