Signature and Signature Verification

The purpose of a signature is to generate a signature based on HMAC (Hash-based Message Authentication Code). This signature mechanism is used to verify the integrity and authenticity of information during transmission. When using HMAC for signing, a key and a message are combined to produce a fixed-length value through a hash algorithm. The key steps in this process can be described using the following general expressions:

Collecting Parameters: First, you need to gather all the parameters involved in the signing process. These parameters are typically in the form of key-value pairs, such as those in an API request.
Sorting: To ensure the consistency of the signature, the parameters must be sorted according to specific rules (usually in lexicographic order) during the signature generation process, regardless of their submission order.
Constructing the Signature String: The sorted parameters are concatenated in a specified format (e.g., key1=value1&key2=value2) to form a string. This string is the data to be signed.
Generating the Signature: Use the key and a hash algorithm (SHA-256) to perform HMAC on the data to be signed, resulting in the signature. It is crucial to ensure the security of the key, as only parties who know the key can verify the authenticity of the signature.
Outputting the Signature: Finally, the generated signature is typically encoded (e.g., in hexadecimal) for easier transmission and verification.
Submitting the Signature: Submit the fields OC-Key and OC-Signature in the headers, where OC-Key is the key to your secret, not the secret itself; OC-Signature is the computed signature.

HMAC is supported by almost all programming languages, including but not limited to Python, Java, and PHP. Each language has libraries or built-in functions for handling hashing and HMAC, and the key is to follow the steps above to correctly implement the algorithm logic.

Please contact the system administrator to obtain the key and do not expose the key in public.

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.*;

public class SignatureUtil {

    public static String computeHMAC(Map<String, String> params, String secret) throws NoSuchAlgorithmException, InvalidKeyException {
        List<String> keys = new ArrayList<>(params.keySet());
        Collections.sort(keys);

        // 构造查询字符串
        StringBuilder dataToSign = new StringBuilder();
        for (String key : keys) {
            if (dataToSign.length() > 0) {
                dataToSign.append("&");
            }
            dataToSign.append(key).append("=").append(params.get(key));
        }

        // HMAC-SHA256加密
        SecretKeySpec secretKeySpec = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(secretKeySpec);
        byte[] rawHmac = mac.doFinal(dataToSign.toString().getBytes());

        // 转换为十六进制字符串
        StringBuilder hexString = new StringBuilder();
        for (byte b : rawHmac) {
            hexString.append(String.format("%02x", b));
        }
        return hexString.toString();
    }
}

Gcash Supported Bank Code List

IDR Indonesia Supported Bank Codes

MAX Mexico Supported Bank Codes

THAI Thailand Supported Bank Codes

VN Vietnam Supported Bank Codes

Signature and Signature Verification