Authentication
BiuLinkPay Signature Verification Technical Specification
Signature Generation Mechanism
The system employs HMAC-SHA512 algorithm to generate request signatures, ensuring the integrity and authenticity of transaction requests. The signature process strictly adheres to the following technical specifications:
Core Parameters
Encryption Algorithm: HMAC-SHA512
Character Encoding: UTF-8
Output Format: Uppercase hexadecimal string
Signature Generation Process
Data Preparation Phase:
Convert the content to be signed into UTF-8 encoded byte array
Obtain merchant security key (secretKey)
Encryption Processing Phase:
Initialize HMAC-SHA512 encryption instance
Generate encryption key using security key
Perform encryption operation on raw data
Format Conversion Phase:
Convert encrypted result byte array to hexadecimal string
Output is uniformly converted to uppercase
Key Technical Implementation Points
Encoding Standards:
Strictly use UTF-8 character encoding for string processing
Apply 0xFF mask during byte conversion to ensure unsigned conversion
Security Features:
Adopts 512-bit strong hash algorithm
Separate processing of keys and data
Tamper-proof design: Any parameter changes will invalidate the signature
Performance Optimization:
Uses static character array to improve hexadecimal conversion efficiency
Predefined encryption algorithm instances avoid repeated initialization
Important Notes
Key Management:
Security keys must remain strictly confidential
Regular key rotation recommended
Hardcoding keys in client-side code is prohibited
Signature Verification:
Server must use same algorithm and parameters to verify signatures
Recommended timestamp validity window: ±5 minutes
Random strings (nonce) must ensure uniqueness
Exception Handling:
Must handle invalid encoding exceptions
Clear exceptions should be thrown when encryption algorithm is unavailable
Null inputs should be properly intercepted
Sign Example For Java
Last updated