Although Alipay has not provided the related SDK, PHP can actually achieve RSA signature, which is actually very important. Because I'm not familiar with it, I often can't help but wonder if PHP doesn't support RSA signature, so I use MD5, so there is no motivation to move forward. In fact, to put it bluntly, the only difference between MD5 and RSA is the way of signing, and everything else is the same, so I will mainly talk about how to verify with RSA signature here.

First you need to prepare the following things:

Openssl extension of php encapsulates the method of signature verification.

If php.ini under Windows needs to open Openssl module: extension = PHP _ OpenSSL.dll.

Merchant private key:

That is to say, the RSA private key, according to the manual, is generated as follows:

OpenSSL gen RSA-out RSA _ private _ key . PEM 1024

Merchant public key:

That is to say, the RSA private key, according to the manual, is generated as follows:

OpenSSL RSA-in RSA _ private _ key . PEM-pub out-out RSA _ public _ key . PEM

After generation, according to the instructions in the manual, you need to upload the public key on the signature platform. It should be noted that all comments and line breaks need to be removed when uploading.

In addition, there are the following commands in the manual:

OpenSSL pkcs 8-top k8-inform PEM-in RSA _ private _ key . PEM-out form PEM-nocrypt

This command converts RSA private key into PKCS8 format, which is unnecessary for PHP.

Alipay public key:

According to the instructions, it was obtained on the signing platform.

If you copy directly, you will get a string, which requires the following conversion;

1) Turn spaces into line breaks.

2) Add comments

For example, the public key you copied is: migfma0gcsssqgsib3dqebaqua4ggnadcbiqkbgqdrbmjkabznjxk06ddsl751kyyt.

zpfg 0d 3 tu 7 jlqcacgql+lbshiaitdgexamzmka 3d V6 wxy+l 48 ymo 0 rys+dwze 4m

UmuxHU/V6 tit 0 ztx jn 3 ewrjctcyyttdv/rob 3c khexntkb 76 retk qqg 57 oww+m9j

TCoccYMDXEIWYTs3CwIDAQAB, converted to:

-Start public key-

MIG fma 0 gcsqgsib 3d qebaquaa 4 gnadcbicqkbgqdrbmjbznjxk 06 ddsl 75 1k yyt

zpfg 0d 3 tu 7 jlqcacgql+lbshiaitdgexamzmka 3d V6 wxy+l 48 ymo 0 rys+dwze 4m

UmuxHU/V6 tit 0 ztx jn 3 ewrjctcyyttdv/rob 3c khexntkb 76 retk qqg 57 oww+m9j

TCoccYMDXEIWYTs3CwIDAQAB

-End public key-

Save the public key in a file.

Note that this 2048-bit public key should be 9 lines or 10 line instead of 1 line, otherwise the openssl_pkey_get_public of PHP cannot be read, and the result of pub_key_id is false. If there is no start public key and end public key.

Well, now that we have everything, let's look at the signature function:

Copy code

1 & lt； ? Server-side programming language (abbreviation of professional hypertext preprocessor)

2 /**

3 * Signature string

4 * @param $prestr string to be signed

5 * Return the signature result.

6 */

7 function rsasig ($ prestr) {

8 $ public _ key = file _ get _ contents(' RSA _ private _ key . PEM ')；

9 $ pkeyid = OpenSSL _ get _ private key($ public _ key)；

10 openssl_sign($prestr，$sign，$ pkeyid)；

1 1 OpenSSL _ free _ key($ pkeyid)；

12 $ sign = base64 _ encode($ sign)；

13 returns the $ sign;

14 }

15 ? & gt

Copy code

note:

The contents of 1 $prestr is the same as MD5 (see the manual, but it does not contain the last MD5 password).

2. Merchant private key used for signature

3. The final signature needs to be coded with base64.

4. The value returned by this function is the RSA signature of this request.

Signing function:

Copy code

1 & lt； ? Server-side programming language (abbreviation of professional hypertext preprocessor)

2 /**

3 * Verify the signature

4 * @param $prestr string to be signed

5 * @param $sign signature result

6 * Return the signature result

7 */

8 function rsaVerify($prestr, $ sign) (

9 $ sign = base64 _ decode($ sign)；

10 $ public _ key = file _ get _ contents(' RSA _ public _ key . PEM ')；

1 1 $ pkeyid = OpenSSL _ get _ public key($ public _ key)；

12 if ($pkeyid) {

13 $ verify = OpenSSL _ verify($ prestr，$sign，$ pkeyid)；

14 OpenSSL _ free _ key($ pkeyid)；

15 }

16 if($verify == 1){

17 returns true.

18} Other {

19 returns false.

20 }

2 1 }

22 ? & gt

Copy code

note:

The contents of 1 $prestr is the same as MD5 (see manual).

2.$sign is the binary of the sign parameter returned by Alipay interface after being decoded by base64_decode.

3. Check the signature with Alipay public key.

4. This function returns a Boolean value, which directly tells you whether the check passed or not.

In the SDK demonstration provided by Alipay, only the MD5 encryption method is dealt with, while the encryption method required by android and ios can only use RSA encryption algorithm. At this point, the server PHP can't verify the signature, so you need to make some changes to the demo.

1. Modify Alipay _notify.class.php file.

Line 46 of the verifyNotify function

$ is sign = $ this-& gt； getSignVeryfy($_POST，$ _ POST[" sign "])；

change into

$ is sign = $ this-& gt； getSignVeryfy($_POST，$_POST["sign"]，$ _ POST[" sign _ type "])；

Line 83 of the verifyReturn function

$ is sign = $ this-& gt； getSignVeryfy($_GET，$ _ GET[" sign "])；

change into

$ is sign = $ this-& gt； getSignVeryfy($_GET，$_GET["sign"]，$ _ GET[" sign _ type "])；

GetSignVeryfy function 1 16 lines

Function getSignVeryfy($para_temp, $sign) {

change into

Function getSignVeryfy($para_temp, $sign, $sign_type) {

GetSignVeryfy function 127 line

Switch (strtop (trim ($ this->; AliPay _ config[' sign _ type '])){

Case "MD5":

$isSgin = md5Verify($prestr，$sign，$ this-& gt； Alipay _ Configuration ['key']);

Break;

Default value:

$ isSgin = false

}

change into

switch(strtoupper(trim($ sign _ type))){

Case "MD5":

$isSgin = md5Verify($prestr，$sign，$ this-& gt； Alipay _ Configuration ['key']);

Break;

Case "RSA":

$isSgin = rsaVerify($prestr，$ sign)；

Break;

Default value:

$ isSgin = false

}

2. Create a new Alipay _rsa.function.php file.

Copy code

1 & lt； ? Server-side programming language (abbreviation of professional hypertext preprocessor)

2 /* *

3 * RSA

4 * Details: RSA Encryption

5 * Version: 3.3

6 * Date: 20 14-02-20

7 * Description:

8 * The following code is only a sample code provided for the convenience of merchant testing. Merchants can write according to the needs of their own websites and technical documents, and it is not necessary to use this code.

9 * This code is only used for studying and researching Alipay interface, and is for reference only.

10 */

1 1 /**

12 * signature string

13 * @param $prestr string to be signed.

14 * returns the signature result.

15 */

16 function rsaSign($prestr) {

17 $ public _ key = file _ get _ contents(' RSA _ private _ key . PEM ')；

18 $ pkeyid = OpenSSL _ get _ private key($ public _ key)；

19 openssl_sign($prestr，$sign，$ pkeyid)；

20 OpenSSL _ free _ key($ pkeyid)；

2 1 $ sign = base64 _ encode($ sign)；

22 Return the $ symbol;

23 }

24 /**

25 * Verify signature

26 * @param $prestr string to be signed

27 * @param $sign signature result

28 * Return the signature result.

29 */

30 function rsaVerify($prestr, $ sign) (

3 1 $ sign = base64 _ decode($ sign)；

32 $ public _ key = file _ get _ contents(' RSA _ public _ key . PEM ')；

33 $ pkeyid = OpenSSL _ get _ public key($ public _ key)；

34 if ($pkeyid) {

35 $ verify = OpenSSL _ verify($ prestr，$sign，$ pkeyid)；

36 OpenSSL _ free _ key($ pkeyid)；

37 }

38 if($verify == 1){

39 returns true

40} Other {

4 1 returns false

42 }

43 }

44 ? & gt